The 2007 theft of Lockheed Martin’s F-35 Joint Strike Fighter plans was this week officially linked to China by German newspaper Der Spiegel. The classified US document, given to the paper by Edward Snowden, detailed the loss of ‘many terabytes of data’ relating to the development of the fifth-generation fighter. That China was behind the attack was one of the US Defense community’s more poorly kept secrets. But the release of the information is interesting given Edward Snowden’s previous reluctance to disclose information implicating countries such as China or Russia in online espionage.
China has claimed that it wasn’t behind the 2007 attacks, questioning the findings in the Snowden document, and reminding us that attribution is quite difficult due to the ‘complex nature’ of cyber-attacks.
The US and the UK recently announced a joint taskforce aimed at countering online threats. The ‘joint cell’—co-locating experts from GCHQ, MI5, the NSA and FBI across both countries—will facilitate the real-time sharing of threat data. The taskforce is also set to carry out cyber wargaming later in the year with scenarios built around attacks on the financial sector.
The New York Times has an interesting article explaining how early NSA groundwork facilitated the quicker-than-usual attribution (to North Korea) following the Sony Hack. The NSA program, developed as an ‘early warning radar’, allowed for the monitoring of North Korean hackers. The program, developed over the past five years, placed malware on several machines within North Korea’s offensive hacking unit, Bureau 121. While North Korea’s attempts to penetrate Sony’s networks looked fairly half-hearted and innocuous at the time, it wasn’t until after the attack that the NSA realised the scale of the breach.
ICPC international fellow James A Lewis told the Times, ‘Attributing where attacks come from is incredibly difficult and slow…The speed and certainty with which the United States made its determinations about North Korea told you that something was different here—that they had some kind of inside view.’
Closer to home, Japan’s impressive international cyber engagement agenda marches on, with Shinzo Abe this week pledging to deepen cooperation with Israel. Abe and his counterpart Benjamin Netanyahu have pledged to work together to counter online attacks and promote exchanges between defence officials. The dialogue is another win for Japan as the state pursues a program of high-level international cyber engagement.
The Economist has a nice article explaining some of the difficulties encountered when attempting to put a figure on the cost of cybercrime. Issues faced by analysts include which future losses to include and exclude in calculations, how to deal with companies who are unaware of what information they have actually lost and how to treat businesses that are aware but are unwilling to disclose details.
Finally our Governing the Net series explores the tall task ahead of ICANN as it tries to build a consensus on an IANA stewardship transition plan amongst the international multistakeholder community, enhance its internal accountability, and tiptoe around Washington politics. Also check out our handy Internet governance timeline to keep up to date in what promises to be a busy 2015 in this cyber space