The Cold War is long over. Or is it? Slowly, a new conflict is brewing in the frontiers of cyberspace between armies of hackers deployed to inject viruses in enemy systems and disrupt a country’s economy before a shot has ever been fired. Or so the reports go. Is there a real threat, or are we presented with new scare tactics in order to get more money for cyber-defence, and facilitate changes in the law?
This is a valid question. The official line that is being sent out by the intelligence services of the West, and even by President Obama in his State of the Union address, is that we should fear Chinese hackers, but time and time again the examples used to justify the fear fall short. In lieu of evidence, we are then presented with a strange mishmash of hacker acts that become conflated into an ominous threat. Take this report on the dangers ahead:
“Recent cyber-attacks have illustrated the ability of terrorist groups and foreign governments to cause havoc on the Internet. The United States Sentencing Commission’s website was destroyed when activists attacked the site to protect the federal prosecution of Bart Swartz which eventually led to Mr. Swartz committing suicide. For years, the Chinese government has launched massive daily attacks against our government and private industry which are aimed at disrupting government operations, stealing trade secrets and undermining economic activity.”
This is an almost perfect example of the over-blown rhetoric that we are faced with in the subject of cyber-attacks. First we get a very mild act of protest against a website as an example of “terrorist groups and foreign governments” wrecking havoc online, when defacing a website is, to use xkcd’s excellent analogy, akin to tearing down a poster. This mild act of legitimate protest is then equated with “daily attacks” from Chinese hackers. Where is the evidence of such terrible endeavours? None is presented. We just get a call to spend more in cyber-security measures, both at private and government levels.
Do not get me wrong, cyber-crime is a real issue, and hacking is a serious concern for governments, industry and individuals. But the reports on the cyber-warfare threat tend to fall prey unwittingly (and sometimes wittingly) to a highly charged narrative that equates all forms of hacking. Anonymous then is presented time and time again as part of the problem, and their name is mentioned in the same paragraph as real examples of cyber-threats, when most of their actions nowadays are the equivalent of virtual sit-ins.
Similarly, there may be some room for concern, as it is clear that the Chinese are indeed up to something. But so is the USA. And so is the UK. And so is Israel. It is telling that most news reports warning about the new Red Menace leave out the actions of the US government in the area of cyber-warfare. Stuxnet anyone? I am also highly suspicious of the source of the latest crop of articles, a report by security firm Mandiant that identifies the location of one of the Chinese cyber-attack units. The problem with this type of evidence is that it should be received with some scepticism precisely because it is part of an advertising push. The Chinese hackers are coming! Buy our products!
Cyber-warfare is then clearly an advertisement strategy, an act that mimics the scare tactics used by the military industrial complex to get more money for bombs, and that uses ridiculously over-the-top and impossible propaganda machines like Red Dawn to maintain the illusion that the United States is involved in a perennial war and that it can be invaded by China, South Korea, Russia, or the current enemy. By the way, the irony that the makers of Red Dawn had to change the enemy du jour for commercial reasons should not be lost on anyone.
At the very least, we should learn to identify different types of hacking and properly categorise it. Website defacement does not equate planes falling out of the sky. Leave Hollywood inspired scaremongering where it belongs.