Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Blogheader image

TAP Into Technology

Leading the Way in Network Technology

Chinese Cyber Attacks – For Economic Gain or Cyber Invasion

Posted by David Thomason | 11/12/14 2:30 PM

In December of 2010, long before news broke regarding the Chinese attacks on US critical infrastructure, I got a call from a utility customer that quite simply said, “We’ve been hacked and I don’t know how bad. Can you help?”

I was on a plane the next day and over the next seven weeks we tracked a hacker on their internal network. When we finally caught our hacker, the first thing that caught us by surprise was that he was on site. We always suspected a team of foreigners, hired to provide support for a Smart Grid development contract, and in fact we had already confiscated one of their laptops. Still, we couldn’t prove any of them were part of the attack.

What we really believed was the contractors were the conduit through which some rogue agent or agents were able to plant malware and compromise systems. Surely the guys on site would not be so bold as to be actively hacking. After all, my client had sophisticated intrusion detection and prevention systems in place. What wasn’t a surprise, and was always considered a possible motive, was that our hacker was stealing Smart Grid technology and sending it back to China. We expected as much. 

A recent article in Bloomberg identified UglyGorilla as a Chinese Hacker who infiltrated a major utility company in the Northeastern United States. As a result, he gained access to dozens of documents that describe the technical details of a major part of the United State’s critical infrastructure, namely the pipeline system.

Armed with this information, UglyGorilla now has the necessary information to exploit vulnerabilities within the industrial control systems that manage the transport of much of our nation’s oil and natural gas. If UglyGorilla was a lone actor, we could minimize the level of threat associated with this activity, but UglyGorilla is part of China’s state sponsored hacking group known as Unit 61398, part of the Peoples Liberation Army (PLA). In other words, China has not only stolen the technical details to build their own sophisticated pipeline systems, but they now have the information they need to create a catastrophic event in the United States without using bombs, bullets or troops.

Industrial control systems (ICSs) have historically been separated from other networks, particularly the Internet. But in recent history, ICSs have been increasingly integrated with administrative networks including the Internet.

For at least the last two years, Unit 61398 has been hacking utility companies including electric utilities, oil and gas companies, and even water systems. In fact, they primarily target industries that are identified as strategic to China’s economic growth. The immediate benefit to China is of an economic nature. Why spend money on research when it is so much cheaper to steal the technology from U.S. companies? Because of this, up until recently strategists believed China’s hacking activity was economically motivated.

Today, we have to question China’s motivation. Much of the technology is readily available all over the world. Why would they need to steal technical documents regarding building Smart Grid or pipeline operations?

In the months following my customer’s attack, I began to ask myself some basic tactical questions. How did we really catch this guy? How could my customer be prepared to catch him quicker? How could they have prevented this from happening in the first place? In other words, what were the lessons to be learned? Today I ask myself even more questions that are more strategic in nature. Let me summarize.

Tactical Lessons Learned

  • Control of contractors and subcontractors is important
  • Control of internal devices including desktops, notebooks, mobile devices, etc. is important
  • Network monitoring is critical
  • Establishing a perimeter may be impossible
  • Never forget the attacker could be physically on your network

Strategic Questions

  • What are the real risks?
  • How can we protect our nations infrastructure?
  • What fundamental changes will have the greatest positive impact on national security?

While it is probably safe to say that the attack we discovered in 2011 was motivated by economic gain, could, or have Chinese hackers unlocked secrets to not only attack, but defeat the U.S. in war without bombs, bullets and troops?

This is a guest post by David Thomason, President/Founder of Thomason Technologies, LLC.

Think your network may be in danger of attack? Schedule a free network visibility consultation and let our engineers pinpoint (and correct) any potential holes in your network.

New Call-to-action

Topics: Network Security, Hacks and Data Breaches, Network Visibility/Monitoring

Written by David Thomason

David is founder and President of Thomason Technologies, LLC, a boutique Internet Security company specializing in leading edge, highly effective security technologies and security consulting services. In 1986, David started his career in security while in the United States Air Force where he was responsible for building systems compliant with the National Security Agency’s C2-level security standard. Later in his Air Force career, Mr. Thomason was one of the founders of the Air Force Computer Emergency Response Team (AFCERT). After almost 10 years in the military, he went to work for a defense contractor and continued to serve in the AFCERT. There he was responsible for the successful apprehension by law enforcement of three hackers. David held key positions at companies such as Internet Security Systems, SecureInfo and Sourcefire.

Sign up for blog updates