Cyber Espionage as an Emerging Threat Term Paper

Download this Term Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Term Paper:

Cyber Espionage

Over the last several years, cyber espionage has become a major problem that is impacting a variety of organizations. This is because hackers and other groups are actively seeking to exploit vulnerabilities in security networks. Evidence of this can be seen by looking no further than the below tables (which are illustrating the motivations and targets of attacks).

Motivations behind Attacks on Computer Networks


Cyber Crime


Cyber Warfare / Espionage

("Cyber Attack Statistics," 2012)

Distribution of Targets


Government / Infrastructure / Defense / Law Enforcement / Economic

E Commerce / Sports / Political / News Media




("Cyber Attack Statistics," 2012)

These figures are showing how cybercrime and espionage are areas that are continually being exploited by hackers. What makes this troubling is the fact that organized groups could target specific infrastructure projects that are vulnerable. When this happens, classified information is stolen that could be used to shut down entire networks and infrastructure. The close relationship between private contractors and governmental entities is only increasing these risks further. ("Cyber Attack Statistics," 2012)

In the case of China, they have been aggressively involved in a number of cyber-attacks against the military, public and civilian targets. One of the most damaging is the case called Titan Rain. To fully understand what is happening there will be a focus on: the different aspects, how it was conducted and an examination as to how the attack could have been prevented. Together, these different elements will highlight the way these issues are a threat to national security and possible strategies for mitigating them.


The threat of cyber espionage is increasing exponentially. This is because technology and coding techniques have improved dramatically. Over the course of time, this has been used as tool by nation states to steal illicit information from military, government and private contractors' computers. Recent evidence of this can be seen with comments from Jonathan Evans (the Direction General of Britain's MI5) who said, "The amount of hostile activity being generated by foreign states in cyberspace is astonishing. We have investigated threats across the Internet; our personnel are discovering industrial-scale processes involving many thousands of people lying behind both state-sponsored cyber espionage and organized cybercrime." Moreover, the Pentagon recently observed in a report that this threat is becoming more challenging (especially since one of the primary countries conducting these activities is China). Commenting about these issues the report observed, "China will continue to be an aggressive and capable collector of sensitive U.S. technological information, including that owned by defense-related companies, and represented a growing and persistent threat to U.S. national security." This is showing how the threat of cyber espionage is increasing exponentially every day. (Blitz, 2012)

The case involving Titan Rain started in 2003. What happens is the Chinese government has formed tens of thousands of cyber militias around the country. This is where the Peoples' Liberation Army (PLA) will seek out part time civilian hackers to identify vulnerabilities in U.S. And European networks. The basic idea is to use these individuals to continually target a number of different security flaws, exploit them and steal classified information undetected. (Witman, 2011)

The way Titan Rain worked was to seek out vulnerabilities using a scanner program that searched for weaknesses inside the Department of Defense (DOD) systems. This was accomplished by identifying single computers that were most vulnerable. After the scan was completed, is when a list of targets was selected and the hackers returned to steal information without being detected. This process was repeated over and over again (by going after any computer that they felt was vulnerable). Over the course of the night and early morning hours, is when these attacks were conducted. This is because the operator would more than likely be off the machine (which allowed hackers several hours to go through the files). Below is a list of a few of the most significant targets attacked on November 21, 2004. (Thornburgh, 2005)

10:23 PM: The U.S. Army Information Systems Engineering Command at Fort Huachuca, Arizona.

1:19 AM: Defense Information Systems Agency in Arlington, Virginia.

3:25 AM: Naval Ocean Systems Center (a defense department installation in San Diego, California).

4:46 AM: United States Army Space and Strategic Defense installation in Huntsville, Alabama. (Thornburgh, 2005)

For nearly two years, this group was able to anonymously attack hundreds of DOD computers. This gave them access to select amounts of classified information on different operating procedures. Once this occurs, is when the data could be used to exploit future vulnerabilities or to completely shut down entire networks. (Thornburgh, 2005)

The reason why these attacks were conducted was to provide the PLA with information about DOD operating procedures. Single computers had limited amounts of security blocks and they could provide access to a range of documents. When this happens, these individuals can use the information to conduct more coordinated attacks in the future.

Evidence of this can be seen with comments from Maj. Gen. William Lord (the Director of the Air Force's Office of Warfighting Integration and Chief Information) who said, "China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD's Non-Classified IP Router Network). They're looking for your identity so they can get into the network as you. Chinese hackers had yet to penetrate DOD's secret, classified network. This is a nation-state threat by the Chinese." (Onley, 2006) These comments are showing how there is a concentrated effort to steal the identity of U.S. military personnel and use this as way to access classified information. Although this has not been successful in accessing top secret information, the odds only increase that the group will be successful in achieving these objectives. (Onley, 2006)

How were the attacks conducted?

Like what was stated previously, these attacks were conducted using a single scanner program that targeted vulnerabilities of individual computers inside the DOD. This allowed the hackers to compile an updated list of computers that were the most susceptible. Moreover, the customized the program focused on specific IP addresses. This allowed the group to search specific categories when looking for vulnerabilities. Once a computer system has made the list, is when hackers will return within one to two days and begin quickly exploiting these weaknesses. Over course of several hours, is when they will steal as many documents as possible.

Since this time, these kinds of attacks have been increasing in frequency. A good example of this can be seen with an attack on Britain's Ministry of Defense computers in 2007 (which briefly shut down the House of Commons network). What made the situation worse is single computers were exploited for their vulnerabilities. The information that was collected was used to conduct future attacks that were more devastating. This is illustrating how Titan Rain is using a simple scanner program to identify and exploit potential weaknesses. Once this is discovered by hackers, is when they will return (during times where there is a low probability of being detected). (Taylor, 2007)

As result, these coordinated attacks are designed to steal information and identities (which can be used to gain access to more classified information). Over the course of time, this has led to a focus on improving these techniques. Once this took place, is when these attacks began to move beyond the DOD and focus on U.S. allies / contractors. In many ways, one could argue that the simplicity of the techniques and lack of system vulnerabilities are what is making them so successful.

How the attack could have been prevented?

To prevent these kinds of attacks there needs to be better amounts of coordination. The way that this can occur is to improve the security provisions on single computer systems. One possible approach is to integrate different security procedures together to increase the total amounts of protection against eternal threats. This would make it difficult for hackers to exploit these simple vulnerabilities. (Thornburgh, 2005) ("Federal Plan for Cyber Security," 2012) ("Improving Our Nation's Cyber Security," 2011)

Moreover, some kind of monitoring will need to take place. During these kinds of situations, some kind of software could be installed that will detect and report possible vulnerabilities to the user. This will make it more difficult for hackers to be able to quietly break into and exploit the vulnerabilities on individual computers. (Thornburgh, 2005) ("Federal Plan for Cyber Security," 2012) ("Improving Our Nation's Cyber Security," 2011)

Once this occurs, is when increased amounts of collaboration will need to take place. In the case of Titan Rain, what made it so successful is the lack of communication among DOD officials about potential problems. Evidence of this can be seen with Shawn Carpenter. He is a 36-year-old intelligence analyst that worked with Sandia National Laboratories. At the same time, was working as a confidential informant for the U.S. Army and the FBI. His assignment was to track down where this threat was coming from and the overall scope of the breach. In the beginning he thought that this…[continue]

Cite This Term Paper:

"Cyber Espionage As An Emerging Threat" (2012, July 31) Retrieved October 24, 2016, from

"Cyber Espionage As An Emerging Threat" 31 July 2012. Web.24 October. 2016. <>

"Cyber Espionage As An Emerging Threat", 31 July 2012, Accessed.24 October. 2016,

Other Documents Pertaining To This Topic

  • History of Cyber Crimes

    Cybercrime, Cybercriminals, And Cybercops Cybercrime Cybercrime has long been perceived to represent new crimes arising from the emergence of technological advancement, but an examination of the history of cybercrime reveal that its roots are as ancient as the crimes of fraud, harassment, and malicious property damage. The history of cybercrime is reviewed briefly here, as are the challenges faced by law enforcement efforts to curb cybercrime. Some gains have been realized, such

  • Computer Security Information Warfare Iw

    His study includes the following; The U.S. government through the executive to provide appropriate leadership to steer the country in the domain of cyber security. The state to conduct immediate risk assessment aimed at neutralizing all the vulnerabilities. The creation of an effective national security strategy as well as the creation of an elaborate national military strategy. Molander (1996) uses a qualitative research approach and methodology .The method used is constructive. The constructive

  • Forecasting Future Trends in Digital Crime and Digital Terrorism

    Forecasting Future Trrends in Digital Crime And Forecasting Future Trends in Digital Crime and Digital Terrorism FORECASTING FUTURE TRENDS IN DIGITAL CRIME AND 1 Forecasting Future Trends in Digital Crime and Digital Terrorism Cybercriminal threats that have been going on in the U.S. result in important financial losses. Nevertheless the threat against financial organizations is just a small section of the issue. Likewise of thoughtful concern are considered to be threats to critical substructure,

  • Internet the Globalization of the

    S. stays one step ahead of the hackers. This is not easy, but the DoD could not have possibly thought it would be. Proper defenses, enhanced offensive capabilities and strategies to reduce risk by taking some sensitive data offline will all work to deliver better results in e-spionage of the United States. The Internet has become globalized, and nothing can take that back. That there are threats as the result of

  • Metrics Implementation and Enforcement Security Governance

    Metrics, Implementation, and Enforcement (Security Governance) How can you determine whether there has been a malware outbreak? The threat situation today has become more dangerous than in the past. Security and safety threats have been increasing in an alarming rate; there are more than 70,000 brand new bits of malware recognized daily. Well-funded cybercriminals have been currently making advanced malware that has been made to bypass present security options by launching prior

  • Security Policies Given the Highly

    If not, what other recommendations would you make to Harold? Explain your reasons for each of recommendations. No, the actions that were taken by Harold are not adequate. The reason why, is because he has created an initial foundation for protecting sensitive information. However, over the course of time the nature of the threat will change. This could have an impact on his business, as these procedures will become ineffective.

  • Technology Has Corrupted Society as

    Civil penalties, if pursued by an organization such as the RIAA, can range from a minimum of $750 per song to thousands of dollars per song. Due to the civil lawsuits filed by the RIAA, piracy awareness rose from 35% to 72%. The RIAA has since stopped its broad-based end user litigation program [RIAA 2010]. The Internet has also facilitated the disturbing trend of cyber-bullying and cyber-harassment. Attempts to curb

Read Full Term Paper
Copyright 2016 . All Rights Reserved