Virtual attacks and the problem of responsibility: the case of China and Russia Daniel Oppermann Virtual attacks are forming a new threat scenario for governments and other actors of global society. The first decade of the XXI century saw an intensification of cyberattacks on government networks which could not be traced back. However, due to political circumstances there were often actors suspected of being involved in cyberattacks. This case study is analyzing the methods and reasons of potential attackers in Russia and China which between 2004 and 2009 appeared in several cyber threat scenarios. Keywords: cybersecurity, cyberattack, China, Russia Ataques virtuais representam um novo cenário de ameaça para governos e outros atores da sociedade global. Durante a primeira década do século XXI houve uma intensificação de ataques cibernéticos de origem desconhecida contra redes governamentais. Porém, devido às circunstâncias políticas, muitas vezes havia atores suspeitos de estarem envolvidos em ataques virtuais. Essa pesquisa de caso está analisando os métodos e razões dos atacantes potenciais na Rússia e na China, os quais apareceram em vários cenários de ameaças cibernéticas entre 2004 e 2009. Palavras-chave: segurança cibernética, ataque cibernético, China, Rússia n January 2009 the US administration under then or what their intentions were. Nevertheless in some cases recently elected US President Obama released a cybersecurity experts succeed to trace back online attacks new US Agenda for Homeland Security underli- although they hardly had any legal possibilities against the ning growing attention to virtual attacks and cyber- possible attackers due to the borderless character of the security by announcing the position of a national Internet and the lack of appropriate policies or legal fra- cybersecurity advisor reporting directly to the President. meworks. In other cases political circumstances alluded IFour months later, in May 2009, Obama confirmed his to where attackers might have come from and what their plans during a speech in the White House, without ha- intentions were. ving appointed an advisor so far. When in September 2009 Melissa Hathaway resigned from her position as the The US are not the only victim of cyberattacks. Almost Acting Senior Director for Cyberspace for the National all states have suffered virtual attacks in the past ten years Security and Homeland Security Councils, speculations but so far only few resulted in serious concerns or have about the difficulties to find a qualified candidate to co- been made public. While some (and those are more rele- ordinate national cybersecurity issues in the US started vant for this article) have a political background, others are putting pressure on the US administration (Nakashima, more connected to criminal activites. As being among the 2009). In those first eight months of hesitation hundreds of strongest global economies with a well developed telecom- cyberattacks happened on governmental and private eco- munication infrastructure the US are having high interests nomy severs in the US and other countries. Most of them in protecting their networks from such hostile activities. were not covered in the media and many stayed unknown Therefore they have a crucial role in developing means of even to the institutions or companies being attacked. In protection against virtual attacks (and probably seeking most cases it was unclear where the attackers agitated from ways to launch attacks by themselves). Besides them also the European Union is addressing the problem and wa- tching global developments with concern, discussing cy- Daniel Oppermann é doutorando do Instituto de Relações bersecurity policies. Internacionais da Universidade de Brasília (IREL-UnB) e pesquisador do Observatório Político Sul-Americano Concerns over cybersecurity in the past five years have (OPSA) do Instituto de Estudos Sociais e Políticos na frequently included Russia and China, both fast growing Universidade Estadual do Rio de Janeiro (IESP-UERJ). Internet markets and several times being suspected of Carta Internacional Dezembro 2010 11 using their IT infrastructure to infiltrate other countries’ networks. This article will concentrate on the problem of Robert Stakes divides case studies into three categories: virtual attacks and the role the two countries had in this intrinsic, instrumental and collective case studies. This context between 2004 and 2009. Regarding Russia espe- way he tries to differentiate the motives of the researchers. cially the 2004 cyberattacks in Estonia and also the 2008 An intrinsic study aims at understanding the case itself. attacks on Georgia will be discussed. The Chinese case in- The case is the central aspect of the study. The objective is cludes GhostNet, an espionage network that was investiga- nor the development of theories neither the analysis of a ted by Canadian researchers in 2008/2009. phenomenon behind the case. An instrumental study tre- ats the case as an example for a theory or a political or so- The article is structured in six chapters. After this in- cial phenomenon. This phenomenon is the actual interest troduction, the second chapter is going to introduce the of the researcher. The case helps to explain it. The third research method applied and will present the research category is a collective case study. The researcher uses it questions. The third chapter concentrates on the general to investigate several cases that help to explain a certain phenomenon of cybersecurity. It includes the theoreti- phenomenon. Similar to Stakes, Robert Yin divides case cal basic knowledge regarding cybersecurity, cybercrime, studies into two categories: single-case studies and multi- cyberterror, and cyberwar. Furthermore it discusses di- ple-case studies (Yin, 2002, p. 45f). Both have the intent to fferent methods of cyberattacks. The forth and fifth chap- explain the phenomenon behind the case. ter are analysing the two cases of Russia and China and their function in recent cyberattacks on other countries. This present case study is designed as a multiple, ins- Following those two, the final conclusion will pick up the trumental case study (n=2) to analyze the social pheno- menon of virtual attacks on nation states and Almost all states have suffered virtual attacks in the the question of responsibility for such attacks. past ten years but so far only few resulted in serious The focus lies on virtual aggressions between 2004 and 2009 being traced back by the vic- concerns or have been made public. tims to China and Russia. The intention is to analyse information about virtual attacks as research questions again to develop final statements regar- a social phenomenon and about the possibilities to trace ding the problem underlying this article. them back to their origin. The leading research questions are: What are the main kinds of cyberthreats and virtual Research methodology attacks pointed against political and economical networks? How is it possible to trace virtual attacks back to the at- This article is going to analyse the current situation of tacker? Who is using virtual attacks against political and cybersecurity regarding nation states with a focus on vir- economical networks and with what kind of intention? tual attacks and the question who is responsible for them. What roles do Russia and China have concerning virtual A special focus is given on Russia and China which in the attacks on foreign networks? past five years have been accused several times by Western governments of undertaking virtual attacks on govern- The concept of cybersecurity mental institutions and private companies in different countries. The research method applied is the qualitati- Cybersecurity as a concepts has numerous different ve case study design. “A case study (...) is the analysis of dimensions. This chapter is going to categorize the diffe- an object: a country, a political system, an institution, an rent dimensions of cybersecurity being cybercrime, cyber- organization, or a problem in a certain context (...). In a terrorism, and cyberwarfare. After that different forms of comparative analyses different cases on the same topic are virtual attacks will be discussed in general as well as the used.”(Nohlen, 1994, p. 128, translated by the author). The question how they were conducted in the past years. case study design is among the most applied methods in political research. Its origin goes back to 1948 at Harvard In the context of online security, cybersecurity could be University (McNabb, 2004, p. 357). It helps to explain an a simple form of private protection against spam or other individual case and is also able to make a generalization malware distributed on the Internet. It could also mean (although quantitative methods are stronger for genera- protection of family members (for example children) from lization). It can be conducted with one or several cases. accessing unwanted web content. Furthermore it means “Through the study of cases, political scientists are able to protection from ordinary crime or fraud occuring on the learn about political events, agencies, parties and levels of internet like phishing, identity theft, credit card fraud and government and politics around the globe. Cases are also others (McQuade III, 2006, p. 63ff). These types of activi- written to serve as examples of approved management ties are categorized as cybercrime. Cybercrime as a pheno- practices.” (McNabb, 2004, p. 357). menon plays a minor role in this article. Although,