Information Warfare: Chinese Malware and Botnets

Archives

October 14, 2024: Once more American internet security organizations have had to deal with and expunge another Chinese Cyber War effort. For over two decades China has been trying to use the internet to steal information from foreign sources, disrupt internet operations in some countries and become the most formidable Cyber War nation on the planet. To do that China has gradually built up its arsenal of techniques and the number of trained hackers and internet security professionals. China wants to win at defensive as well as offensive Cyber War. China is making a major effort to become the preeminent Cyber War power in the world. U.S. network protection operations in the FBI, Cyber National Mission Force, and the National Security Agency seek to block or disrupt these Chinese efforts.

Cyber War largely consists of attacks on computer networks, usually via the internet. These efforts require ammunition, and the most common form of ammo is Zero Day Exploits, or ZDEs. These are freshly discovered and exploitable defects in software that runs on the internet. These flaws enable a hacker to get into other people's networks and PCs. In the right hands these flaws enable criminals to pull off a large online heist or simply maintain secret control over someone's computer.

ZDEs are rare. They are in great demand and are increasingly expensive to find, or buy, from legitimate researchers or on the hacker black market. The price of ZDEs varies a lot. That's because not all vulnerabilities are equal. Some are much more valuable than others because they are more effective or allow attacks on a larger number of targets. Commercial internet security firms offer rewards to people, usually software engineers who spend a lot of time on the internet, who first discover a zero day vulnerability. These vulnerabilities are software bugs that have not yet been put to use by a hacker to create a ZDE. The rewards for really good ZDEs can sometimes exceed a million dollars. The commercial security firms, which provide services for corporate and government clients, offer the rewards openly. There is a more lucrative underground market, financed by criminals and some governments that offer even larger rewards.

The users, especially large companies, get after the software publishers to find and fix the bugs quickly. This rarely happens, and discovering and fixing these vulnerabilities usually takes several months and sometimes as long as a year or more. This is largely because fixing these bugs is expensive and publishers don't want to risk creating new ones. The publishers know that every time they open their source code to repair something there is high risk of creating more bugs. Moreover, it's expensive to fix the bug, test the patched software and then distribute it to their customers. Thus, unless the bug is highly likely to be exploited, it is not attended to right away. The problem with this approach is that the software publisher may not be aware of how exploitable the bug is. Criminals and Cyber Warriors have an interest in finding ways to exploit bugs that appear relatively harmless. That turns the bug into ammunition, for the Cyber War, and a way to make money, for the criminals.

Preparations for a Cyber War require a lot of special software, especially ZDEs. Put simply, whoever has found the largest number of quality unpatched vulnerabilities and turned them into exploits will win. There's a lot of evidence that the United States and China have both compiled large arsenals and tested a lot of their stuff. Other countries are players as well, but the U.S. and China appear to be the superpowers of Cyber War.

The U.S. has an edge in the number of commercial security firms and freelance experts it can enlist for the war effort. Likewise, China openly encourages its hackers to go out and practice on foreigners, especially the Japanese and the United States. Japan is still hated for World War II era atrocities while the U.S. is the largest Cyber War power in the world. China disputes that and has undertaken a major effort to put the Americans into second place and keep them there. China is also believed to have arrangements and understandings with the gangs that specialize in internet-based crime. Remember, China is still a police state and communist secret police organizations have long been known to use criminal organizations for all sorts of things.

For over a decade now Cyber War and criminal and government hackers have secretly placed malware software into computers belonging to corporations or government agencies. These Trojan horse programs turn the infected PCs into zombies, which is another word for robots or bots. These operations are planted and controlled by hackers or software engineers called botmasters. Such control allows the botmaster to steal, modify, or destroy data or shut down the computer systems the zombies are on. You infect new PCs and turn them into zombies by using ZDEs. This is a big business, although a lot of that business is delivering spam. But mixed in with all the garden variety criminality is a lot of corporate and military espionage.

Botnets are primarily used for carrying out DDOS (denial of service) attacks, bank and consumer fraud or extortion. A successful DDOS attack can shut down websites or networks. Network security firms are continually developing new defensive software to mitigate or eliminate the DDOS threat. The is an ongoing arms race with new DDOS techniques and technologies constantly created to replace DDOS software that has been defeated.

Some botnet owners rent their zombies out. There is no honor among thieves either, with some Internet crooks seeking out botnets, and using their tools to try and take control. The network security firms do this as well, seeking out the botnets, and purifying the infected machines by finding and deleting the hidden software that made a PC a zombie.

Cyber War commanders are resigned to the fact that they will have to use mercenaries if they want to survive any future internet-based conflict. Much use is being made of mercenaries right now in the race to build up stockpiles of munitions. In Cyber War one vital tool is information. That is, knowledge of vulnerabilities in software connected to the internet or major networks not connected to the internet. It's feared that China actually has a lead in this area, a lead they will not discuss but that the victims know exists.

The American FBI has taken the lead in detecting and dismantling Chinese botnets and identifying specific groups China has created to do this work. China has recently put together enormous botnets, one of them consisting of a record 140,000 internet based devices. The FBI gets a lot of help from Microsoft and other forms with Cyber security divisions. Most major corporations have Cyber security divisions and these work with the Microsoft and other software firms that depend on their ability to quickly spot and eliminate Cyber War threats. The current Chinese Cyber War campaign is worldwide, with particular emphasis on the United States and other industrialized nations. Chins is concentrating on defense-related manufacturers and major military headquarters like the Pentagon. This is turning into a major international Cyber War. Officially, China insists it is not involved. That is difficult to prove because a lot of the Chinese hacker groups did not hide or try hard to hide the physical location of their operations in China.