For Doomsday Cyberattack, China has Options
Representatives from the National Security Agency claimed during a Dec. 15 segment on 60 Minutes that the department had foiled a plot by a foreign state—later revealed to be China—to destroy the U.S. economy by attacking the basic systems that allow computers to operate.
Experts and commentators poked fun at the “Dr. Evil” nature of the plot, and questioned its authenticity. Yet, such attacks already exist. The scale at which it could be carried out by China, however, is in question. There may be more efficient ways for Chinese hackers to cripple the United States economy and Internet access in the event of a conflict, experts say. One such massive attack has actually been engineered before.
China’s alleged attack was discussed by heads of the NSA in a Dec. 15 segment on 60 Minutes. It allegedly targeted the BIOS system of computers, which function as the set of instructions to a computer when it is turned on.
“One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability—to destroy computers,” Debora Plunkett, who directs cyberdefense at NSA, said on 60 Minutes.
The NSA did not say clearly which country was behind the attack, yet 60 Minutes reported that other security experts familiar with the attack confirmed it was China. It said the NSA was able to work with computer manufacturers to prevent the attack.
A Practical Matter
While many security experts question the claim, cyberattacks that target BIOS systems currently exist. BIOS viruses are appealing to hackers because they are almost impossible to detect or remove—even if the user completely erases the contents of the computer.
Jonathan Brossard, CEO of security company Toucan System, demonstrated a BIOS virus at the 2012 Black Hat security conference. He described it as a way to hack computers like a nation-state would.
The core problem with the rumored Chinese attack, however, is not about whether it is possible. It’s about whether the attack is practical.
“There are so many other ways to destroy computers, that aren’t nearly as hard,” Chester Wisniewski, senior security adviser at cybersecurity company Sophos, said in a telephone interview from Vancouver.
The most practical way to—at least temporarily—destroy the global Internet has already been demonstrated. In April 2010, 15 percent of global Internet traffic suddenly routed itself through China Telecom networks for about 18 minutes.
“Although the Commission has no way to determine what, if anything, Chinese telecommunication firms did to the hijacked data, incidents of this nature could have a number of serious implications,” states a report from the U.S.–China Economic and Security Review Commission, regarding the 2010 attack.
Affected websites included those belonging to the U.S. government and military.
The incident was caused by what’s called “IP hijacking.” The form of attack targets the highly vulnerable system where Internet Provider (IP) addresses communicate.
Russian hackers had used a similar attack against Estonia in 2007 to cut the country’s communications. Wisniewski said, “What better way to do it than take all their IP addresses and say they belong to someone else, then they can’t talk to anybody anymore.”
Regarding the alleged BIOS attack, Wisniewski said it is feasible for a nation-state to target BIOS systems. Due to the nature of the systems, however, any large-scale attacks would be unnecessarily complicated.
Different types of hardware use different BIOS, and to launch an attack on the scale alleged by the NSA, a hacker would need to customize the attack for potentially thousands of systems.
If the NSA were referring to the BIOS of Internet routers, rather than computers, however, the alleged attack would be more feasible.
Such an attack has already been demonstrated by the NSA itself. Documents stolen by Edward Snowden and leaked on Dec. 31 allege the NSA gained access to the BIOS systems of many routers for spying purposes.
Using the same vulnerabilities, if a hostile nation-state were to even target a sufficiently large number of routers manufactured by Cisco, “basically the entire Internet would fail,” Wisniewski said.
He added, “If that’s what they were warning us about, I’d be concerned.”