Thursday, July 24, 2008

What is China up to

I blogged on the Chinese cyber-attacks earlier.

One puzzling feature of the attacks is that they make no attempt to hide their tracks. The attacks come directly from the Chinese ministry of information. What is going on? Some possibilities:

  • The attackers are incompetent.
  • The attack is really coming from another source that compromised the computers in an attempt to frame China.
  • The Chinese are attempting to send a message.

I think that the last is the most likely. The attackers are certainly not incompetent, it is not likely the Chinese would not patch machines after vulnerabilities are detected. The question then is what the message is, some possibilities:

  • The warmongers in the Chinese military establishment would like to engage in a cyber-security arms race with the US and want to send a message to like minded warmongers in the US military establishment so that both can profit from the insecurity they create.
  • Retaliation for a US cyber-attack against Chinese infrastructure.
  • The Chinese cyber-security establishment is concerned that the deniability of cyber-attack coupled with the insecurity of the US information infrastructure is potentially highly destabilizing and want to force the US from an offensive posture to a defensive one.

The first possibility is not very likely. The Chinese military has no difficulty finding resources. The principal concern of the Communist party is internal security, they have no need to engage in an arms race with the US as they can cripple the US economy in half an hour by simply announcing that they no longer intend to buy US treasury bonds.

The second is entirely believable. If the Chinese suspect that they have been attacked by the US, retaliation is a matter of face. An anonymous attack would not meet the need to save face.

But the third possibility might be the most plausible.

No comments: