Cyberwar With China Is Here, Like It or Not

“Love your Enemies, for they tell you your Faults.” Benjamin Franklin wrote that.

“The supreme art of war is to subdue the enemy without fighting.” The Chinese philosopher Sun Tzu wrote that.

Both come to mind as the world is waking up a newly disclosed body of evidence from the Internet security firm Mandiant, publicly illustrating, in the starkest terms yet, how wide, deep and pervasive computer hacking attacks from China have become. As reported on the front page of today’s New York Times, numerous attacks on American, Canadian and British companies, dating as far back as 2006, have been carried out by a single unit of the China’s People’s Liberation Army. Mandiant, a firm based in Alexandria, Va., has identified it as Unit 61398, operating out of a single building just walking distance from the point in outer Shanghai where the Huangpu and Yangtze Rivers meet.

The company maintains that the unit has compromised the networks of at least 141 companies or organizations, and probably more than that, spending an average of 356 days perusing their networks. In one case, the attackers had unfettered access to a target’s computers and networks for a grand total of four years and 10 months.

Who do they attack? None of the companies are named. But, if you think back, you can remember some names that have disclosed attacks blamed on China, that might fit the bill: Google and Intel have over the years complained in public of attacks carried out by China. The Times says the army unit was the one responsible for the attacks carried out in 2011 against RSA, the security unit of the technology company EMC, which were described at the time as “extremely sophisticated.”

More recently, a series of attacks against media organizations have been attributed to China: The New York Times, The Wall Street Journal (which, like this website, is owned by News Corp.), Bloomberg News, the Washington Post and the Associated Press are among them.

Other targeted industries include information technology, defense and aerospace, energy, transportation, satellites and communications, navigation, chemicals, health care and mining, to name a few.

What do the attackers take? Here’s a list taken directly from Mandiant’s report:

• product development and use, including information on test results, system designs, product manuals, parts lists, and simulation technologies;
• manufacturing procedures, such as descriptions of proprietary processes, standards, and waste management processes;
• business plans, such as information on contract negotiation positions and product pricing, legal events, mergers, joint ventures, and acquisitions;
• policy positions and analysis, such as white papers, and agendas and minutes from meetings involving high-ranking personnel;
• emails of high-ranking employees; and user credentials and network architecture information.

Most of the time, the victim company doesn’t even know that its information has been stolen until it is far too late to do anything about it.

Who gets the information in the end? It’s unclear, exactly, and so Mandiant engages in educated conjecture and looks at the available evidence. In one case in 2008, a targeted company suffered an intrusion lasting two and a half years, during which emails and attachments of the CEO and general counsel were stolen. During the same time period, news reports showed that a Chinese company had managed to negotiate a significant increase in the price of a certain commodity component with an unnamed victim company. It may be a coincidence, Mandiant concedes, but then again, it may not.

How do they attack? Usually by sending innocent-looking attachments in email messages. An employee at the target company opens it, triggering software embedded within it that gives attackers remote access to that employee’s machine, which then serves as a beachhead for more attacks. You can see a short video showing some of the attacks actually taking place in the video below.

Certainly, suspicions about China and its intentions, capabilities and actions in this area have pervaded for months. Knowledge about all this has probably circulated within the classified community for years, and no doubt plays a part in the concern among lawmakers and U.S. federal government agencies about the growth of the Chinese networking company Huawei.

Mandiant points to another: Unit 61398, it says, carried out a series of attacks against a unit of a Canadian company called Schneider Electric. The incident was first reported by security blogger Brian Krebs, and was carried out when the unit was an independent company called Telvent. What does the company make? Remote access tools, basically software that lets you control one computer from another computer far away.

The part that should scare you is what kinds of computers this software is intended to control: They’re known generally as SCADA systems, or supervisory control and data acquisition systems. They’re the stripped-down machines that sit between large industrial machinery like generators or pumps, or any other kind of big, automated equipment, and regular computers.

In a series of letters to customers in September of last year, Telvent disclosed that attackers traced to China had installed malicious software on its network, and had stolen files related to a key product called OASyS SCADA, which is designed to connect older IT assets to certain “smart grid” systems running on electrical power networks.

Attacks on SCADA systems can be very effective, in part because the machines involved are older and have tended to be less well-secured. How effective? Remember Stuxnet? The malware attack carried out by American and Israeli intelligence agencies against the Iranian nuclear research program? In that attack, nuclear centrifuges were caused to spin out of control, and ultimately explode. That was an attack against SCADA systems. We already know how easily attacks like it might be carried out here.

Stealing intellectual property and trying to gain an edge in business negotiations is one thing. Penetrating the systems that run critical infrastructure is rather more serious, bordering on sabotage. Now that the government officially considers cyberspace a theater of warfare, similar to land, sea, and sky, this is starting to look serious.

White House condemns court ruling on ‘unconstitutional’ Obama appointments

Spokesman says ruling heralded by Republicans’ lawyers as ‘stinging rebuke’ to president is ‘novel and unprecedented’

Barack Obama breached the constitution when he bypassed Congress to make appointments to a labour relations panel, a federal appeal court ruled on Friday in a decision that was condemned by the White House as “novel and unprecedented”.

The judgement, from a three-judge panel of the US court of appeals for the DC circuit and regarding the filling of vacancies at the the National Labor Relations Board (NLRB), represents a significant legal victory for Republicans and big business. It could also severely restrict the president’s use of a constitutional provision that permits him to directly appoint officials without congressional approval.

Successive presidents have used the provision to place hundreds of officials who have been rejected, or are likely to be rejected, by the Senate at confirmation hearings.

But in what lawyers for the Republican congressional delegation called a “stinging rebuke” to Obama, the court narrowed the president’s authority considerably by ruling that the constitution only permits him to make those appointments when the vacancy occurs during a recess between individual Congresses, such as occurred earlier this month when a newly elected Congress took office. Any appointment must then be made during the same recess.

“The filling up of a vacancy that happens during a recess must be done during the same recess in which the vacancy arose,” the court said.

The ruling struck down the president’s appointment of three people to the NLRB a year ago, but if it stands it is likely to have much wider implications.

Anthony Riedel of the National Right to Work Foundation, which is fighting several cases seeking to have NLRB rulings overturned on the grounds that the appointments were invalid, described the ruling as a “game changer”.

“What the court did pretty much took a strict constructionist view of the constitution and said that the president cannot make recess appointments unless during the recess in which one Congress turns into the next Congress. It also said that the vacancy must have occurred within that recess,” he said. “This is a game changer on a broader scale of how the president has the power to make recess appointments during a recess.”

The court decision came in response to a legal challenge by the owners of a soft-drinks bottling plant, after the NLRB ruled against them in a union dispute. The company claimed Obama did not have the power to directly appoint the three officials to the NLRB last year while the Senate was on a 20-day holiday, and said the board’s ruling was therefore invalid.

The dispute centres on article two of the constitution, which gives the president “the power to fill up all vacancies that may happen during the recess of the Senate”.

Successive administrations have interpreted that as meaning whenever the Senate takes a break, such as during Christmas and summer holidays. Obama has invoked the article 32 times to make recess appointments. His predecessor, George W Bush, used it 99 times. But the court ruled that the framers of the constitution had a different meaning in mind.

At the time the article was written, Congress sat far less frequently, sometimes for less than half of the year.

“There is no reason the framers would have permitted the President to wait until some future intersession recess to make a recess appointment, for the Senate would have been sitting in session during the intervening period and available to consider nominations,” the court said on Friday.

Lawyers for the bottling company argued that holidays did not amount to a recess because although senators were away from Washington, the Senate still effectively remained sitting.

“Such short intra-session breaks are not recesses. Otherwise, every weekend, night, or lunch break would be a ‘recess’ too,” they told the court.

The court agreed, and noted that the House of Representatives had already returned to work the day before the appointments, meaning that Congress was in session even if senators were not in attendance.

Republicans joined the legal action, arguing that “the president usurped the Senate’s control of its own procedures”.

“By appointing officers without the Senate’s consent, he took away its right to review and reject his nominations,” they said.

The US justice department told the court that the Senate does no work, and does not fulfill its role to provide advice or consent on presidential nominations, when it takes holidays and therefore is not in session.

Democrats in Congress led the way in attempting to block direct presidential appointments during President George Bush senior’s administration. They merely adjourned Senate sittings during holiday periods, rather than going into recess.

The Obama administration can be expected to take the case to the Supreme Court.

The American Center for Law and Justice, which represented the House of Representatives speaker, John Boehner, in the case, welcomed the ruling.

“This decision represents a stinging rebuke to the unprecedented and unconstitutional actions of President Obama,” said the ACLJ chief counsel, Jay Sekulow.

“This decision is sound and well-reasoned and respects both the constitution and the separation of powers. From the very beginning, no one questioned the President’s authority to make recess appointments, but those must occur when the Senate is in recess, which we asserted, and the appeals court concluded, is clearly not the case here. While the Justice Department may decide to appeal this decision to the supreme court, the appeals court decision today sends a strong message rejecting this presidential overreach.”

The immediate implications of the ruling for the NLRB are unclear. Riedel said it could potentially invalidate hundreds of board decisions over the past year, and may affect other cases in the pipeline elsewhere in the country including several being handled by his own organisation.

“The NLRB has been handing down very biased decisions in favour of big labor so we’re pleased that there’s a chance these decisions will now be invalidated because the board has been seen to not have a quorum,” he said.

The White House disagreed. “This court decision does not effect this operation, their ability to function,” said Jay Carney, Obama’s spokesman.

However the judgement could affect other recess appointments, notably that of Richard Cordray, who was put in place by Obama to head the newly-formed consumer financial protection bureau, after he was rejected by Congress. At the time, Boehner accused Obama of “trampling our system of separation of powers”.