In response to Richard Clarke’s article published on the Wall Street Journal, entitled ‘China’s Cyber assault On America,’ Jeffrey Carr, author of Inside Cyber Warfare: Mapping the Cyber Underworld, said on The Diplomat Blogs that the story is full of mistakes, logical inconsistencies and a serious lack of understanding of how targeted cyber attacks work at a granular level.
Carr criticized that Clarke tries to draw a parallel between the Obama administration’s protection of Libyan dissidents from Gaddafi and his lack of protection for US citizens from cyber attacks in China, when he obviously knows that although the president has authority over military actions as commander-in-chief, he doesn’t have any authority over US corporations.
From Clarke’s point of view: “cyber criminals don’t hack defence contractors — they go after banks and credit cards.” Carr also has words to say, taken Zeus and Hilary Kneber hacker crews for example, they have been conducting cyber espionage attacks against government and military employees using the same malware that they use in financial crime since at least February 2010. Carr alone has been attacked by those same crews because of it, and he believed that it is the modus operandi of the Russian and Ukrainian governments.
It is a known fact that governments around the world have informal relationships with criminal hackers that allow them a safe harbour to conduct cybercrime as long as they also conduct cyber espionage or other types of cyber ops for their host government as needed. The Russian Federation have been known to conduct cyber espionage against foreign firms for years and yet their name is almost never mentioned in conjunction with attacks from which they would clearly benefit.
Carr said he is not trying to defend China, as the country is vacuuming huge amounts of intellectual property and sensitive data from around the world, but these are also many other countries have done. They all have the technical capability of crafting a targeted spear phishing letter and gaining access to valuable data.
He further indicates that anyone who says that only China is conducting these types of attacks couldn’t be more wrong and such views are harming, not helping, the cyber security posture of the United States.