China hit with wet lettuce over cybercrime
It should be noted that the Chinese government’s denunciation and shame this week regarding the Microsoft Exchange server hack earlier this year, and criminal hacking in general, did not include penalties.
Of all the signatories to the declaration led by US President Joe Biden, Australia may have had a problem with this.
Bad enough, China has sanctioned us by blocking imports of wine, barley and meat, without Australia also blocking exports of, say, iron ore, which is about the only thing that would harm the superpower.
But at some point Australia, along with the US, Japan, UK and Europe, will have to figure out what to do with the escalating cyberwar in China, as the issuing harsh press releases probably won’t.
And anything that is done to make the Chinese Communist Party aware of this will probably hurt us as much as it does them.
The world is now in a computer arms race, and the West is playing too well and being left behind.
From what I understand, the big development this year was not so much the hacking of Microsoft Exchange itself, even though it compromised tens of thousands of computers around the world.
It is because the Chinese Communist Party has apparently figured out how to increase its capabilities inexpensively by letting its army of official spy hackers commit cybercrimes in their spare time, especially ransomware.
This is where someone who is very good at computers walks into a company’s system, locks it, and asks for money to unlock it.
Unlike kidnappings and terrorism, corporate victims typically crack up because it’s a simple cost-benefit transaction: the price is a fraction of what it would cost the business if the data remained locked. or if the system gets stuck.
The business leaders I have spoken to admit that.
As a result, several million, perhaps billions of dollars are quietly being handed over to ransomware cybercriminals under deals that never see the light of day, and much of the money now goes to China, to help fund Communist Party cybercriminals. war effort.
The biggest known ransomware in Australia recently was the attack on Nine Entertainment, revealed by the Financial analysis in March, and was never officially reported to ASX.
Neuf had to refuse to pay because the network was brought to its knees and had to rebuild many of its systems from scratch.
Whether China or Russia was behind this is unclear, but the consensus is that it was a “state actor,” as they say, and not individual hackers. In other words, it was a government.
And therein lies the problem of the soft response to what China is doing: If a foreign government had detonated Nine’s studios with a real bomb, there would be no doubt about the responsibility of defending the business – the government, and more specifically the military.
An international incident would ensue, ambassadors would be withdrawn and diplomatic relations interrupted. We would be on high alert – a war footing.
With cybercrime, it’s not that clear, even when spies know who committed it, and not just because no one is dying.
A question of responsibility
The cost of a corporate cyber attack can be immense and pervasive, but who is responsible for defending it? Business or government?
Some companies, especially banks, spend a lot on cybersecurity, but many don’t. For example, for a hospital, the choice between new equipment to save lives and a software upgrade is simple: Save lives.
Thus, the kingdom’s cyber defense is uneven to say the least.
The government, meanwhile, is spending far from enough, and its cybersecurity experts are unlikely to be allowed to do parallel ransomware.
In addition, the Australian National Audit Office regularly finds that ministries do not meet required cybersecurity standards.
And centuries ago, the government has tried to bury these failures in an avalanche of policy documents, reports, advisory committees and simple mind-numbing antics.
Australia’s Cyber Security Strategy 2020, launched by then Home Secretary Peter Dutton, was a real guff-fest, promising a $ 1.67 billion investment in cybersecurity over 10 years, with 100 agents additional Australian Federal Police to specialize in it.
Estimates of the current strength of hackers in China (who apparently use ransomware in parallel) are as high as 100,000, but that’s a guess; it can be anything. And then there are Russia and Iran.
Meanwhile, the defense budget for 2020-2021 is $ 44.6 billion in one year, of which $ 15.8 billion is to be spent on the acquisition of materiel.
Almost $ 2 billion has been spent in 15 years to digitize the military, but this project has been put on hold, unfinished.
Shipbuilding costs $ 4 billion a year.
Almost $ 100 billion must be invested in a nationwide guided weapons manufacturing industry so that the bombs can be sent several miles from the back of a truck.
The next war will be fought at least in part on the Internet – in fact, it can be said that it is already happening, with wartime espionage and the cyber “bombs” thrown by China at businesses. and government agencies.
The billions spent on sophisticated military equipment will be of little use if computer systems are hacked and they don’t work, while the national electricity grid is shut down from Beijing.
Alan Kohler writes twice a week for The New Daily. He is also editor-in-chief of Eureka Report and financial presenter on ABC news