I feel we've just been introduced to the realities of the new world of warfare.
Getting inside information on Google, Adobe, etc, would be of immense value for cyberwar. I don't think the information is as nearly useful for economic purposes as it is for making new software weapons. Every bit of source code or critical system you access gets you more information your teams can analyze for "0-day exploits" and more backdoors/trojans you can place to get more access to more networks whenever you need.
Imagine you've amassed a lot of brilliant computer scientists and security experts. Getting access to source code and installing trojans would be of immense value to you because you'd be sitting on a huge stockpile of weapons just waiting for you to analyze them in parallel long after you've infiltrated (and even if you were detected/shut-off). If we're seeing exploits streaming out of small security firms and off-shore spammers--- imagine the wealth of exploits a well-funded military division would be able to come up with. Now imagine you wanted to stay competitive with other such militaries... To them the means to get new weapons is more important (in a meta-sense) than pretty much anything else.
From my arm chair, I'd say for weapons of mass cyber influence the most prized possessions would be:
(1) control over the pipes (presumably the U.S. has this for a lot of key stuff, but these backdoors, too, might be exploitable)
(2) unknown exploits in common software
(3) control of highly/specially trafficked systems/services
(4) unknown exploits in specialized software
I'm not trying to make anyone paranoid, but it does seem to me that this sort of infiltration into corporations and government software/systems would be just as valuable to any country anywhere that had a powerful high-tech army. A weapon is a weapon and would be just as valuable to anyone.
There are only a few places that could coordinate attacks like these. We'd have to assume military-- the only other real option being organized crime (with their growth in this economy).
As such, I put it at, maybe, 80% chance that the attacks from China were from Chinese military sources, but (given motive, skill, and funding) there's at least 10-15% chance these are actually coordinated by the U.S. military or intelligence agencies themselves and pinned solidly on China. The remaining 5-10% or so falls on other militaries or maybe brilliant criminals.
If I was thinking like a cybergeneral, I would want someone else to be scrutinized other than myself. I might even specifically seek out companies important to me that also did business with my opponents so that it was easier to pass the blame. I feel the U.S. intelligence/military probably has the cleverness to make that all happen if they wanted. I very much doubt they did so, but I think we're silly to ignore the possibility.
What we really need to stop ignoring is that our software and systems are actually turning into weapons. I think the days of idle worry over spambot exploits is behind us--- now we have to imagine that your favorite websites, your business servers, and your home PCs are pawns in a very big game of chess.
You're doing a good job at it, however! Your scenario reminds me of Issac Asimov's Foundation series, particularly where the Foundation had the ability to disable its enemies' technological, nuclear in this case, infrastructure, as their enemies little understood it themselves.
Coming back to reality, it's not the case that Adobe, et al, poorly understand their own software, simply that only they could see its potential problems, being as it's closed-source. I'm somewhat biased, but in your scenario it would be much better to give the souce code a larger audience, via open sourcing it, to negate, albeit not entirely, the prevalence of such government-researched 0-day exploits.
I think the chess analogy is fundamentally flawed. You're presuming that there's a Chinese "chessmaster". Instead, as we have seen from all sorts of phenomena, from the Anonymous protests against Scientology to Al Qaeda terrorism, distributed movements with no central control are as powerful (and, in many cases, more powerful) than centralized armies.
Where you envision a controlled, organized hacking scheme organized by the Chinese military, I see a widespread group of nationalistic Chinese hackers employing whatever means are at their disposal to advance Chinese interests and disrupt Western businesses and governments. The threat might be the same, but the way one responds is vastly different.
"Instead, as we have seen from all sorts of phenomena, from the Anonymous protests against Scientology to Al Qaeda terrorism, distributed movements with no central control are as powerful (and, in many cases, more powerful) than centralized armies."
Are you sure the Anonymous have done any long term damage to Scientology? Or that Al-Qaeda actually achieved anything meaningful against the occident? If you look at history, those who are more centralized are always the ones how are the more powerful. Up until the point they become too big and things start to break down. After that, it's back to normal and the more centralized win. Short-term imperialism and attempts at unification throughout history gives us good examples of how things unfold.
There's certainly a lot of nationalistic Chinese hackers, but I don't think they could pose any significant threats. The best they could do is adding noise so that the "real" government hackers go undetected. They would also become dangerous if coordinated by the government, but at that point they're no longer decentralized.
I think decentralization have its advantages when considered in the right context. But politics and religion are all about centralization and always have been.
Getting inside information on Google, Adobe, etc, would be of immense value for cyberwar. I don't think the information is as nearly useful for economic purposes as it is for making new software weapons. Every bit of source code or critical system you access gets you more information your teams can analyze for "0-day exploits" and more backdoors/trojans you can place to get more access to more networks whenever you need.
Imagine you've amassed a lot of brilliant computer scientists and security experts. Getting access to source code and installing trojans would be of immense value to you because you'd be sitting on a huge stockpile of weapons just waiting for you to analyze them in parallel long after you've infiltrated (and even if you were detected/shut-off). If we're seeing exploits streaming out of small security firms and off-shore spammers--- imagine the wealth of exploits a well-funded military division would be able to come up with. Now imagine you wanted to stay competitive with other such militaries... To them the means to get new weapons is more important (in a meta-sense) than pretty much anything else.
From my arm chair, I'd say for weapons of mass cyber influence the most prized possessions would be:
(1) control over the pipes (presumably the U.S. has this for a lot of key stuff, but these backdoors, too, might be exploitable)
(2) unknown exploits in common software
(3) control of highly/specially trafficked systems/services
(4) unknown exploits in specialized software
I'm not trying to make anyone paranoid, but it does seem to me that this sort of infiltration into corporations and government software/systems would be just as valuable to any country anywhere that had a powerful high-tech army. A weapon is a weapon and would be just as valuable to anyone.
There are only a few places that could coordinate attacks like these. We'd have to assume military-- the only other real option being organized crime (with their growth in this economy).
As such, I put it at, maybe, 80% chance that the attacks from China were from Chinese military sources, but (given motive, skill, and funding) there's at least 10-15% chance these are actually coordinated by the U.S. military or intelligence agencies themselves and pinned solidly on China. The remaining 5-10% or so falls on other militaries or maybe brilliant criminals.
If I was thinking like a cybergeneral, I would want someone else to be scrutinized other than myself. I might even specifically seek out companies important to me that also did business with my opponents so that it was easier to pass the blame. I feel the U.S. intelligence/military probably has the cleverness to make that all happen if they wanted. I very much doubt they did so, but I think we're silly to ignore the possibility.
What we really need to stop ignoring is that our software and systems are actually turning into weapons. I think the days of idle worry over spambot exploits is behind us--- now we have to imagine that your favorite websites, your business servers, and your home PCs are pawns in a very big game of chess.