The Snooping Dragon

There’s been much interest today in a report that Shishir Nagaraja and I wrote on Chinese surveillance of the Tibetan movement. In September last year, Shishir spent some time cleaning out Chinese malware from the computers of the Dalai Lama’s private office in Dharamsala, and what we learned was somewhat disturbing.

Later, colleagues from the University of Toronto followed through by hacking into one of the control servers Shishir identified (something we couldn’t do here because of the Computer Misuse Act); their report relates how the attackers had controlled malware on hundreds of other PCs, many in government agencies of countries such as India, Vietnam and the Phillippines, but also in US firms such as AP and Deloittes.

The story broke today in the New York Times; see also coverage in the Telegraph, the BBC, CNN, the Times of India, AP, InfoWorld, Wired and the Wall Street Journal.

9 thoughts on “The Snooping Dragon

  1. I’m skeptical of these confident claims that the Chinese government has to be behind these attacks. It might be true — but it also might not be. How could we possibly know?

    Just because the attacks are coming from machines with IP addresses assigned to Chinese entities proves nothing: those machines could be controlled from anywhere.

  2. Well, Mr Hu Jintao, you’ve organised a lot of people to say that it might not have been China – that it might have been a freelancer, or even the FSB.

    I believe your guys are behind it because (1) your diplomats used the intelligence product (2) there were multiple coordinated penetrations from areas in China associated with intelligence agencies tasked with aspects of the Tibetan movement (3) It has long been Chinese IW doctrine to use civilian auxiliaries – see “Dragon Bytes” (4) when the Canadians later got hold of the contents of your control server they found a pattern of compromise consistent with your strategic intel priorities.

    There’s a lot more, but that should be enough for a jury.

  3. Hmm. …….Each of your points is highly questionable..

    Point (1) could have been sourced from elsewhere than the evidence you provide in your report
    (2) you don’t provide evidence in your report that confirm those agencies were tasked with what you say they were tasked with. No sourcing, or footnotes or anything there.
    (3) Yes China uses auxiliaries, but that hardly proves anything and
    (4) The Canadians issued their report independently from yours. Your evidence doesn’t cite any of their evidence.

    I think there are some serious flaws in your logic here, and lots of other people seem to agree now. Check out the latest Economist. Bad research. I gave the report a C- at best.

  4. We did cite the Canadian paper (reference 2) and they cited ours. The fact remains that China blew it by poor operational security – by using sigint for low-level tactical purposes without taking care to provide plausible deniability. I expect someone will lose their career for that. And despite all China’s news management, the geek community isn’t fooled; read for example the comments on Bruce’s blog.

  5. Trying to assign causality in intelligence activities is always tricky, but asking who has an interest, who benefits, and who has the capabilities can help. in this case, the Government of China has publicly declared its intent to develop cyberattack capabilities and to use intrusive surveillance measures against those it sees as a political risk . I can’t think of any other government that would care or benefit from hacking into the US Congress’s networks to steal lists of Tibetan dissidents and their supporters. We know there have been objections to China over cyber intrusions from the Government of France, Germany, the UK and the US (made at a time when the Bush administration was not talking to foreigners, so I doubt it was collusion) and in some cases these objections came from very senior officials.

    Against this, we have the denials of the Chinese Foreign Ministry (the same people who denied China had space weapons shortly before the PLA’s anti-satellite weapons test). It’s true that an astute opponent would want to make it look like a third party was responsible, but why would any other nation steal information on Tibet? Each of these points could be expanded, but the conclusion would still be that the trail leads back to Beijing.

  6. The Chinese Government has several attributes working in it’s favour that most Western Governments don’t have.

    The first is basic Chinese philosophy of the “long term view”. Their politicians are therfore not fussed or phased by things that would bring the “world down” around a Western politician, who consiquently rarely looks more than a very short way into the future.

    The Chinese society is still effectivly feudal in outlook and has a very strong “patronage” ethos.
    This means that those at the bottom take significant chances to bring favour on themselves. Whilst those at the top do little or no risk taking as that is for others to do.

    Further the patronage system means that those at the bottom will willingly do things to “please” those above irespective of if those above have wished for it or not (think Henry II and Thomas Becket in 1170).

    Of course the punishment for failing to please is loss of status, worse bringing displeasure often results in a termination of relationships in a very permanant way (think Walter Raleigh and his relationships with Elizabeth I and James I).

    So “freelancing” can have significant rewards but the risks can be and often are the loss of status, job, liberty and life even for senior Chinese business persons and officials (see articals on Drug regulator and adulterated milk scandals)…

    Worse it has been reported that those being executed are being broken up for their organs to be sold for transplant etc. Supposadly this is with the consent of the prisoner but this is very unlikley as Chinese custom requires the body to be kept whole…

    Further Chinese “organleging” appears to be becoming a “tourist attraction” with organs offered for cash directly from hospitals for as little as 30,000USD…

    Therefore I suspect that someone has not just lost their status or job but their life as well (such is the way of things with coruption and treason).

    Perhaps “Anonymous” would care to comment.

  7. A colleague of mine was writing a book which asserted links between the Chinese Government and a prominent religious organization in the West, a group which is increasingly ingratiating itself with government departments, quangos and NGOs. About a week before your report, she wrote to the Tibetans in Dharamsala. Subsequently, address boxes indicating pages open on her computer began to appear in Chinese characters. When I inquired as to the reasons behind this, she jokingly said that it was probably the Chinese spying on her computer because of her communications with the Tibetans. A week later your report emerged. Moreover, within three days of her book being announced for pre-order copies, it had to be pulled because of legal threats from the organization over ‘content’ though they could not possibly have had a copy of the book since it was not yet published.Conclusions? (PS I dont take acid and I dont have a personality disorder)

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>