China's Golden Cyber-Shield

China's Golden Cyber-Shield
China's Golden Cyber-Shield 

By Andy Greenberg

The Chinese government is an infamous enforcer of digital apartheid; 
when its citizens try to access prominent international Web sites like 
Wikipedia and Flickr, they hit a filter that blocks politically 
sensitive material. In the West, that information blockade is often 
described as the "Great Firewall of China."

But in Mandarin, it is called jindun gongcheng, the Golden Shield. As 
that name implies, China's controls on the Internet are capable of 
blocking inbound as well as outbound traffic. And according to some 
security professionals, that means the Golden Shield is more than just a 
barrier to free expression; it may also be China's advantage in a future 

"China has powerful controls over content going out and coming in at 
every gateway," says Jody Westby, chief executive of security 
consultancy Global Cyber Risk. She argues that the tight relationship 
between China's government and its Internet service 
providers--originally established to stop Web users reading about 
censored topics like Tiananmen and Taiwan--also means the country could 
better coordinate a defense against online attacks.

In the U.S., by contrast, the autonomy of the Internet may leave it 
vulnerable to state-sponsored enemies trying to steal classified data or 
shut down servers controlling energy or telecommunications. "They have a 
decided defensive advantage," says Westby. "China simply doesn't have 
the same issues of coordination [the U.S.] would face in the case of 
information warfare."

Sizing up threats in a hypothetical cyber-war is still based on educated 
guesswork and speculation, but no longer mere science-fiction: A 
political dispute in May over a U.S.S.R. memorial in Estonia led to 
massive attacks on the country's government Web sites; state servers 
were paralyzed with "distributed denial of service" attacks, which use 
tens of thousands of simultaneous requests for information to overwhelm 
Web-connected computers. Estonia initially accused the Russian 
government of launching the blitzkrieg, though the use of 
"botnets"--herds of PCs hijacked with malicious software--made tracing 
its origin difficult.

The threat of an information-based war with China is particularly real. 
A Department of Defense report earlier this year warned that China's 
military is putting more resources into "electromagnetic warfare," 
focusing on attacking and defending computer networks.

The first shots may have already been fired: In August and September 
2006, Chinese computers penetrated the State Department and the U.S. 
Department of Commerce's Bureau of Industry and Security. The attack, 
known as "Titan Rain," forced the government to replace hundreds of 
computers and take others offline for a month. While that attack 
couldn't be traced to any official source, the U.S.-China Economic and 
Security Review commission subsequently claimed that China is developing 
computer viruses intended to disable military defense systems.

If China did turn computer viruses into a military tool, the Golden 
Shield could be used to prevent collateral damage, says Jayson Street, a 
consultant at the computer security firm Stratagem 1 Solutions. "The 
firewall would protect China from whatever it releases," says Street. 
"When a worm goes out, it's not a gun, it's a bomb. It affects everyone. 
That's why the Golden Shield could be so effective."

Chinese cyber-attacks might take the same form as the denial of service 
attacks that rattled Estonia, using botnets to overwhelm foreign servers 
and depending on the Golden Shield to block attempts at retaliation.

The exact anatomy of the shield is known only to the Chinese government, 
but most security professionals believe it's capable of not only 
filtering for certain politically charged keywords, but also examining 
the structure and origin of information moving into and out of the 
country's networks. That means botnet attacks could be deflected more 
easily than in the U.S., where there are virtually no checks on 
international Internet traffic.

Still, the shield's effectiveness as a defense in cyber-warfare is far 
from clear: Bruce Schneier, the founder and chief technology officer of 
security firm BT Counterpane, argues that no single strategy can stop 
determined hackers.

"It's a pipe dream to think that a country can secure its 
cyber-borders," says Schneier. He points out that in general, security 
vulnerabilities are much easier to find than they are to patch. "If you 
look at what's happening now in the computer security field, the bad 
guys are winning, and they're just criminals," says Schneier. "Imagine 
if militaries got involved."

If China did face all-out digital war, it might have at least one 
resource that the U.S. wouldn't: an Internet kill switch.

"It's true that it's impossible to completely defend against denial of 
service attacks and still be accessible," says Marcus Ranum, chief 
security officer of Tenable Security. "But if you're willing to go off 
the air completely, you could disrupt the enemy's command and control." 
Ranum suggests that China's worst-case strategy in a cyber-war would 
simply be to "pull the plug," temporarily isolating the Chinese 
Internet. That's not an option in the U.S., where the Web is less 
regulated and considered a basic freedom.

If China made itself immune from outside attack, it could still be 
vulnerable to botnets run from within the country, says Allan Paller, 
director of research at the SANS Institute. "Installing malware on 
computers within the country would be the real key to an Internet Cold 
War," he says. Military enemies could launch denial of service attacks 
that begin and end within China's own network.

To grab control of those computers, Paller imagines CIA agents working 
in Chinese Internet cafes or other domestic access points. Timed botnet 
attacks could also be organized to launch automatically, without an 
external go-ahead.

At the end of 2006, China had 26% of the world's malware-infected 
computers, more than any other country, according to a report from 
Symantec (nasdaq: SYMC - news - people ). But most of those PCs are 
likely controlled by spam-sending cyber-criminals, not foreign 

Whether of note the U.S. military has caught on to these nuances of the 
digital arms race, it will soon, Paller argues. "This is going to be an 
area of huge investment for the military for the next hundred years," he 
says. "It isn't just the future of information warfare. It's the future 
of warfare."

Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. 

Site design & layout copyright © 1986-2014 CodeGods