Sony Cyber Attack: The China Connection

IT WAS, PERHAPS, only a matter of time before China was dragged publicly into the war of words between the U.S. and North Korea over Pyongyang’s alleged cyber attack on Sony Corp. in retaliation for the company’s provocative Hollywood comedy about a plot to assassinate North Korean leader Kim Jong Un. China is North Korea’s main onramp to the internet. North Korea runs the overwhelming majority of its telecoms traffic through Chinese state-owned telco China Unicom. Its own networks are limited, as are its telecoms connections to its other outlet to the world, Russia. To get its cyber warriors even close to the internet backbone, Pyongyang stations some of them over the border in China.

Now Washington has reportedly asked Beijing to rein in Pyongyang’s use of Chinese routers and servers for cyber attacks, including expelling North Korean hackers based in China — a request Beijing has met with polite silence or neutral platitudes. The Sony incident is another Pyongyang embarrassment it could do without — even if it doesn’t mind a company with one foot in Hollywood and the other in Japan being embarrassed even more. Yet it is not going to open that particular can of worms. And especially not in public.

Cyber warfare is almost as sensitive a topic in Beijing as even a fictional assassination attempt on the Beloved Leader is in Pyongyang. Washington has repeatedly accused Beijing of hacking into U.S. companies, charges Beijing has repeatedly denied, saying it is a victim of cyber attacks not a perpetrator. But for both countries’ cyber warfare has become the “fifth dimension” of defence, adding to land, sea, air and space military operations.

Pyongyang, for the record, has also denied that it cyber attacked Sony. It has demanded a joint investigation with the U.S., following that up with a predictable burst of typical bombastic rhetoric.

So far, Beijing has walked a fine line over the Sony incident. It has condemned both the movie as being culturally arrogant and cyber attacks and terror threats. But, it is equally aware that the U.S. has become more forceful this year in pressing cyber-attack allegations against Beijing. In May, Washington broke new ground in bilateral relations by bringing its first cyber-spying case against China, charging five Chinese army officers in May with hacking into U.S. companies. The following month a Chinese businessman was charged with hacking into the computer systems of U.S. defence contractors, including Boeing.

For North Korea’s part, it could now return to the U.S.’s list of state sponsors of terrorism, from which it was removed in 2008 after agreeing to verification of its nuclear sites. The incident has also thrown a spotlight on Unit 121 of North Korea’s military intelligence agency. This is an elite if shadowy group of cyber warriors, some of whom are based in the Chilbosan hotel, a Chinese-North Korean joint venture in Shenyang in Liaoning  province. Estimates of their number vary from a few hundred to several thousand.

Little is known definitively about the group outside its own circles. What there is comes from defectors from several years ago. In truth, not much if anything new about it has been learned lately despite Unit 121 being written about relatively widely in the Western press since the Sony attack. A sign of how active it is is that North Korea has reputedly carried out more cyber attacks than another nation. Denial of service attacks on South Korea are its weapon of choice, but it is believed to have hacked about in the U.S., penetrating both the U.S. Department of Defense and U.S.-based companies. Part of its brief is to cause North Korea’s enemies monetary loss.

Some note similarities between the Sony attack and a broad based hack of South Korean banking and media companies last year widely believed to be the work of Unit 121. If it was responsible for the cyber hack of Sony, as charged, that would mark its boldest and most sophisticated attack to date.

With or without Beijing’s help, U.S. President Barack Obama has promised “proportionate” retaliation for what he has called an act of “cyber vandalism.” It is difficult to know what that might be. The hermit kingdom’s internet isolation has long offered Unit 121 an unlikely degree of protection. There isn’t much internet infrastructure in North Korea against which to retaliate; there are barely a dozen web sites using the country’s domain, .kp, all state run. Washington’s best bet is to get China to lean on its ally — which isn’t much of a bet at all.

Update: The internet went down in North Korea for nine and a half hours on Dec. 22 after more than a day of increasingly instability, suggesting an onslaught of denial-of-service attacks.  It could also be a result of a power failure, accidental or because someone pulled the plug. On either score, China has said it wasn’t its doing. The U.S. has declined to make comment. Well, both would, wouldn’t they — and hacktavist groups are just as likely suspects.

Advertisements

Leave a comment

Filed under China-Koreas, China-U.S., Defence

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s