The Chinese Government & Peoples Liberation Armys use of Information Warfare (IW) ~ Cyber Warfare

ISBN: 9781849283342

By William T. Hagestad II February 29, 2012 Executive Summary

Problem/Opportunity Statement
With increasing frequency, news of cyber-attacks by the Peoples Republic of China (PRC) intrude our daily consciousness in the form of newspaper articles, magazine exposs and even loose attribution by official government sources within many western nations. However, since 1995, there have been no direct 100% proof positive links of attribution or definitive evidence given to a cyber-hack having originated within or from China. This Capstone seeks to define what organizations within the PRC may have the motive, opportunity and opportunity for carrying out cyber based hacking attacks against other non-Chinese nation states. Note: For this paper, the term cyber warfare is defined as the calculated use of both offensive and defensive computer network attacks (CNA) and computer network exploits (CNE) to take advantage of computer network vulnerabilities (CNV) at the geo-political level, nation to nation, fighting in what is now defined as the 5th dimension cyber space. A military doctrine which includes the use of net centric warfare (NCW), including but not limited to the use of CAN and CNE as a part of computer network operations (CNO) is called information warfare (IW).

Results & Recommendations

Conclusions of the research and accompanying analysis indicate that there is a direct and quantifiable historical linkage between the Peoples Republic of China and cyber warfare. This correlation is divided into three sectors as a nation state information warfare initiative; these three separate and distinct aspects are the Communist Party of China (CPC), the Peoples Liberation Army (PLA) and commercial corporate entities. Given current events in the U.S. Department of Defenses (DoD) 5th domain of warfare, cyber and information warfare, the conclusion can be made that indeed there are clear and present dangers emanating from cyber-space, whether it is an individual acting alone, a non-governmental organization (NGO), a military or even a government sponsored cyber initiative. However, at some point the research must conclude and a response from the U.S. is imminent. It is fair to say that there is a true danger from the Peoples Republic of China from a cyber-warfare perspective. The China cyber threat is omnipresent and is manifested by official Communist Party of China (CPC) edicts, the Peoples Liberation Army, commercial enterprise espionage and civilian hacktivists.

Table of Contents
Executive Summary ........................................................................................................................ 1
Problem/Opportunity Statement ............................................................................................................... 1 Results & Recommendations .................................................................................................................... 2

Table of Contents ............................................................................................................................ 3 Introduction ..................................................................................................................................... 5

Motivation of the Peoples Republic of China ......................................................................................... 5 Detailed Statement of the opportunity/problem ....................................................................................... 6 Defining the Chinese cyber-warfare motivation ....................................................................................... 8 Statistics of cyber-warfare ........................................................................................................................ 9 Detailed Analysis of the Peoples Liberation Army (PLA) ...................................................................... 9 The PLAs Information Warfare Doctrine ................................................................................................ 9 Motivations of the State Owned Enterprises (SOE) & the PLA ............................................................. 10 Case studies of PLA cyber-attack methodology ..................................................................................... 10 Examples of Alleged Cyber-Attacks....................................................................................................... 10 PLA IW Command Structure.................................................................................................................. 10 Timeline of Chinese Cyber-Warfare ....................................................................................................... 10

Description of paper methodology................................................................................................ 12 Statistics of the Cyber Warfare Threat.......................................................................................... 12 Statistics of the Chinese Cyber Warfare Threat ............................................................................ 14 Overview of the Attackers ............................................................................................................ 17
The Peoples Republic of China Communist Party of China (CPC) .................................................. 17 Peoples Liberation Army (PLA) ........................................................................................................... 18 State Owned Enterprises (SOE) ............................................................................................................. 18 Civilian Hackers (Hacktivists) ............................................................................................................... 18 3

Detailed Analysis of the Peoples Liberation Army (PLA) .......................................................... 19

History & Origins of Information Warfare in the Peoples Republic of China ...................................... 19 Enemies at the Firewall .......................................................................................................................... 20 Organization of the Peoples Liberation Army (PLA) Cyber Attack Command .................................... 25 Origins of Information Warfare PLA Cyber Command (network attack command) ............................. 27

Chinas Thousand Grains of Sand .......................................................................................................... 29 Eight Pillars of the PLAs Cyber Warfare Strategy: Why is the PLA pursuing Cyber Warfare? .......... 29

Conclusions of applying the Eight Pillars of Unrestricted Chinese Warfare to the Peoples Liberation Army use of Information and Cyber Warfare ........................................................................................ 36 Chinese State Owned Enterprises (SOE) & the PLA............................................................................. 37 Where is the alleged Chinese Cyber Warfare Threat Coming From?.................................................... 44 OMITTED.............................................................................................................................................. 44 Specific Alleged Peoples Republic of China Cyber Attacks ................................................................ 44

Analysis of the information collected ........................................................................................... 47 Results of the research and analysis and conclusions ................................................................... 48 Recommendations for a solution to the problem .......................................................................... 48 References ....................................................................................................................................... 1
Appendix A Significant Peoples Liberation Army (PLA) Information Warfare Personalities ............ 4 Appendix B 11 -Year Timeline of Chinese Cyber Warfare Attacks...................................................... 7

From The Eight Pillars of Chinese Warfare (

Key personalities of Chinese Information Warfare

.............................................. 27

) ........................................................................... 29

Introduction
Motivation of the Peoples Republic of China

The motivation of the Peoples Republic of Chinese to conduct cyber-warfare is comprised of fear, self-preservation and hegemony. China, also known as the Middle Kingdom, has a centuries old history of being invaded by foreigners, or outsiders, in fact the Chinese characters or symbols for foreigner are derogatory and mean outsider, non-Chinese. literally means outsider, and the English Pin Yin pronunciation is Wigu rn. Thus, based upon a history of invasions, the Chinese have developed a very strong sense of defending themselves. From Sun Tzus Art of War treatise, which details how commanders in the ancient Chinese armies were to conduct battle both tactically and strategically, to the Thirty Six Strategies of Ancient China, which explain economic, political and psychological tactics and strategies for dealing with Wigu rn to Sun Pins Military Methods(great grandson of Sun Tzu) which further elaborated on the Art of War, bringing more military clarity and definition of purpose to martial China; and finally Military Methods and the Seven Military Classics of Ancient China, of which the Art of War was only one of the seven allowed to be seen outside of the Ancient Imperial Chinese Government, these classics explain in great detail how to overcome, through a combination of political, economic, espionage, military, psychological and strategic means enemies of China, the Wi gu rn, . While the Chinese outwitted, out maneuvered their opponents in the Forbidden City and on the battlefield, they were still subject to abject humiliation by foreign invaders. Over centuries the Chinese tried to physically stop the mass invasions by building one of the Seven Wonders of the World, the Great Wall of China. To no avail, the Mongols, Marco Polo and others simply went around the wall or through it at various geographic locations. It is with an understanding of Chinese history from 500 B.C. through the various dynasties, repeated invasions by the Mongols led by Ghengis Khan and his sons, to the Boxer Rebellions in 1910, to the subsequent invasion by the Mao Tse Tung supported and endorsed Japanese invasions of the 1930s and 1940s, that one starts to minimally understand the motivations of the Peoples Republic of China for carrying out cyber-warfare: they want to be
5

first to the cyber fight, demonstrate to the world that they have dominance and proactively defend their country against would be cyber attackers. Todays Chinese cyber-warfare is born of official CPC edicts that the PLA and others, e.g., SOE and hacktivists, will conduct cyber warfare in the form of hacking other nation states to gain intelligence on possible operations which could harm China, and gathering economic information that will shed light on where natural resources are located, such as oil, natural gas, and rare earth minerals that will support Chinas economic and national interests. It is this last statement which is the underlying reason behind Chinas forays into cyber space beyond their borders which is currently causing so much concern for both world leaders as well as multi-national corporate leadership. No country is safe, no corporation is safe; those who think they have not been cyber-compromised already have been, and either cannot admit it or simply do not know it yet.

Detailed Statement of the opportunity/problem

Defining the Chinese Cyber Threat is extraordinarily complex because it is ever changing and constantly evolving. A professional consideration and complete understanding of the distinct threat by the Peoples Republic of China (PRC) in cyber space must include an examination of the Communist Party of China (CPC), the Peoples Liberation Army (PLA), commercial Chinese enterprises (CCE) and Chinese citizen hackers (CCH). Initially this examination of the Peoples Republic of China and her use of information warfare began in 1995, however, in the past 12-14 months the notoriety and significance of this issue has engulfed the United States Government (USG), US Department of Defense (DoD), as well as British, German, French and US commercial businesses. Currently, the cyber warfare threat from the PRC has created such a negative response amongst military officials worldwide that indirect and oblique references without careful attribution have mandated as necessary an official policy of defending and now attacking those countries that would use cyber space to attack them.1 Furthermore, the examination of the cyber warfare threat from China will include the Communist Party of Chinas formal legislation and edict regarding the use of information

SIOBHAN GORMAN And JULIAN E. BARNES, Cyber Combat: Act of War Pentagon Sets Stage for U.S. to Respond to Computer Sabotage With Military Force, accessed on 14 JUL 2011 via the World Wide Web at http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html

warfare, and the Peoples Liberation Army (PLA) understanding and intent for planning a distinct government sponsored information warfare doctrine. The Communist Party of China (CPC) which is the Government, the Peoples Liberation Army (PLA), numerous State Owned Enterprises (SOE), and Chinese civilians or hacktivists, are all involved in information warfare. The CPC, PLA, hacktivists and SOEs have developed a very sophisticated cyber warfare capability, their methods are intentional and the targets of their computer network attacks (CNA) and computer network exploits (CNE) are as divergent as the Mandarin Chinese language. Cyber threat vectors the government, military, commercial enterprises and citizens are using to gain knowledge and sensitive information include fundamental computer hacking methods, knowledge and sophisticated information warfare techniques that have left no trace of their activities, and angered, puzzled and frustrated the most experienced information technology security professionals in the world. The Chinese allegedly have exploited weaknesses of nation states including the United States, Australia, England, Canada, France, Germany, India, Pakistan, Japan, Taiwan, South Korea, Vietnam and many others via the public Internet and World Wide Web. It is widely reported that the Chinese allegedly invade countries worldwide electronically for the purposes of data exfiltration and gaining competitive economic advantage, while inculcating disruptions in Internet service of countries and organizations who criticize the Chinese political system. The question then of nation state cyber and information warfare brought upon by the Peoples Republic of China will be examined in specific detail during this Capstone thesis argument and will include who is involved, their organization, the culture, history and motivations for carrying out this borderless information war. The distinct challenges the western world faces in terms of potential cyber-attacks from the PRC are daunting and include the facets of one-upmanship, similar to the nuclear threat faced by the former Soviet Union. However in this case cost of conducting an adequate cyber defense is frustrated by the necessity to counter attack. Information Warfare doctrine in the United States, for example, only consists of alerting and defensive measures2. An effective cyber warfare program consistently and effectively applies a

Report of the Defense Science Board Task Force on Information Warfare-Defense (IW-D), November 1996, Office of the Under Secretary of Defense for Acquisition & Technology accessed 14 JUL 2011 via the World Wide Web at http://cryptome.org/iwd.htm

cogent IW doctrine by identifying threats, mitigating these threats based upon the risk, and then countering with a similarly proactive and effective IW offensive capability. This cyber threat of warfare threat mitigation methodology is described below in Figure 1.

Figure 1: Information Warfare (IW) Power Zone. Nation states have the opportunity to mount effective cyber counter attack programs by incorporating in their IW doctrines these three tactics.

Defining the Chinese cyber-warfare motivation

Specific references regarding the definition of Chinese cyber-attackers includes describing motivation of the Peoples Republic of China (PRC) to conduct cyber-warfare; (1) Qiao Liang and Wang Xiang sui, Unrestricted Warfare, PLA Literature and Arts Publishing House, Beijing, February 1999 which is a translation of two senior colonels in the Peoples Liberation Army Air Force (PLAAF) theories of modern Chinese warfare including the use of information warfare to defeat the West, most notably the United States3.

Qiao Liang and Wang Xiang sui, Unrestricted Warfare, PLA Literature and Arts Publishing House, February 1999

Statistics of cyber-warfare
Quantifying both the international impact of cyber-warfare as a general security concern and the more specific nature of the alleged Chinese cyber-threat came from a variety of online resources including the U.S. Department of Defense4, United States Strategic Command5 and various online resources listed in citations 6 31 in the footnotes and references.

Detailed Analysis of the Peoples Liberation Army (PLA)

A review of the history and origins of information warfare as an official doctrine came from a variety of online resources including new stories about the alleged Chinese cyber-threat as reported by CNN and from official U.S. DoD reports regarding an analysis of the Chinese Governments ability and motivation to use cyber-attacks to gain an advantage economically and militarily, these references are found within the footnotes below citing numbers 32 56.

The PLAs Information Warfare Doctrine

Persistent intelligence gathering and developed mature cyber-espionage were found in a number of references cited beginning with number 57 - 61, James Dunnigans Thousand Grains of Sand discourse on irregular warfare and the use of information warfare to advance Chinas strategic objectives. Sun Tzus Art of War, reference 62 67 established the basis for the 8 Pillars of unrestricted warfare, while references 68 72 offered insight from both the authors of Unrestricted Warfare, Senior Colonel Qiao Liang and Wang Xiang sui as well as the father of modern Western counter-insurgency doctrine, David Kilcullen of Her Majestys Royal Australian Army.

Cyber Strategy, U.S. Department of Defense, accessed 12 JUL 2011 via the World Wide Web at http://www.defense.gov/home/features/2011/0411_cyberstrategy/
5

U.S. Cyber Command, United States Strategic Command accessed 13 JUL 2011 via the World Wide Web at http://www.stratcom.mil/factsheets/cyber_command/

Motivations of the State Owned Enterprises (SOE) & the PLA

A review of alleged Chinese-cyber-attacks based on Western corporate entities by Chinese SOE and the PLA is referenced via reports from McAfee and various on-line news agencies such as Security News Daily, Bloomberg News, and the BBC in the footnotes from citation numbers 74 103.

Case studies of PLA cyber-attack methodology

OMITTED.

Examples of Alleged Cyber-Attacks

Citations 107 119 provided information again from McAfee regarding specific examples of alleged cyber-attacks originating from within the PRC. Additional open source resources such as TechCrunch, Frank Saxtons unix designs webpage, helped describe some of the alleged cyber-attack methodologies theorized to have been used from within the PRC to attack Western governments and corporations. Homeland Security Newswire website also provided open source reports about alleged Chinese cyber-attacks on the French G-20 economic summit.

PLA IW Command Structure

The website China Vitae provided a significant wealth of information pertaining to the personalities and biographies of the significant Chinese military officers behind the PLAs Cyber Command IW doctrine; these are referenced within the footnotes as citations numbered 122 127.

Timeline of Chinese Cyber-Warfare

An 11-year timeline of alleged Chinese cyber-attacks constituting cyber-warfare came from a variety of open sources on the World Wide Web including those found in citations 128
10

197 all of which are in the footnotes within Appendix C. Sources include news websites such as CNN, BBC, the UKs Telegraph, the SecDev Group, and many other open source resources.

11

Description of paper methodology

The project of defining the cyber threat from the PRC had several distinct steps to it. Project milestones were stating the specific problem the cyber threat from China creates, providing fundamental statistics of both international cyber warfare and loosely attributed cyberattacks by the PRC, identifying the major players within China who have the means, opportunity and motivation, describing the history of the Peoples Liberation Army (PLA) and their use of unrestricted warfare doctrine, citing specific historical cases of alleged cyber hacking by the Chinese; and finally providing specific systemic evidence of a potential Chinese hacks.

Statistics of the Cyber Warfare Threat

The numbers surrounding the composite cyber warfare threat to the United States are daunting. In 2008, there were a total 54,640 total cyber-attacks against U.S. Department of Defense (DoD)6. However a year later this number of cyber incursions increased dramatically as the DoD reported that in the first quarter 2009 alone, there were a tremendous 43,785 cyber incidents of which the DoD networks were targeted, all told, this was a 60 percent increase over the entire reporting year of 20087. Curiously, in response to this growing number of cyberattacks on its networks, the U.S. military spent more than $100 million in the first six months of 2009 repairing damage caused by cyber-attacks, this statement according Army Brigadier General John Davis, deputy commander for network operations8 In 2011 the U.S. Federal Government will spend $8.3 billion to protect that is defend, its networks and computers from hackers, a year over year budget increase of a staggering 60 percent. A leading indicator of why the U.S. Government and DoD are in the reactive mode, providing a proverbial finger-in-the-dike to the seemingly exponentially growing spate of cyber-attacks, is that both government entities, when considering and procuring cyber defense

Angela Moscaritolo, Report: Cyberattacks against the U.S. "rising sharply", accessed 16 DEC 2010 via the World Wide Web at http://www.scmagazineus.com/report-cyberattacks-against-the-us-rising-sharply/article/158236/ 7 Ibid. 8 Ibid.

12

technologies are still living in the era of ensuring the cyber defense technology is designed according to military specifications (MILSPEC). For example, it takes the Pentagon 81 months to make a new computer system operational once it is first funded. Conversely, in the commercial world the development of the iPhone from initial artist concept, to design and production models for sale to the public, took Apple Corporation just 24 months.9 The U.S. Government and DoD could take a sense of urgency lesson from Apples business handbook. In a speech last year, Deputy Secretary of Defense William J. Lynn said that at the Pentagon alone, there were an estimated 90,000 people engaged in administering, monitoring and defending 15,000 networks connecting 7 million computers.10 As if to answer the need for information security defense, the Pentagons fiscal 2011 budget proposal unveiled in January 2011 described that cyber security would receive a $105 million increase from the previous year. The DoDs sub-command dedicated to cyber warfare located a facility in Fort Meade, Maryland, known as U.S. Cyber Command, is slated for a fiscal 2011 budget of $139 million,11 yet the pronouncements of adding money to a DoD command dedicated to defending the United States against all cyber enemies, both foreign and domestic did not, however, deter hackers from offering U.S DoD .mil websites for sale on the Internet, after they had been hacked.12 The North Atlantic Treaty Organization (NATO) began their implementation of a cybershield plan13 in response to the growing number of cyber hack attacks against their organization. Similarly, and for the same defensive reasons and measures, so have the United Kingdom, Germany, Australia, South Korea, Japan, Taiwan, France and many other nations who have seen and experienced an increase in cyber-related attacks on their networks.

John D. Banusiewciz, Deputy Secretary Lynn Details Anti-Cyber Threat Strategy, accessed on 14 JUL 2011 via the World Wide Web at http://www.defense.gov/news/newsarticle.aspx?id=64351 10 Angela Moscaritolo, Report: Cyberattacks against the U.S. "rising sharply", accessed 16 DEC 2010 via the World Wide Web at http://www.scmagazineus.com/report-cyberattacks-against-the-us-rising-sharply/article/158236/ 11 John J. Kruzel, Cybersecurity Seizes More Attention, Budget Dollars accessed on 26 DEC 2010 via the World Wide Web at http://www.defense.gov/news/newsarticle.aspx?id=57871 12 INFO SECURITY Website, No Byline, Hackers sell access to military and government websites accessed on 25 JAN 2011 via the World Wide Web at http://www.infosecurity-magazine.com/view/15365/hackers-sell-access-tomilitary-and-government-websites/ 13 INFO SECURITY Website, No Byline, NATO begins implementation of cyber shield plan accessed on 25 JAN 2011 via the World Wide Web at http://www.infosecurity-us.com/view/15410/nato-begins-implementation-ofcyber-shield-plan/

13

Statistics of the Chinese Cyber Warfare Threat

The threat of cyber based warfare originating in the PRC has an entirely different set of statistics. According to the Jamestown Foundation, a Eurasian think tank founded by William Geimerk with Arkady Shevchenko, Beijing is rapidly boning up its cyber-warfare capacity and has rapidly became the leading source of information about the inner workings of closed totalitarian societies.14 During Operation Night Dragon, the MacAfee anti-virus company detailed in a report that allegedly Chinese hackers went after energy firms; this took place in the form of a cyber-attack threat occurring for more than four years during which international oil and petroleum companies were attacked via sophisticated SQL injection attacks allowing remote command and control of the target company servers and databases.15, 16 In another report of alleged cyber-attacks occurring from China, hackers used spear-phishing to targeted source code and intellectual property17. Other alleged Chinese hacking attacks were detailed as victims, mostly key employees at more than 20 companies worldwide, including Adobe and Google, received Adobe .pdf files; after these files were opened, the Adobe Reader program executed a zero day vulnerability18 and inserted a backdoor Trojan which connected outbound traffic from the now infected laptop or desktop computer to the hackers on the other end of the digital connection.19, 20

The JAMESTOWN FOUNDATION Website, No Byline, Mission Statement & Origins accessed on 7 FEB 2010 via the World Wide Web at http://www.jamestown.org/aboutus/ 15 Phil Muncaster, Night Dragon Chinese hackers go after energy firms accessed on 12 FEB 2011 via the World Wide Web at http://krypt3ia.wordpress.com/2011/02/28/operation-night-dragon-nothing-new-but-it-bears-somerepeating/ 16 McAfee Labs Website, Night Dragon Overview accessed on 12 FEB 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx 17 Kelly Jackson Higgins, Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property accessed on 14 JAN 2011 via the World Wide Web at http://www.darkreading.com/databasesecurity/167901020/security/attacks-breaches/222300840/index.html 18 PCMAG.COM Website, Definition of: zero-day exploit accessed on 7 JUL 2011 via the World Wide Web at http://www.pcmag.com/encyclopedia_term/0,2542,t=zero-day+exploit&i=55204,00.asp 19 Kelly Jackson Higgins, Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property accessed on 13 JAN 2010 via the World Wide Web at http://www.darkreading.com/databasesecurity/167901020/security/attacks-breaches/222300840/index.html 20 Kim Zetter, Google Hack Attack Was Ultra Sophisticated, New Details Show accessed on 16 JAN 2010 via the World Wide Web at http://www.wired.com/threatlevel/2010/01/operation-aurora/

14

14

Answering the claims that the PRC is behind these cyber-attacks a China military paper urges steps against U.S. cyber war threat.21, 22 Uniquely, a report by the US-China Economic and Security Review Commission (USCC) details Chinese conduct of "aggressive and large-scale" espionage against the United States,23 but it doesnt give specific facts with evidence to support any claims of Chinese cyber-hacking. What is most compelling is that besides the United States, Australia, the United Kingdom and Germany are also very concerned about the Chinese use of espionage to harvest competitive business information24 and have established their own national cyber-defense organizations. According to a recent Reuters special report: (sic) cyberspy vs. cyberspy, China has the edge25, cyber-attacks from China have been steadily increasing in frequency and velocity all with intent and purpose of gathering and harvesting economic information from foreign companies, yet again, no specific attributable evidence supporting statements about factual cyber-borne attacks from China, just that the PRC has a honed and distinct technological advantage when it comes to cyber-espionage. Further information from this report by Reuters, indicated that U.S. defense investigators had uncovered an alleged Chinese Military hacking operation they aptly named "Byzantine Hades"; U.S. investigators indirectly attributed this series of cyber-attacks to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China's People's Liberation Army.26The British intelligence organization, MI5, accused China of cyber-espionage in a leaked report titled The Threat from Chinese

21

Chris Buckley, China military paper urges steps against U.S. cyber war threat (Reuters) accessed on 17 JUN 2011 via the World Wide Web at http://wallstreetrun.com/china-military-paper-urges-stepsagainst-u-s-cyber-war-threat-reuters.htm 22 Ibid. 23 Jeremy Reimer, Report: Chinese conduct "aggressive and large-scale" espionage against US accessed on 7 JUL 2011 via the World Wide Web at http://arstechnica.com/security/news/2007/11/report-chineseconduct-aggressive-and-large-scale-espionage-against-us.ars 24 Ibid. 25 Brian Grow and Mark Hosenball, Special report: In cyberspy vs. cyberspy, China has the edge accessed on 14 APR 2011 via the World Wide Web at http://www.reuters.com/article/2011/04/14/us-china-usacyberespionage-idUSTRE73D24220110414 26 Ibid.

15

Espionage; in the report, which was sent to a variety of British corporate and governmental leaders,27 it candidly details electronic espionage as a specific cyber-attack threat vector.28 The Virtual Criminology Report found that attacks had progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage,29 while not naming the PRC as the source of the cyber-probes, the report attempts to build a case for attribution to the PRC. China says it is not involved in cyber warfare with U.S., according to Chinese Vice Foreign Minister Cui Tian kai.30 Yet, in an academic paper by Wang Jian wei, a graduate engineering student in Liaoning, China, includes specific and explicit details for methods to hack the U.S. energy grid. Subsequently this research paper of course set off numerous DHS and DoD alarms in the U.S.31 Statistics of the Peoples Republic of China cyber threat to the United States military are a small fraction of the overall known threat. This project examines the foundations of the Chinese Governments intent and motivation through an examination of the Peoples Liberation Army (PLA), Commercial Enterprises, their theft of intellectual property and the use of Chinese civilians to carry out a variety of cyber based hacks and malware based assaults. One statement is absolutely true: the statistics and facts surrounding the Chinese-based cyber threats are evolving daily and infinitely unceasing.

Lucas Constantin, MI5 Accuses China of Cyber-Espionage accessed on 7 JUL 2011 via the World Wide Web at http://news.softpedia.com/news/MI5-Accuses-China-of-Cyber-Espionage-133681.shtml 28 Rhys Blakely, Jonathan Richards, James Rossiter and Richard Beeston, MI5 alert on Chinas cyberspace spy threat accessed on 7 JUL 2011 via the World Wide Web at http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article2980250.ece 29 Ibid. 30 Don Durfee, China says no cyber warfare with U.S. accessed on 22 JUN 2011 via the World Wide Web at http://www.reuters.com/article/2011/06/22/us-china-usa-cyberwar-idUKTRE75L1VJ20110622 31 JOHN MARKOFF and DAVID BARBOZA, Academic Paper in China Sets Off Alarms in U.S. accessed on 15 JAN 2011 via the World Wide Web at http://www.nytimes.com/2010/03/21/world/asia/21grid.html

27

16

Figure 2: Heat map of inbound and outbound cyber-attacks over a 48-hour period South China Region32

Overview of the Attackers

The Peoples Republic of China Communist Party of China (CPC) The CPC is the key governmental and political powerbase behind cyber-warfare in the Peoples Republic of China.33 President Hu Jin tao has made an official proclamation that the Peoples Liberation Army (PLA) is to conduct cyber warfare in the name of Chinese selfpreservation. Vice President XI, President Hus most likely successor, also has the strategic

32

AKAMAI Website. No Byline, accessed on 25 JAN 2011 via the World Wide Web at http://www.akamai.com/html/technology/dataviz1.html 33 Russell Hsiao, Chinas Cyber Command?, accessed 22 JUL 2010 via the World Wide Web at http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews[tt_news]=36658&tx_ttnews[backPid]=414&no_c ache=1

17

technical vision that information warfare will be carried out by the PLA, State Owned Enterprises (SOE) and citizen hackers, or hacktivists. Peoples Liberation Army (PLA) The PLA, until only recently has little shed on it information warfare (IW) operations. Their official cyber command was started only in 2010. Prior to 2010 the PLAs organizational structure for information warfare was fairly fractured and geographically separated amongst the seven regional military commands. Command structures within the PLAs information warfare mission were generally based around significant universities who had developed computer science programs, significant bandwidth to the Internet and CPC over watch in the form of political officers. Examples of the early information units were found at Beijing University, Tsing Hua University and many others spread across the Peoples Republic of China. State Owned Enterprises (SOE) State Owned Enterprises in the Peoples Republic of China originally formed during the immediate post Mao economic reform under Deng Xiao Peng and were called collectives. This is an important nuance when it comes to understanding the commercial cyber threat vector as these original collectives, which were supported by provincial governmental authorities, are now mature, successful multi-national commercial enterprises who have found themselves having to compete on the world stage, without the benefit of knowing how to compete fairly. As a result, these SOEs, who all have direct and indirect ties to the PLA, will use cyber espionage to gather corporate knowledge which will give them an unfair advantage over their competition. Civilian Hackers (Hacktivists) Chinese Hacktivists are an interesting and very dangerous element of the Chinese cyber threat personality parade. Currently they are a very dire problem for the CPC and PLA alike, essentially uncontrollable. Hacktivists use very sophisticated hacking tools and methods in their efforts. Their original main purpose, which was supported by both CPC and PLA, was to keep the honor and pride of China pure. For example, Taiwan and Japan have been repeated targets for Chinese hacktivists. The reasons include reminding Taiwan through web defacement that they are still a province of China, albeit a runaway province. Japan has never been forgiven by the Chinese for the crimes and atrocities they carried out against the Chinese people during the
18

1930s and throughout World War II, specifically the rape and pillaging of Nan Jing and the series of chemical warfare attacks in the Inner Mongolian city of Baotou.

Detailed Analysis of the Peoples Liberation Army (PLA)

History & Origins of Information Warfare in the Peoples Republic of China

The history of Cyber Warfare in the Peoples Republic of China is, in relative Internet terms, very mature. Beginning on May 03, 2001 China warned the Western Hemisphere of massive hack attacks.34 In 2002 based upon the informatization proposal within the PRC, , the global energy industry saw an emergence of fundamental targeted cyber-attacks worldwide. During a speech before the 16th Party Congress, Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, stated two informatization edicts be undertaken by the Politburo and the PLA; these were35 Critical Infrastructure, specifically the energy sector, is focus of Chinas Information War and Threats due to the connection and interdependence of their information systems with the open Internet, make it a great target, such as the existing power grid in the United States or any foreign country. Why is the Grid such an invaluable target for the Chinese hacking efforts? A modern history in narrative format provides with the following popular examples of indirectly attributed Chinese cyber-warfare. In 2007 GhostNet was an International Cyber Espionage Ring based out of Ling Shui near Hai Nan Island. After over 18 months, a consortium of international law enforcement investigators and researchers from the Munk Institute in Toronto, Canada uncovered deliberate cyber evidence linking the Peoples Liberation Army and the Peoples Republic of China Government to cyber espionage.36 During 2007 - Titan

CNN World News Website, No Byline accessed on 7 JUL 2001 via the World Wide Web at http://articles.cnn.com/2001-05-03/world/china.hack_1_cyber-war-chinese-cyber-chinese-hackers?_s=PM:asiapcf 35 Office of the Secretary of Defense, Military and Security Developments Involving the Peoples Republic of China 2010 accessed on 28 NOV 2010 via the World Wide Web at http://www.defense.gov/pubs/pdfs/2010_CMPR_Final.pdf 36 Scribd Document Server, No Byline accessed on 30 MAR 2009 via the World Wide Web at http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network

34

19

Rain 37 came into the popular information security consciousness, when it was discovered that numerous U.S. Government defense networks, their servers and computers had been compromised by a foreign cyber threat. The FBI called this massive hack attack Titan Rain because of the size, persistent nature and unceasing deluge of cyber exploitation. What is very interesting about 2008 is that Time Magazine reported that Asian web surfers are rated number one in the world for time spent online38 indicating in a general sense that Chinese hacktivists have more time to learn how to effectively hack and target nation states, companies who would criticize the efficacy of Chinese nationalism. According to a U.S. DoD report called Pentagon: China Cyber Weaponry Poses Threat Internet Gives China a Global Military Presence,39 the Chinese military and civilian leaders have not likely thought through the global and systemic effects of the use of these information warfare capabilities. Pentagon officials assert that last year China apparently targeted computer systems around the world, including those operated by the U.S. government. Although these intrusions focused on exfiltration of sensitive information, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks.40
Enemies at the Firewall

The Qln operating system (QLOS), , is an operating system developed by academics at the National University of Defense Technology in the People's Republic of China, and approved for use by the People's Liberation Army. Based on Mach and FreeBSD, it is designed to add an extra level of security to the QLOS operating system. This Chinese operating system is a similar effort to Security-Enhanced Linux that was originally developed primarily by the U.S. National Security Agency. The first public version of was called Kylin41by the western

Nathan Thornburgh, Inside the Chinese Hack Attack accessed on 26 AUG 2005 via the World Wide Web at http://www.time.com/time/nation/article/0,8599,1098371,00.html 38 Vivian Yeo, Asian web surfers top for time spent online, Internet users in China aged below 25 spend on average 50 percent of their leisure time online, according to a survey accessed on 14 DEC 2008 via the World Wide Web at http://www.zdnet.co.uk/news/networking/2008/12/01/asian-web-surfers-top-for-time-spent-online-39568096/ 39 Eric Chabrow, Pentagon: China Cyber Weaponry Poses Threat accessed on 27 MAR 2007 via the World Wide Web at http://www.govinfosecurity.com/articles.php?art_id=1322 40 Ibid. 41 Dancho Danchev, China's 'secure' OS Kylin - a threat to U.S offensive cyber capabilities?

37

20

world, it was released in 2007.42 Qln, as it is known by the Pin Yin pronunciation is a FreeBSD UNIX-based operating system that was developed in response to the Western World restricting export licensing on the Unix-based operating system. Qln is in use by the Ministry of State Security, (MID), 3rd, 4th & 7th Bureaus, all of whom have responsibility for intelligence gathering, collecting and analyzing with the PLA. The question of where the Chinese cyber warfare threat is coming from then arises, and the answer is everywhere but nowhere, , the Pin Yin pronunciation is W ch bzi qu w ch. The Ling Shui Signals Intelligence Facility, which is run by the Third Technical Department of the PLA and operates very close to the infamous Hainan Island Airfield. Recall the captured US Navy P-3 Orion, during which a Peoples Liberation Army Air Force (PLAAF) crashed into a US Navy P-3 Orion reconnaissance aircraft operating out of Okinawas Kadena airbase. In Figure 3 below there is a geographic representation of Hain Nan Island.

accessed on 13 MAY 2009 via the World Wide Web at http://www.zdnet.com/blog/security/chinas-secure-os-kylina-threat-to-us-offensive-cyber-capabilities/3385 42 Bruce Schneier, Kylin: New Chinese Operating System accessed on 19 MAY 2009 via the World Wide Web at http://www.schneier.com/blog/archives/2009/05/kylin_new_chine.html

21

Figure 3: Map of Hai Nan Island, Peoples Republic of China.43, 44

Based upon the current history and trends of Chinese Cyber Warfare, the question must be asked as to whether or not there is a history of cooperation, confusion or complicity? According to blog authors, Network World China has pledged China has pledged to step up administration of Internet45, essentially stating to the world it will police its own civilian hacktivists ensuring these cyber vigilantes wont create conditions for forced cyber retaliation by commercial entities, nation states or fellow hacking professionals.

Map of Hai Nan Island, Hainan Island - Lingshui Area [Topographic Map] Original scale 1:250,000. Portion of AMS series L500, sheet NE 49-6, U.S. Army Map Service, 1961. (474K). 1UpTravel Website accessed on 16 DEC 2010 via the World Wide Web at http://www.1uptravel.com/worldmaps/china30.html 44 Travel Map of Hainan Island, China, Maps Of China accessed 21 JUN 2011 via the World Wide Web at http://www.maps-of-china.net/province/hainanm.htm 45 Marlyn Williams, China pledges to step up administration of Internet The government is expanding control of the Internet to keep pace with new services accessed on 8 MAR 2011 via the World Wide Web at http://www.networkworld.com/news/2011/030711-china-pledges-to-step-up.html?page=1

43

22

Are economic ties between the U.S. and the PRC greater than cyber domination? Another aspect of the potential for Chinese cooperation by the United States and the seemingly unending stream of cyber-attacks is that perhaps the U.S. does not want to end the cyber-attacks. Two particular nefarious reasons come to mind: the U.S. wanting to enter into a cyber-war situation much like the nuclear arms race with the Russians, and the Peoples Republic of China holds a significant amount the U.S. treasury bond market, and if the US were to potentially anger these Chinese loan holders, the implications for both the U.S. and Chinese economies could be potentially devastating.46, 47 Perhaps even the military, the Peoples Liberation Army (PLA) is asserting itself as the power domain within the Central Communist Party (CPC) edicts and constructs for defending and protecting China. Who are the PLA princelings and why are the important and relevant to the cyber warfare initiative in China? Vice President Xi Jin ping48 is a key figure in Chinas cyber dominance efforts. After the Eighteenth Party Congress in Beijing, Xi will wear three very important leadership hats in the Peoples Republic of China: General Secretary of the Chinese Communist Party, President of the People's Republic of China and equally importantly, Chairman of the Central Military Commission which controls the powerful People's Liberation Army. This significant leadership change will occur during the 2012 CPC plenum. Xis history as a political leader in China is a curious one. He is the only Chinese to have publicly criticized Mao Tse Tungs economic Reform called the Great Leap Forward. This criticism did not come without punishment, as he was sent to a rehabilitation program. However, what is remarkable and important to the current state of cyber war in China is that Xi, after his re-programming was actually promoted under Deng Xia Pengs leadership and further economic reform. Thus, while Xi was seen by Mao as a mutinous Communist Party member, subsequent Chinese political and military leadership have significant confidence in him as visionary who has both

Wayne M. Morrison, Marc Labonte, Chinas Holdings of U.S. Securities: Implications for the U.S. Economy Congressional Research Service accessed on 21 JUN 2011 via the World Wide Web at http://www.fas.org/sgp/crs/row/RL34314.pdf 47 Department of the Treasury/Federal Reserve Board, MAJOR FOREIGN HOLDERS OF TREASURY SECURITIES (in billions of dollars) HOLDINGS 1/ AT END OF PERIOD accessed on 21 JUN 2011 via the World Wide Web at http://www.treasury.gov/resource-center/data-chart-center/tic/Documents/mfh.txt 48 Willy Lam, Crown prince Xi consolidates his position with PLA generals and fellow princelings accessed on 25 JAN 2011 via the World Wide Web at http://www.freepressers.com/2011/01/crown-prince-xiconsolidates-his-position-with-pla-generals-and-fellow-princelings/

46

23

mother Chinas well-being in mind and the ability to execute his strategic plans. What about the Peoples Liberation Army? Vice-President Xi Jin ping is consolidating his hold over the military forces, while Xi, 57, was made a Vice-Chairman of the policy-setting Central Military Commission (CMC) only last October, the crown prince has successfully maneuvered to expand his clout over the Peoples Liberation Army (PLA) top general officers.49 The Chinese tradition is one of manipulation which encompasses all aspects of their culture, history, language, international policy and military strategy. Playing one partys side of an issue against anothers, especially if it is in favor of the Chinese desired end-state which usually includes economic bargaining and negotiating, is the ultimate grand game. A great example recently is the decision by the Central Chinese Government to entertain bids for the national airline aircraft purchase. However, in this case it involved more than just winning a Chinese Government bid; the Chinese market is growing fast, Airbus is poised to gain the greatest benefit. The unit of European Aeronautic Defense & Space (EADSY) is winning far more orders than Boeing, which now finds itself a target in a nasty war of words between Washington and Beijing that could put Boeing even further behind its larger rival.50 On January 29, the Obama Administration informed Congress of plans to sell $6.4 billion in weapons to Taiwan, and the following day the Chinese government said it would punish U.S. companies involved in the sales. That could hurt Boeing, which makes the Harpoon missiles that Taiwan will be purchasing as part of the deal.51 Another example of coercive cooperation by the Peoples Republic of China is one in which they have pitted the United States against the European Union openly criticizing both entities for their failings economically. Since President Obama signed the latest deficit budget raising the debt limit just last week, the Chinese have a we told you so attitude stating their undisguised contempt and disgust for this Western nations inability to manage their economy without help from Chinas financial bailout efforts and offers. The EU does not escape this

Jonathon Fenby, Xi Jinping: The man who'll lead China into a new age, accessed 7 NOV 2010 via the World Wide Web at http://www.guardian.co.uk/theobserver/2010/nov/07/xi-jinping-china-david-cameron 50 Tony Capaccio and Viola Gienger, China Suspends U.S. Military Ties on Taiwan Arms Sale (Update3), accessed 30 JAN 2010 via the World Wide Web at http://www.businessweek.com/news/2010-01-30/u-s-seeks-to-sell-taiwanweapons-worth-more-than-6-billion.html 51 Bruce Enhorn, Airbus May Beat Boeing in China's Aviation Market, accessed 2 FEB 2010 via the World Wide Web at http://www.businessweek.com/globalbiz/content/feb2010/gb2010022_703055.htm

49

24

withering condemnation from the Peoples Republic of China either. China cannot contain itself over the EUs failure to shore up the Greek economy.52

Organization of the Peoples Liberation Army (PLA) Cyber Attack Command

The PLA Cyber Command (network attack command) specified in Mandarin Chinese as , Xnx nqun jd, has a defined mission of addressing potential cyber threats and safeguard China's national security. This was a strategic move ordered by President Hu Jintao in 2011 to provide legitimacy by the Communist Party of China (CPC) and the official PRC intent regarding cyber-infrastructure and protection of the Peoples Republic of China as a nation. President Hu Jin tao ordered the PLAs Cyber Command to accomplish two main missions: handle cyber threats as China enters the information age, and to strengthen China's cyber-infrastructure. Curiously and most remarkably nowhere within the Cyber Command mission statement does it say attack another countrys critical infrastructure. The PLA is also organized geographically into military regions53 in the Peoples Republic of China. The Peoples Liberation Army (PLA) is represented by these geographies: the Southeast Area, which incorporates the Nanjing Military Region facing Taiwan (a Chinese breakaway province), Shanghai, which is the Provincial Capital, and Guangzhou Military Regions which are both connected to Hong Kong and Hainan Island the SIGINT headquarters of the PLA, the Northeast Area which includes northeastern China near North Korea called the Shenyang Military Region, the Southwest Area which is a remote mountainous area facing many interesting Asia nations such as Vietnam, Laos, Burma, Nepal and Bangladesh (the Chengdu Military Region), the Northwest Area (Lanzhou Military Region), the Capital Area (Beijing Military Region) and the Strategic Reserve which includes operational overwatch of the North Central China deep water ports of Tianjin and Shanghai (the Jinan Military Region), and the

52

Jon E. Doughterty, China: Debt Deals Unlikely to Salvage U.S., Europe, accessed 5 AUG 2011 via the World Wide Web at http://www.newsroomamerica.com/story/157496.html 53 Military Regions / Military Area Commands, GlobalSecurity.org Website accessed on 16 DEC 2010 via the World Wide Web at http://www.globalsecurity.org/military/world/china/mr.htm

25

XinJiang Military Region which comprises most of the former Silk Road and faces Afghanistan, Russia and Pakistan. Figure 4 is a map which illustrates the PLAs seven military regions.

Figure 4: Map of Chinas Military Regions. 54, 55

The Peoples Liberation Army (PLA) Cyber Attack Command is Chinas Information Security Base and within this organization are found the origins and establishment of Chinas Cyber Command PLA Information Warfare (IW) Foundations.

54

China Military Regions Map, accessed on 2 JUN 2011 via the World Wide Web at http://redreform.com/map_of_china_military_areas.htm 55 CIA World FactBook, accessed on 2 JUN 2011 via the World Wide Web at https://www.cia.gov/library/publications/the-world-factbook/geos/ch.html

26

It is important to note that even though China has a deep and rich cultural history which has included a variety of political leaders and their systems, today the Communist Party of China (CPC) owes its legacy and current power structure to the leader of Chinas Long March in 1948 and appropriately, the following quote attributed to Mao Tse-Tung is a codified mission statement for todays PLA cyber warriors; To achieve victory we must as far as possible make the enemy blind and deaf by sealing his eyes and ears, and drive his commanders to distraction by creating confusion in their minds. Mao Tse-Tung56

Origins of Information Warfare PLA Cyber Command (network attack command)

( Jifngjn lu gngj mnglng Xnx nqun jd) Foundations of Modern Day Chinese Information Warfare (IW) date to 500 B.C. in SunTzus Art of War Ancient Principles of War which are now the basis of todays PLA IW strategy and tactical doctrine. It is widely known and stated that since 1995, then Colonel, now Major General Wang Pufeng is regarded as the founding father of Chinese Information Warfare (IW).57 Major General Wang had three main elements of his vision for Chinese IW, these included the notion that IW can be conducted in times of peace, crisis and war; IW consists of offensive and defensive operations; and the main components of Information Warfare are C2 (Command and Control), Intelligence, Electronic Warfare, Psychological Warfare, Hackers warfare & Economic warfare. Key personalities of Chinese Information Warfare . The Chinese Cyber Command consists of General Zhang Qinsheng , General Chen Bingde , General Ma Xiaotian , Vice Admiral Sun Jianguo and

Battlefield Deception, FM 90-2, Headquarters, US Army, Chapter 5, Deception Means accessed on 20 APR 2011 via the World Wide Web at http://www.fas.org/irp/doddir/army/fm90-2/90-2ch5.htm 57 Major General Wang Pufeng, Peoples Liberation Army, THE CHALLENGE OF INFORMATION WARFARE accessed on 18 DEC 2010 via the World Wide Web at http://www.fas.org/irp/world/china/docs/iw_mg_wang.htm

56

27

Major General Hou Shu sen .58 The PLAs Third Department houses the PLAs Cyber Command and is organized per Figure 5 below;

Figure 5: Table of Organizations forming the Peoples Liberation Army Infowar Task Force.59

58 59

PLA Daily, July 20; China Times, July 20; Global Times, July 22 accessed 2010-08-08 B. Charles, The PLAs Information Warfare Profile, Issue no. 555 dated 04 October, 2007 accessed 19 JAN 2011 via the World Wide Web at http://www.intelligenceonline.com/article/read_article.aspx?doc_i_id=33852514&service=GRA&Context=PRT

28

Chinas Thousand Grains of Sand60

Origins of this intelligence organizational structure are certainly historical in nature and relate back to 2005 according to military historian, author and strategist, James Dunnigan. The principle is simple: students, workers, educators, essentially any Chinese National who departs the country is enlisted to look for, actively harvest, collect and return with invaluable information the Chinese Government, Military and Commercial entities can use for their benefit and gain.61 Of course, apply the age old Thousand Grains of Sand to Chinas Cyber Initiatives and you have an entirely new dimension of active intelligence gathering and persistent cyber espionage.62 Our (sic) goal is to achieve a strategic objective. You have to meet my political conditions or your government will be toppled, or you promise to meet some of my political conditions.63 The PLA calls this methodology of persistent information gathering Information Dominance Zh xnx qun -. Within information dominance doctrine there are very precise attack vectors of information dominance,64 these are: planting information mines, conducting information reconnaissance, changing network data, releasing information bombs, dumping information garbage, disseminating propaganda, applying information deception, releasing clone information, organizing information defense and establishing network spy stations. Eight Pillars of the PLAs Cyber Warfare Strategy: Why is the PLA pursuing Cyber Warfare? From The Eight Pillars of Chinese Warfare ()65 are found in the 13 chapters of Sun Tzus Art of War to the more current eight pillars of Chinese unrestricted warfare, the PLA

James Dunnigan, China's Thousand Grains of Sand accessed on 16 JUL 2011 via the World Wide Web at http://www.strategypage.com/dls/articles2005/2005721212041.asp 61 Ibid accessed 2011-06-20 62 Krypt3ia, Krypt3ia Website, The Dragon and Eagle: Chinas Rise from Hacking To Digital Espionage accessed on 6 JUN2011 via the World Wide Web at http://krypt3ia.wordpress.com/2011/06/06/the-dragon-andeagle-chinas-rise-from-hacking-to-digital-espionage/ 63 Mara Hvistendahl, Unnatural Selection accessed on 15 FEB 2011 via the World Wide Web at http://www.thedarkvisitor.com/category/uncategorized/ 64 Richard A. Clarke and Robert K. Knake, Cyber War. The Next Threat to National Security and What to Do about It, New York, HarperCollins Publishers 2010, pp. 47 64 65 Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version)

60

29

has designed an IW strategy consisting of the use of information and cyber warfare. The eight pillars of beyond-limits combined war in Unrestricted Warfare include the following mandates;66 omni-directionality, synchrony, limited objectives, unlimited measures, asymmetry, minimal consumption, multidimensional coordination and adjustment and control of the entire process. Sun Tzu's Military Principles Snz Bngf - Sun Tzu designed and gave Chinese military leaders 13 Principles of Warfare as stated in 13 chapters, which are titled Detail Assessment and Planning, Waging War67. Chapter One is Detail Assessment and Planning Sh j, Chapter Two, is Waging War Zuzhn, Chapter Three includes Strategic Attack Mu gong, Chapter Four discusses Disposition of the Army Jn xng, in Chapter Five the topic of Forces Bng sh is covered in detail, Chapter Six includes Weaknesses and Strengths Xsh, Chapter Seven focuses on Military Maneuvers Jn zhng, Chapter Eight is concerned with Variations and Adaptability Ji bin, Chapter Nine involves Movement and Development of Troops Xngjn, Chapter Ten speaks to Terrain Dxng, Chapter Eleven includes The Nine Battlegrounds Ji de, Chapter Twelve involves Attacking with Fire Hu gong and Chapter Thirteen concludes Sun Tzus work with Intelligence and Espionage Yng jin. The first Pillar of Unrestricted Warfare is omni-directionality; this is a 360-degree observation and design including a combined use of all kinetic and non-kinetic related defense capabilities and factors -;360

Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version) 67 LIONEL GILES, M.A. (1910), SUN TZU ON THE ART OF WAR THE OLDEST MILITARY TREATISE IN THE WORLD accessed on 12 APR 2011 via the World Wide Web at http://www.chinapage.com/sunzi-e.html

66

30

,68 the Pin-Yin pronunciation is Qun fngwi de fngxing xng; zh sh yg 360 d de gunch h shj, bokule su y u de dngnng h fi dngnng xinggun de fngy nngl h yns de jih sh yng. The PLA defines omni-directionality as seeing every possible avenue of approach, including the specific use of cyber warfare and information war to achieve their strategic and tactical military objectives. There no is longer any distinction between what is or is not the battlefield. In this first pillar of warfare the efforts can be military in nature, or they can be quasimilitary, or perhaps even non-military, such as the use of hacktivists. The PLA applies this combined use of China's entire combat power, from internal strife such as those seen Xin Jiang recently involving Uyghur separatists supported by Pakistan69, or regionally to national combat power, in an intercontinental or worldwide confrontation. The PLAs doctrine explicitly includes a strategically combined use in warfare of national resources to military objectives which includes looking at every aspect, every possible avenue of approach or attack vector, including those in cyber-space. Synchrony is the second pillar and is instead of conducting actions in different spaces within the same period of time, the Pin-Yin pronunciation is Xingtng de shjin ni, zi btng de kngjin ni jn hng hng dng. The PLA believes that technical measures employed in modern warfare, specifically the spread of information technology, includes emergence of long-range warfare technology, increased ability to transform the battlefield, linking together of battlefields which stretch forever, are scattered, or are different by their nature, for example information networks, where military and non-military forces offer equal footing into the war in order to greatly shrink the course of warfare, , pronounced in Pin Yin as Hik gnb. The U.S. military's information campaign systems are an example of a target rich environment for the Chinese military intelligence community, especially if cyber warfare, via hacking mission critical systems, yields so much operational material,

Unrestricted Warfare, by Qiao Liang and Wang Xiangsui (Beijing: PLA Literature and Arts Publishing House, February 1999), page 220 69 Hannah Beech, China's Uighur Problem: One Man's Ordeal Echoes the Plight of a People accessed 28 JUL 2011 via the World Wide Web at http://globalspin.blogs.time.com/2011/07/28/chinas-uighur-problem-one-mans-ordealechoes-the-plight-of-a-people/

68

31

specifically that < 1 minute provides data on 4,000 targets and 1,200 aircraft. Thus, if China were to engage in a full-depth simultaneous attack and the United States was unable to expand to battlefields such as the cyber-realm and defend itself adequately, the PRC would overcome the cyber defenses of the U.S. through such information gathering and harvesting. In fact in a recent US Government Accounting Office report, dated July 2011, DEFENSE DEPARTMENT CYBER EFFORTS, DoD Faces Challenges in Its Cyber Activities it states that the DoD has assigned authorities and responsibilities for implementing cyberspace operations among combatant commands, military services, and defense agencies. However, the supporting relationships necessary to achieve command and control of cyberspace operations remain unclear. In response to a major computer infection in 2008, U.S. Strategic Command identified confusion regarding command and control authorities and chains of command because the exploited network fell under the purview of both its own command and a geographic combatant command. DOD-commissioned studies have recommended command and control improvements.70 The third pillar of Unrestricted Warfare is limited objectives, , the Pin Yin pronunciation is K jishu de fnwi ni shzh zh nnzhn y nd o de cush de qngkung. This aspect of warfare includes what the PLA describes as setting a compass to guide action within an acceptable range for the measures, meaning that they have a decisive commanders intent and distinct plan behind their actions before they execute. Objectives must always be smaller than resources used, which means the PLA establishes limited tactical objectives for conquest rather than very large military objectives which may or may not achieve success. The third criterion is that the PLA does not pursue objectives, which are unrestricted in time and space, which in effect supports the last aspect of the third pillar and indicates that the Chinese army will have set objectives with a defined tactical timeline of both offensive and defensive duration. And finally, consciously pursue limited objectives and eliminate objectives that are beyond one's abilities, which means that once the PLA has established attainable tactical and strategic objectives, they will solely focus on them before pursuing additional tertiary and perhaps distracting military goals.

70

Government Accounting Office Report GAO- 11-75, Defense Department Cyber Efforts, July 2011, Page 34

32

Examples the Chinese have studied and learned from include most importantly those former Western armed forces and their missteps globally. The Chinese observed with great care and curiosity the mistakes General MacArthur made in the Korean War, overcommitting his manpower in face of an underestimated foe, the North Korean and the Chinese armies. Similarly they saw the Americans experience in Vietnam, a protracted decade plus war which resulted in a humiliating withdrawal without victory, as a huge loss of face and a statement of global and martial instability. Soviets similar experience in Afghanistan, a deadly decade of war without end, resulting in the proverbial Russian Bear heading over the mountain was very telling and important for the Chinese for two reasons, one, it signaled that the SovietRussian overlord days were coming to an end, and the Chinese form of Communism, especially in the light of President Nixons trip to China in 1973, which included recognition by the United States politically, was succeeding; and two, with Mao Tse Tungs health failing, his successor dying mysteriously in a plane crash after a failed assassination attempt while fleeing to Russia71, led to Deng Xiao Pings rise to power and pronouncement that China would indeed have Communism as the bedrock of its political power base, and that China would also be an economic and political leader on the world stage72 thus becoming the worlds number one superpower. Isolationism in the Chinese view, is unacceptable, they saw similar nation state actions under the Clinton Administration which eventually led to bankruptcy. A fourth pillar of Unrestricted Warfare is unlimited measures, which is described as a trend is toward unrestricted employment of measures, but restricted to accomplishment of limited objectives, the Mandarin version is and the Pin Yin pronunciation is Qsh sh b shu xinzh jiy de cush, dn zh xiny y uxin mbio d shxin. Unlimited measures to accomplish limited objectives is the ultimate boundary, which means the PLA will have at its disposal any number of kinetic and cyber weapons to achieve with overwhelming force an physical, geographic or cyber objective. China studies Western examples to learn what it may face in an adversarial situation so they can ensure either modern warfare or cyber warfare success. For example, the PLA studied

71

Frank Ching, Chinas Fluid Ideology, accessed 4 AUG 2011 via the World Wide Web at http://thediplomat.com/2011/08/04/china%E2%80%99s-fluid-ideology/ 72 Ibid.

33

General Sherman's advance toward Savanna during the U.S. Civil War; specifically that General Sherman and his staff were not intent on conducting combat but rather a burn and plunder campaign which was a successful example of using of unlimited measures to achieve a limited objective. In this case the PLA has learned that demoralization of the enemy and their will to fight can be achieved by attacking the civilian infrastructure which in effect undermines civil support and the enemies will to fight. Another example studied by the PLA was the Yom Kippur War in 1973 and the occupation of the Sinai Peninsula. Typically seen as a failure by Western military historians as the Israelis missed victory at the Bar Lev Line in order to reach the Sinai a much larger objective, essentially they should have stopped their tactical advance and they would have achieved the same military effect. The fifth pillar is asymmetry, which is to seek nodes of action in the opposite direction from the contours of the balance of symmetry, in Mandarin Chinese it is, , and the Pin Yin pronunciation is Xnqi pnghng duchn de lnku zi xingf n de fngxing xngdng de jidi n. This aspect of Chinese Unrestricted Warfare is basically asymmetric in nature. They will use asymmetry to accomplish their military and cyber objectives; the PLA believes that asymmetry manifests itself in every aspect of warfare, including cyber warfare, and that in order to be successful in any type of kinetic or cyber warfare they must find and exploit an enemy's soft spots. In Western military strategy and thought this is known as maneuver warfare, which takes advantage of the enemys surfaces and gaps. Historical examples of exploiting a foes critical weaknesses include the wars in which Chechnya was invaded by Russia, Somalia and the United States, Northern Ireland guerrillas in Britain, and Islamic Jihad war on the entire Western world. This constitutes a wise refusal of confronting armed forces nation states head-on in symmetric war as seen during the Napoleonic times or as was seen in World War I trench warfare. This type of conflict is also known as irregular warfare and is detailed in the book Eating Soup With A Knife73 which examines counter insurgency efforts in the South Eastern Pacific.

73

David Kilcullen Biography, No Byline accessed on 28 MAR 2011 via the World Wide Web at http://www.powerbase.info/index.php/David_Kilcullen

34

Minimal consumption is the next pillar of Chinese unrestricted warfare. This pillar suggest the use of the least amount of combat resources sufficient to accomplish the objective, the Mandarin Chinese translation is and the Pin Yin transliteration is Sh yng zgu de zuzhn zyun ling zhsh o yo wnchng de mbio. Minimal consumption states that rationality in decision making is more important than thrift and that the size of combat consumption is decided by the form of combat so that a tactical commander should use "more" (more measures) to pursue "less" (lower consumption) which is in effect the model of proportionality in both kinetic and cyber battle. Historical examples of minimal consumption include the German Armys ability to sweep away the joint British-French force after crossing the Maginot Line, where they simply bypassed this multi-national surface and achieved their strategic military objective without firing a shot by taking advantage of the gap between manmade physical obstacle and geographic terrain. The multi-dimensional pillar is the next unrestricted warfare policy and describes coordinating and allocating all the forces that can be mobilized in the military and non-military spheres covering an objective. The mandarin Chinese version of this is , while the Pin Yin version is Xitio h fnpi ky zi jnsh h fi jnsh l ngy boku kgun dngyun su y u de lling. Important aspects of multidimensional approaches to war include planning for an objective of specific nature and duration. This element of unrestricted warfare indicates that coordination and cooperation among different forces in different spheres in order to accomplish an objective. An example of this is derived from the U.S. Marine Corps combined arms doctrine also known as the Marine Corps Air Ground Task Force (MAGTF) Concept. In this USMC doctrine elements of ground combat forces including infantry, artillery and armor are combined with air combat assets and logistical forces to achieve any size objective based upon the commanders intent. Another aspect of the multi-dimensional pillar is that any sphere can become a battlefield, and any force can be used under combat conditions, which means that regardless of the physical or digital nature of the field of combat, it should be considered a hostile plane. The third element is the employment of
35

intangible "strategic resources" such as geographical factors, the role of history, cultural traditions, and sense of ethnic identity, dominating and exploiting the influence of international organizations. The Chinese PLA, SOEs, hacktivists and the CPC all understand the importance of this doctrine. The eighth pillar of unrestricted warfare is adjustment and control of the entire process, in Mandarin Chinese it is , or the Pin Yin pronunciation is Tiozhng h kngzh de qun guchng. This concept is closely aligned with the theory that warfare is a dynamic process during which randomness and creativity prevail, this was CarlVon Clausewitz treatise in his book about modern warfare titled Fog of War74. He stated that with a greater use of intuition and creativity, armies will be allowed to decisively win battles and ultimately wars. Today, with information technology welding the entire world together into a network, the number of factors involved in a war is much, much greater than in past wars.75 Shift of the battlefield to non-military spheres thus the equation of Cyber-realm + Network = Cyber Warfare.

Conclusions of applying the Eight Pillars of Unrestricted Chinese Warfare to the Peoples Liberation Army use of Information and Cyber Warfare
Conclusions regarding the PLAs use of the Eight Pillars include the following statements: consider the improbable, as the PLA already has and has a plan for success; understand the enemy, the PLA has the grandfather of warfare for the inedible lessons, Sun Tzu and the Art of War at their reference and disposal; minimize an infrastructures cyber-gaps, maximize surfaces in order to channel cyber-activity and force the attacker into an untenable cyber-position; educate information security staff who are engaged in cyber-warfare duties; realize that the alleged Chinese cyber-threat is asymmetric and unceasing; understand that a countrys will to defeat the alleged Chinese cyber-threat must significantly outlast theirs; setbacks in cyber-offense and defense will occur, but learn from these cyber-events, adapt and overcome the cyber-threat vectors which pose the greatest challenges; and know that simply throwing money, e.g.: hardware, software and personnel, at the alleged Chinese cyber-threat is ineffectual at best, a

74

Alan D. Beyerchen, Clausewitz, Nonlinearity and the Unpredictability of War accessed on 28 MAR 2011 via the World Wide Web at http://www.clausewitz.com/readings/Beyerchen/CWZandNonlinearity.htm 75 Ibid.

36

combined arms approach of direct diplomacy combined with threat of direct military action is a great first step towards mitigating any nation states cyber offense. What is the PLA Cyber Command interested in the United States? United States Critical Infrastructure surface and gaps exploitation is absolutely the cyberattack objective set of the Peoples Republic of China. Critical Infrastructure surface and gaps exploitation is a key element of the Chinese Cyber and Information Warfare initiative;, specifically the energy industry, which includes the oil, gas and electricity market segments. Intelligence gathering, practiced by the Chinese Government and the Peoples Liberation Army, will provide information dominance, enabling an advantage during any widespread conflict. They will use a combined digital arms approach using any variety of the threat vectors described below.76 These avenues of cyber-attacks include: vulnerability discovery and exploitation, automation, management of cyber warfare operations, malware, use of rootkits, optimization of backdoors, analysis of information gathered in preparation for further exploitation, compromising routing infrastructure via the manipulation of existing protocols such as border gateway protocol (BGP), open simple path first (OSPF), virtual routing and forwarding (VRF), intelligent resilient framework (IRF), link aggregation control protocol (LACP), and virtual router redundancy protocol (VRRP), distributed denial of service (DDoS) technology and domain name service (DNS) Attacks. Chinese State Owned Enterprises (SOE) & the PLA Examples of SOE & PLA cyber-attacks are well known through the study of case studies such as Operation Night Dragon, which specifically targeted the global energy industry. According to the McAfee report, the attacks were described to be targeted, using techniques such as social engineering and spear phishing. The purpose of the attacks appears to be penetration of corporate networks in order to extract sensitive data attacks use a variety of components - there is no single piece or family of malware responsible. The first stage of the attack involved

Richard Stiennon, Technology And The Advent of Cyber War accessed on 4 JAN 2011 via the World Wide Web at http://www.itgrcforum.com/index.php?option=com_content&view=article&id=1571:technology-and-the-adventof-cyber-war&catid=59:it-security-management&Itemid=263

76

37

penetration of the target network, known as 'breaking down the front door'. Other advanced techniques such as spear phishing and SQL injections of public facing web servers were reported to have been used by McAfee. Once in, the attackers then upload freely available hacker tools onto the compromised servers in order to gain visibility into the internal network. Thus the internal network was then be penetrated by typical cyber penetration methods (accessing Active Directory account details, cracking user passwords, etc.) in order to infect machines on the network with remote administration tools (RATs).77 Elements of the energy industry such as oil, gas and electricity, are definite targets economically by Chinese hackers. For example, Baker Hughes Inc. said it was hacked recently as part of a wide assault on energy companies. Baker Hughes provides advanced drilling equipment and proprietary techniques - assessing the quality and accessibility of oil reserves, both of which make them a prime cyber target of a country looking for fast track information on natural resource research. Chinese cyber-attacks against oil and gas companies to gain their competitive bid information, architectural plans, project definition documents, functional operational aspects such as information to win competitive bids Siberia to China. 78 Thus the question is asked, are the Chinese interested in industry infiltration or economic data exfiltration? The U.S.-China Economic and Security Review Commission, which attempts to bridge the gap economically and politically between interested U.S. businesses, the U.S. Government and Chinese businesses.79 Chinas proliferation practices, which are both qualitative and quantitative nature in terms of economic transfers of U.S. production activities to China, have an effect on Chinas development of world energy supplies. Additionally, access to and use of U.S. capital markets by China, such as buying a U.S. Treasury note and other government issued financial instruments will certainly impact Chinas regional economic and security initiatives.80

Operation Night Dragon, McAfee Reports, accessed 15 JAN 2010 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 78 Michael Riley and Sara Forden, Hacking of DuPont, J&J, GE Were Google-Type Attacks That Weren't Disclosed accessed on 9 MAR 2011 via the World Wide Web at http://www.bloomberg.com/news/2011-03-08/hacking-ofdupont-j-j-ge-were-google-type-attacks-that-weren-t-disclosed.html 79 The U.S.-China Economic and Security Review Commission website accessed 15 NOV 2010 via the World Wide Web at http://www.uscc.gov/ 80 U.S.-China Economic and Security Review Commission Website, No Byline accessed on 16 DEC 2010 via the World Wide Web at http://www.uscc.gov/index.php

77

38

Why are the Chinese targeting the U.S. Department of Defense? The Chinese have carried out pre-planned targeting to gain sensitive intelligence and military secrets on specific defense applications they do not currently have, such as the Joint Strike Fighter. A very interesting case involved former L-3 worker, Sixing "Steve" Liu, 47, who was indicted for taking sensitive customer data to China. L3 is a significant DoD and DHS Contractor and Liu worked for L-3's Space & Navigation unit in New Jersey from March 2009 until November 30, 2010 as an engineer on a precision navigation device.81 Facebook has been deigned the Chinese financial Trojan horse as traffic destined for Facebook from AT&T's servers took a strange loop though China and South Korea. China is well known for its harmful networking practices by limiting network functionality and spying on its users, and when your data is flowing over their network, your data could be treated as any Chinese citizens."82 The international telecommunications manufacturer Huawei is described as an enemy in our firewall. Huawei was founded by a People's Liberation Army officer who retains links with China's security services. Huawei has denied the links, but these suspicions have torpedoed other attempted U.S. deals in the past. Curiously Huawei sold 3COM to it hardware manufacturer HP in 2010. It is important to understand that HPs A- Series core network infrastructure was designed and architected by Huawei in the PRC, including firewall/security products83 such as Tipping Point Intrusion Prevention Systems (IPS). Huawei plans on building the U.S. new 4G telecom infrastructure. Huawei is in talks with federal, state and local government agencies in the United States to provide wireless technology to build the country's first nation-wide public safety network.84

Reuters News Website, No Byline, Former L-3 worker indicted for taking data to China accessed on 6 APR 2011 via the World Wide Web at http://www.reuters.com/article/2011/04/06/l3communications-china-idUSN0626580820110406 82 Jeremy Kirk, AT&T Facebook traffic takes a loop through China accessed on 25 MAR 2011 via the World Wide Web at http://www.computerworld.com/s/article/9215029/AT_T_Facebook_traffic_takes_a_loop_through_China?source=C TWNLE_nlt_pm_2011-03-24 83 China Military Power Mashup Website, No Byline accessed on 6 APR 2011 via the World Wide Web at http://www.china-defense-mashup.com 84 SHAYNDI RAICE, China's Huawei Is Finalist for U.S. Cellular Job accessed on 5 APR 2011 via the World Wide Web at http://online.wsj.com/article/SB10001424052748703712504576243203039296860.html

81

39

ZTE is an international Chinese state sponsored telecommunications company. ZTE has made heavy investment in Africa and South America for over a decade and a half. The company made initial attempts in the U.S. between1996 and 2001 - early days of Internet - to partner with Internet Service Providers and telecommunication carriers for sales of their telecommunications hardware. Currently ZTE provides telecommunications infrastructure throughout Africa and has been doing so for over a decade. Interestingly ZTE has both a South African85 and North African86 presence for conducting business. In 2010 ZTE won a $ 378 million (USD) contract to provide cellular infrastructure to South African mobile operator Cell C Ltd.87 Ecobank opens a China desk to manage its Africa loan operations88. Chinese investment in Africa has one distinct goal besides international commerce and profit, ensuring a direct supply of natural resources such as oil and rare earth minerals.89 In fact, China's environmental footprint in Africa includes heavy oil extraction from Nigeria and rare earth minerals.90 China's environmental concerns at home have driven Beijing's quest for resources overseas, argues author Ian Taylor in that the country must consider the ecological impact of its logging and oil extraction in Africa.91 There is then of course the great controversy and drama surrounding Google versus Chinas Great Firewall. The timeline is lengthy and began in September 2002 as China blocked

85

ZTE Corporate website accessed 12 AUG 2011 via the Worldwide Web at http://wwwen.zte.com.cn/en/about/global_sales_offices/south_africa/
86

ZTE Corporate website accessed 12 AUG 2011 via the Worldwide Web at http://wwwen.zte.com.cn/en/about/global_sales_offices/north_africa/
87

Doug Young and Ken Wills, Chinas ZTE gets $ 378 mln South Africa deal, accessed 19 June 2011 via the World Wide Web at , http://www.reuters.com/article/2010/01/27/zte-idUSTOE60Q02620100127

88

REUTERS AFRICA Website, No Byline, accessed on 6 APR 2011 via the World Wide Web at http://chinadigitaltimes.net/2011/04/ecobank-opens-china-desk-to-manage-africa-loans/ 89 Deborah Brautigam, Africas Eastern PromiseWhat the West Can Learn From Chinese Investment in Africa accessed on 6 JAN 2010 via the World Wide Web at http://www.foreignaffairs.com/articles/65916/deborahbrautigam/africa%E2%80%99s-eastern-promise 90 The race for strategic minerals, Africa-Asia Confidential website, Vol 2, No 10, August 2009 accessed 21 JUL 2011 via the World Wide Web at http://www.africa-asia-confidential.com/articlepreview/id/274/The_race_for_strategic_minerals
91

Ian Taylor, China's environmental footprint in Africa accessed on 8 FEB 2008 via the World Wide Web at http://www.chinadialogue.net/article/show/single/en/741-China-s-environmental-footprint-in-Africa

40

Google92 searches by Internet users in China. Again, during January 2011, Google search engines were blocked by China. Both of these fracas with Google came out of Chinas antigovernment unrest also basis - amid an intensified Internet crackdown following widespread unrest in the Middle East93. Of course the human basis for the Internet was a foundation as well these concerns by the Central Chinese Government included pornography, human rights ideas from other countries. The following was a Google Mainland China service availability message This page has been replaced by a more general worldwide transparency report. Using it, you can find not only traffic disruptions but also the volume of government queries for some countries. Google Google The China specific portion equivalent to this report page is here. It charts query volume for various Google properties over time. The new report shows each region's fraction of worldwide volume scaled such that 100% is the highest ever seen from that region. Service disruptions will show up as dips in the graphs. This page will redirect to the new site in 60 seconds. 6094, 95

BBC News Business Website, World Edition, No Byline accessed on 2 SEP 2002 via the World Wide Web at http://news.bbc.co.uk/2/hi/technology/2231101.stm 93 Tini Tran, Gmail In China Being Blocked By Government, Says Google accessed on 21 MAR 2011 via the World Wide Web at http://www.huffingtonpost.com/2011/03/21/gmail-china_n_838255.html 94 Google Mainland China service availability statement accessed on 17 APR 2011 via the World Wide Web at http://www.google.com/prc/report.html

92

41

Another example of loosely attributed cyber-attacks was the Codera IT infrastructure denial of service (DOS) events. It was reported that alleged China-related DoS attack took down several Codero-hosted Web sites. One website was run and managed by a Codero customer that hosts DNS records for sites on the Internet, including a Web site critical of communism that appeared to be the ultimate end target. It resulted in > 1.5 million packets per second DoS attack. These advanced persistent threats (APT) Paralyzed Coderas core routers. Upstream providers were unable to pinpoint where the target IPs were coming from96 Chinese Aurora Hackers Hit DuPont. Chinese hackers allegedly infiltrated the computer networks of the global chemical company DuPont in late 200997. DuPont was the target of an industrial espionage campaign, specifically company PCs were infected with spyware during a DuPont business trip to China. Initially DuPont denied it had been hacked. After a DuPont internal investigation discovered some computers were implanted with spyware during a business trip to China where the PCs were stored in a hotel safe.98 Google said in January 2010 it had lost intellectual property assets to hackers based in China. Adobe Systems Inc. (ADBE) said it had been attacked by hackers based in China. Intel Corp. (INTC) said it was attacked in a sophisticated incident around the same time as Google and multi-national companies such as Johnson & Johnson, General Electric were also GoogleType Attacks That Weren't Disclosed99until significantly later. Another series of alleged Chinese hacking took place during the Paris G20 summit, when files from the conference were stolen by cyber thieves. Also during the Paris G20 files stolen in a

95

Google Transparency Report Website, accessed on 18 2011 via the World Wide Web at http://www.google.com/transparencyreport/traffic/?r=CN&l=EVERYTHING&csd=1296723600000&ced=1303063 529815 96 Elinor Mills, China-related DoS attack takes down Codero-hosted Web sites accessed on 8 MAR 2011 via the World Wide Web at http://news.cnet.com/8301-27080_3-20040625-245.html?part=rss&subj=news&tag=2547-1_30-20 97 Matt Liebowitz, Chinese Aurora Hackers Hit DuPont accessed on 9 MAR 2011 via the World Wide Web at http://www.securitynewsdaily.com/chinese-aurora-hackers-hit-dupont-0594/ 98 Michael Riley and Sara Forden, Hacking of DuPont, J&J, GE Were Google-Type Attacks That Weren't Disclosed accessed on 9 MAR 2011 via the World Wide Web at accessed on 15 JAN 2011 via the World Wide Web at http://www.bloomberg.com/news/2011-03-08/hacking-of-dupont-j-j-ge-were-google-type-attacks-that-weren-tdisclosed.html accessed 9 MAR 2011 99 Michael Riley and Sara Forden, Hacking of DuPont, J&J, GE Were Google-Type Attacks That Weren't Disclosed accessed on 9 MAR 2011 via the World Wide Web at http://www.bloomberg.com/news/2011-03-08/hacking-ofdupont-j-j-ge-were-google-type-attacks-that-weren-t-disclosed.html

42

cyber attack100 affected the French Budget Ministry's 170,000 computers. Circumstantial evidence pointed to China, no clear indication suggesting attacks were Chinese government sponsored; this most recent attack against the French government was the latest in a string of cyber-attacks on companies and governments around the world. Cyber investigators and forensic specialists did uncover that the attacks originated from a server in Shandong Province, China which hosted one of the pieces of attack malware used to carry out the cyber-attacks. Analysts also found that the attacks were conducted using IP addresses in Beijing during the hours of 9 a.m. and 5 p.m.101; typically the normal working hours of most militaries including the Peoples Liberation Army. During 2010 January Yahoo e-mail accounts of foreign journalists in China and Taiwan were hacked.102 These cyber-attacks included "at least a dozen rights activists, academics and journalists who cover China," including the author Andrew Jacobs.103 The alleged Chinese hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address.104 When there has been anti-Chinese Government rhetoric on the web, or cries for human rights equilibrium and parity with Western nations, the PLA has acted swiftly and decisively in the cyber realm. China has clamped down further on the Internet to prevent unrest(turbulence?), wanting to avoid public unrest similar to Egypt, Libya and Bahrain.105 Examples included blocked access to Facebook, YouTube, and Twitter, as well as cellphone calls, electronic messages, and emails; residents say they have never seen such high levels of censorship before.

HOMELAND SECURITY NEWSWIRE Website, Paris G20 files stolen in cyber attack accessed on 18 MAR 2011 via the World Wide Web at http://homelandsecuritynewswire.com/paris-g20-files-stolencyber-attack 101 BBC News Business Website, No Byline accessed on 19 MAR 2011 via the World Wide Web at http://www.bbc.co.uk/news/business-12662596 102 BBC News Website, No Byline, Yahoo targeted in China cyber attacks accessed on 30 MAR 2011 via the World Wide Web at http://news.bbc.co.uk/2/hi/technology/8596410.stm 103 Ibid. 104 Andrew Jacobs, Journalists E-Mails Hacked in China accessed on 30 MAR 2011 via the World Wide Web at http://www.nytimes.com/2010/03/31/world/asia/31china.html?_r=1 105 HOMELAND SECURITY NEWSWIRE Website, China clamps down further on Internet to prevent unrest accessed on 30 MAR 2011 via the World Wide Web at http://homelandsecuritynewswire.com/china-clamps-downfurther-internet-prevent-unrest

100

43

There does seem to be a sense of cooperation as the Chinese are tired of being the labeled the cyber bullies and are currently working the FBI to conduct joint cyber investigations with China.106 The FBI recently posted a cyber-security expert in China to foster cooperation, coordination and cooptation and while this initiative will be law enforcement agency (LEA) focused the focus will be on who is the perpetrator behind the keyboard. Will the FBI be able to handle the truth? Will they even be able to bring anyone from China to justice in the United States? No, the Peoples Republic of China is simply placating the foreigners. Specific examples & case studies of cyber-attack methodologies used by the PLA Cyber warfare? China has downloaded 10 to 20 terabytes of data from NIPRNET. There are around three million daily scans of the GID or Global Information Grid, the Defense Departments main network artery.107 Is this just vicarious curiosity or Data Exfiltration preparing for war? Cyber hacking methods allegedly used by Chinese hackers have been represented by both elementary hacking methods and more advanced persistent threat (APT) methods. They will use a combined digital arms approach using any variety of the below threat vectors.108 Where is the alleged Chinese Cyber Warfare Threat Coming From?
Origins of Cyber Warfare Attacks OMITTED

Specific Alleged Peoples Republic of China Cyber Attacks Operation Night Dragon

Eric Beidel, FBI to Conduct Joint Cyber Investigations With China , accessed on 1 APR 2011 via the World Wide Web at http://www.nationaldefensemagazine.org/blog/lists/posts/post.aspx?ID=358 107 D3vIL-HuNT, Pseudonym, China: The Great Red Cyber Army accessed on 23 MAR 2011 via the World Wide Web at http://2wapworld.com/web/w_posts.php?topic_id=2757118 108 Richard Stiennon, Technology And The Advent of Cyber War accessed on 4 JAN 2011 via the World Wide Web at http://www.itgrcforum.com/index.php?option=com_content&view=article&id=1571:technology-and-the-adventof-cyber-war&catid=59:it-security-management&Itemid=263 109 IPillion Internet Detective Website, 119.145.149.38 is from China accessed on 23 MAR 2011 via the World Wide Web at http://www.ipillion.com/ip/119.145.149.38

106

44

109

The global energy industry was hit by Night Dragon cyber-attacks between November 2009 and February 2011. In the McAfee report specifically about Night Dragon, the global energy cyber-attacks most likely originated from China. The report states that the cyber-attacks were described as targeted in nature. The perpetrators used hacking techniques such as social engineering and spear phishing. Night Dragon attacks targeted corporate networks in order to extract sensitive data attacks use a variety of components, there was no single piece or family of malware responsible. However the McAfee report does specify that the following various forms of Advanced Persistent Threats included Trojans, remote access tools, and a variety of malware to infiltrate the corporate networks of global energy companies.110 First stage of the Night Dragon attack involved penetrating the target network, 'breaking down the front door'111 - Techniques such as spear phishing and SQL injection of public facing web servers are reported to have been used. Once in, the attackers then upload freely available hacker tools onto the compromised servers in order to gain visibility into the internal network. The internal network can then be penetrated by typical penetration methods (accessing Active Directory account details, cracking user passwords etc.) in order to infect machines on the network with remote administration tools (RATs).112 Troj/NDragon-A113 and Mal/NDragon-A114 detections are noted to group the various components together, the latter genotype, Mal/NDragon-A, detection providing generic detection for other variants that are likely to be in the wild. Available details from Sohpos suggest that in addition to the above malware, various legitimate tools were used in the attacks (e.g. SysInternals tools). Sophos suggested to its customers potentially unwanted application

Night Dragon, McAfee Reports website, No ByLine, accessed on 22 JAN 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 111 Tim Greene, Top 10 Web hacking techniques of 2010 revealed accessed on 24 JAN 2011 via the World Wide Web at http://www.networkworld.com/news/2011/012411-top-web-hacking-techniques.html 112 McAfee Labs website, Night Dragon, accessed on 16 MAR 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 113 SOPHOS Viruses and Spyware definitions page accessed on 13 MAR 2011 via the World Wide Web at http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/Troj~NDragon-A.aspx accessed 114 SOPHOS Viruses and Spyware definitions page accessed on 13 MAR 2011 via the World Wide Web at http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/Mal~NDragon-A.aspx

110

45

(PUA)115 and application control (AppC) detections to fully manage the use of such tools within their environment. These tools can include software that is legitimate, but that you really do not want to allow being run on your network (for example, IP scanning, password recovery and remote administration tools).116 The style of attack may be similar (breach the perimeter using whatever means necessary, and then penetrate the internal network to find and extract the required data), but we cannot read too much into what is a very standard form of attacksimilarities have been suggested between the Night Dragon and Aurora attacks.117

Operation Aurora: Command Structure of the Operation Aurora Botnet: History, Patterns, and Findings
Attacks previously identified as occurring in mid-December 2009 targeting Google appear to originate in July 2009 from Mainland China. Hosts compromised with Aurora botnet agents and rallied to the botnet Command-and-Control (CnC) channels were distributed across multiple countries before the public disclosure of Aurora, with the top five countries being the United States, China, Germany, Taiwan and the United Kingdom.118 Timeline of malware associations back to May 2, 2009 tracked via evolution of malware used by Auroras operators. Simple command topology made extensive use of Dynamic DNS (DDNS) CnC techniques. The construction of the botnet would be classed as old-school. The hackers had reliance upon dynamic domain name service (DDNS) thus CnC is typically associated with new and amateurish botnet operators. The criminals behind the Google attack appear to have built and managed a number of separate botnets and run a series of targeted attack campaigns in parallel. The conclusions are based upon CnC domain registration and

115

SOPHOS Adware and PUAs definitions page accessed on 14 MAR 2011 via the World Wide Web at http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas.aspx 116 McAfee Labs website, Night Dragon, accessed on 16 MAR 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 117 McAfee Labs website, Night Dragon, accessed on 16 MAR 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 118 Robin Wauters, McAfee Calls Operation Aurora A "Watershed Moment In Cybersecurity", Offers Guidance ,TechCrunch Website accessed 18 JAN 2010 viathe World Wide Web at http://techcrunch.com/2010/01/17/mcafeeoperation-aurora-2/

46

management information. The earliest of the CnC domains associated with these botnets, reliant upon DDNS service provisioning, appear to have been registered on July 13, 2009.119 Criminals used Fake AV Alert/Scareware Login Software 2009 and Fake Microsoft Antispyware Service, both of which employed fake antivirus infection messages to socially engineer victims into installing malicious botnet agents.120

WordPress Distributed Denial of Service Attacks

WordPress suffered one of the largest DDoS attacks affecting 10 percent of its hosted sites and Matt Mullenweg, WordPress founder believes culprit is China. The Chinese-language site WordPress hosts that is banned by Baidu was the main target. What was the motivation of DDoS attacks? To quell civil unrest within China and forestall uprisings similar to Bahrain, Yemen, and Libya.121 It was one in the latest string of attacks on companies and governments around the world with evidence pointing to China.122 In both 1997 and 1999 during Operation Ulchi Focus Lens, military hackers from China using publicly available information of Internet Protocol (IP) addresses denied U.S. Forces operating in South Korea Internet and network access to their token-ring based infrastructure during military exercises.

Analysis of the information collected

A statement about the information collected from an analytical point of view is very difficult to surmise. The challenge lays in the vast amount of current cyber threat event trending worldwide, the U.S. has a vociferous point of view regarding nation state cyber-attacks, specifically the Peoples Republic of China stated intent to conduct information warfare which includes both direct and indirect digital forensics detailing the Chinese cyber-attacks and

119 Frank Saxton, The "No Network is 100% Secure" series - The Aurora Power Grid Vulnerability - accessed on 16 FEB 2011 via the World Wide Web at http://unix.nocdesigns.com/aurora_white_paper.htm 120 Ibid. 121 Michael Kan, WordPress: DDoS Attacks Came From China accessed on 19 MAR 2011 via the World Wide Web at http://www.pcworld.com/businesscenter/article/221467/wordpress_ddos_attacks_came_from_china.html 122 Homeland Security Newswire Website, No Byline, Paris G20 files stolen in cyber attack accessed on 26 FEB 2011 via the World Wide Web at http://homelandsecuritynewswire.com/paris-g20-files-stolencyber-attack

47

penultimately detail the unceasing and inherent distrust by non-China watchers of China itself. This composite picture of research information collected is significantly dynamic. Given the dynamic and constantly changing amount of applicable information regarding the PRCs alleged use of cyber warfare, all of which is current, a distinct challenge lies in understanding which cyber-attacks may or may not be attributable to a particular nation state.

Results of the research and analysis and conclusions

The amount, volume and frequency of information related to alleged Chinese cyber threats are extraordinary and unending. Various professional online groups, such as those offered through LinkedIn, Facebook and organic online resources, offer the surest and most rapid dissemination of information related to the subject. The common thread regarding the Chinese Cyber threat is that it is perceived to be real and attributable via several well-known hacking operations such as GhostNet, Operation Titan Rain, Operation Aurora and Operation Night Dragon. One key finding is that there is no direct attribution to hacking having originated from within the Peoples Republic of China. Origins of cyber-attacks via any number of threat vectors cannot be definitively linked back to China.

Recommendations for a solution to the problem

Solutions for the Peoples Republic of China information and cyber warfare threat are best explained using a Systems Modeling approach. By using the Systems Modeling approach an 80% attempt at understanding the PRC cyber warfare threat may be realized and solved, at least temporarily. The types of specific modeling methodology used include a vulnerability assessment and decision model. Refer to Appendix 1, Systems Modeling: Cyber Warfare Attacks on US Critical Infrastructure by the Peoples Republic of China (PRC) for the complete decision modeling and problem solutions recommendation.

The following table, Table 2, places emphasis on short and long term moves for business decision makers, corporate strategists, innovators and government entities that are concerned or involved in understanding how to deal with Chinese cyber threat. The first short term move
48

involves a holistic strategy across all key stakeholders who have a vested interest in dealing with the high risk of the Chinese cyber threat. The lead entity would be the International Undersecretary, U.S. Department of Commerce working with all affected corporate stakeholders who may suffer losses if their intellectual property were stolen. The second move is also of an immediate focus and relied on corporate leadership to create awareness of the Chinese data exfiltration threat within the IT security organization and throughout the entire impacted company. In conjunction with (ICW) security hardware and software manufacturers create a IT security defense-in-depth standard that protects both national economic and critical infrastructure from Chinese cyber-attack vectors; this would be both an immediate and sustainable long term move. The fourth short and long term strategy would be based upon the diplomatic lead of the U.S. State Department, DoD and USAID. Their task would be to define a mutual understanding of the Chinese cyber-threat nationally within the U.S. and then internationally with NATO and primarily the Chinese Government so that incidences of cyber-attacks, rather than loosely being attributed to a nation state, such as China, could then be identified, investigated mutually and mitigated cooperatively.

49

References
[1] Siobahn Gorman and Julian E. Barnes. (2010) Cyber Combat: Act of War

Pentagon Sets Stage for U.S. to Respond to Computer Sabotage with Military Force, [Online] Available: http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html. [2] Qiao Liang and Wang Xiang sui, Unrestricted Warfare, 1st ed. Beijing, Peoples Republic of China: PLA Literature and Arts Publishing House, February 1999. [3] U.S. Department of Defense, Cyber Strategy, [Online] Available: http://www.defense.gov/home/features/2011/0411_cyberstrategy/ [4] U.S. Cyber Command, United States Strategic Command [Online]. Available: http://www.stratcom.mil/factsheets/cyber_command/ [5] Angela Moscaritolo. (2011) Report: Cyberattacks against the U.S. "rising sharply", [Online] Available: http://www.scmagazineus.com/report-cyberattacks-against-the-us-risingsharply/article/158236/ [6] John D. Banusiewciz. (2011). Deputy Secretary Lynn Details Anti-Cyber Threat Strategy, [Online] Available: http://www.defense.gov/news/newsarticle.aspx?id=64351 [7] Xu Wu, Chinese Cyber Nationalism, 5th ed. Lanham, MD: Lexington Books, 2007 [8] Gabriel Li and Edmond Wong, The Rise of Digital China, 1st ed. San Francisco, CA: China Books and Periodicals, 2001 [9] Francoise Mengin, Cyber China, 1st ed. New York, NY: Palgrave MacMillan, 2004 [10] Ralph D. Sawyer, Sun Tzu Art of War, 1st ed. Boulder, CO: Westview Press, 1994 [11] Ralph D. Sawyer, Sun Pin Military Methods, 1st ed. Boulder, CO: Westview Press, 1995 [12] Martin Jacques, When China Rules the World, 1st ed. New York, NY: Penguin Press, 2009 [13] Richard A. Clarke and Robert K.Knake, Cyber War, 1st ed. New York, NY: Harper Collins, 2010 [14] George J. Rattray, Strategic Warfare in Cyberspace, 1st ed. Cambridge, MA: MIT Press, 2001 [15] Jeffrey N. Wassertrom, China in the 21st Century, 1st ed. New York, NY: Oxford University Press, 2010
1

[16] Infowar-monitor.net. Shadows in the Cloud: Investigating Cyber Espionage 2.0. [Online] Available: http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-intocyber-espionage-2-0/ [17] Infowar-monitor.net. Tracking GhostNet: Investigating a Cyber Espionage Network. [Online] Available: http://www.infowar-monitor.net/ [18] Phil Muncaster. February 2011. Night Dragon Chinese hackers go after energy firms. [Online]. Available http://krypt3ia.wordpress.com/2011/02/28/operation-night-dragon-nothingnew-but-it-bears-some-repeating/ [19] Coping with the Dragon, 1st ed. The Center for Technology and National Security Policy at the National Defense University, Washington D.C., 2007 [20] Chris Buckley. June 2011. China military paper urges steps against U.S. cyber war threat (Reuters). [Online] Available http://wallstreetrun.com/china-military-paper-urges-steps-againstu-s-cyber-war-threat-reuters.htm [21] Ralph D. Sawyer, The Seven Military Classics of Ancient China, 1st ed. Boulder, CO: Westview Press, 1993 [22] Jason Andress and Steven Winterfeld, Cyber Warfare, 1st ed. Boston, MA: Syngress, 2011 [23] Jeffrey Carr, Inside Cyber Warfare, 1st ed. Cambridge, MA: OReilly, 2010 [24] David M. Lampton, The Three Faces of Chinese Power Might, Money, and Minds, San Francisco: University of California Press, Berkeley, 2008 [25] Daniel Burstein and Arne de Keijzer, Big Dragon, The Future of China, 1st ed. New York, NY: Touchstone Press, 1999 [26] Rafe De Crespigny, China This Century, 1st ed. New York, NY: Oxford University Press, 1992 [27] David Wise, Tiger trap: Americas Secret Spy War with China, 1st ed. New York, NY: Houghton Mifflin Harcourt, 2011 [28] Peter Navarro and Greg Autry, Death by China, 1st ed. Prentice, NJ: Prentice Hall 2011 [29] Peter Navarro, The Coming China Wars, 2nd ed. Prentice, NJ: Prentice Hall 2008
2

[30] Henry Kissinger, On China, 1st ed. New York, NY: Penguin Press, 2011

Appendices
Appendix A Significant Peoples Liberation Army (PLA) Information Warfare Personalities
Major General Dai Qing min, was the director of the PLAs electronic warfare department (Fourth Department); his intent was a comprehensive information warfare effort. He advocated cyber command stated missions which complement the PLA's information warfare (IW) units. Missions of cyber doctrine have been developed by the PLA since at least 2003. The PLA's IW strategy was originally spearheaded by Major General Dai Qing min since 1995. Zhang Qin sheng 123 General Zhang is a member of the 17th CPC Central Committee, 1st Deputy Chief of the General Staff, General Department of the PLA. He is of the pure Han nationality, and is a native of Xiaoxi City, Shanxi province. Born in 1948, he joined the PLA in 1968. Serving successively as director of the military training department of the Beijing Military Region, and deputy director of the military training department of the General Staff Headquarters, General Zhang has conducted research on network command systems. In December 2004, then-Major General Zhang was elevated to chief of staff assistant of General Staff Department, and was promoted to vice chief of staff in December 2006. In 2007, he was appointed commander of Guangzhou Military Region. Zhang was recently promoted to the rank of general (4-Stars) by President Hu in mid-July 2010 according to Xinhua News Agency, July 20.124

China VITAE Website, No Byline, accessed on 15 JAN 2011 via the World Wide Web at http://www.chinavitae.com/biography/ 124 Jamestown Foundation, China's Cyber Command?, 22 July 2010, China Brief Volume: 10 Issue: 15, accessed on 21 JUN 2011 via the World Wide Web at http://www.unhcr.org/refworld/docid/4c74e64d2.html

123

Chen Bing de 125 General Chen is a member of the 17th CPC Central Committee, Member of the 17th CPC Central Military Commission; Member of the Central Military Commission of the PRC, and Chief of General Staff, Peoples Liberation Army. A native of Nantong, Jiangsu Province, General Chen is also of the Han nationality. Born in 1941, he holds the equivalent of an associate the degree from the Academy of Military Sciences. General Chen joined the PLA in 1961 and the Central Party Committee in 1962. Ma Xiao tian 126 General Ma is a member of the 17th CPC Central Committee, Deputy Chief of the PLA General Staff. Along with his contemporaries, he is of the Han nationality, and is a native of Gongyi City, Henan province. General Ma born in 1949, joined the Chinese PLA in 1965 and subsequently joined the CPC in 1969. He graduated from the 12th Aviation School with the academic credentials of junior college. General Ma is an air marshal of the Peoples Liberation Army Air Force (PLAAF) and was made deputy chief of staff of the organization in 1997. Ma was a member of the 16th CPC Central Committee. Sun Jian guo 127 Sun Jian guo, male, Han nationality, is a native of Wuqiao City, Heibei Province. Serving as an alternate member of the 17th CPC Central Committee, he is also Deputy Chief of the General Staff, PLA. Born in 1952, he entered the work force in 1968 and joined the PLA in 1970. General Sun graduated from Navy Submarine Institute of Chinese Peoples Liberation Army. Duties included serving as a coxswain of a Changzheng-3 nuclear submarine. In 2006, he was

125 126

http://www.chinavitae.com/biography/ Ibid accessed 011-04-18 127 Ibid accessed 2011-04-18

promoted to be vice-admiral of the Navy. Since 2009, he serves as Deputy Chief of the General Staff, PLA. Hou Shu sen 128 Currently General Hou serves as the Deputy Chief, PLA, Headquarters of the General Staff. Much like his fellow cyber warfare princelings, General Hou is of Han nationality, born in 1950 and is a native of Fumeng County, Liaoning province. General Hou was promoted to the rank of lieutenant general in 2007. A Jilin University graduate, General Hou has spent most of his career in the Shengyang Military Region. In 2009 he became Deputy Chief of Staff of the PLA. The current PLA IW Tacticians are Major General Hu Xiao feng, Deputy Director for the National Defense University Department of Information Warfare and Training Command; and Professor Meng Xiang qing, who currently works at the Chinese National Defense University Institute for Strategic Studies.

128

Ibid accessed 2011-04-18

Appendix B 11 -Year Timeline of Chinese Cyber Warfare Attacks

2003 The U.S. government's designates Operation Titan Rain as a series of coordinated attacks

on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown. The activity known as 'Titan Rain' is believed to be associated with an Advanced Persistent Threat (APT).129 August: Reports of Chinese hackers against Taiwanese government and commercial sites.130 The Chinese government grants licenses to open Internet cafe chains to just 10 firms,

including three affiliated to the Ministry of Culture, one linked to the politically powerful Central Committee of China Youth League and six state-owned telecom operators.131 2004 2005 Honker Union of China reforms.132 Chinese hackers hit Japan government website over dispute over Diaoyu Island. July: Chinese hacker attacks against Taiwan continues. November: Media reports of attacks against several US military installations.

Bradley Graham, Hackers Attack Via Chinese Web Sites, accessed 29 JUL 2011 via the World Wide Web at http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html 130 Michael Richardson, Taiwan is cyber warfare battlefield and Chinese target says security study, accessed on 24 JUL 2011 via the World Wide Web at http://www.examiner.com/taiwan-policy-in-national/taiwan-is-cyber-warfarebattlefield-and-chinese-target-says-security-study 131 Heidi Blake, Timeline of Chinese web censorship and cyber attacks, accessed 29 JUL 2011 via the World Wide Web at http://www.independent.ie/business/technology/timeline-of-chinese-web-censorship-and-cyber-attacks2426210.html

129

December: The director of the SANS Institute, a security institute in the U.S., said that

the Titan Rain attacks were "most likely the result of Chinese military hackers attempting to gather information on U.S. systems."133 March: Several attacks from sites in allegedly in China against multiple sites in Japan.134 August: Media reporting of Chinese Espionage condemned "Titan Rain." September: According to media staff in Taiwan, the National Security Council is targeted

via social engineering e-mails.135 China purchases over 200 routers from Cisco Systems, an American company, that allow

the government more sophisticated technological censoring capabilities. In October, the government blocks access to Wikipedia.136 2006 British MPs allegedly targeted by Chinese hacking attempts.137 June: Chinese hackers strike at Taiwan MoD.138 August: Claims of Congressional computers being hacked are made.139 November: U.S. Naval War College computers infrastructure reportedly attacked.140

Amit Grower, Cyber Wars Final Frontier: Network Centric Warfare Framework, pp. 20 21, Identity Theft and Financial Fraud Research and Operations Center 133 Ibid. 134 Robin Ghandi, et al, Dimensions of Cyber Attacks, IEEE Technology AND SOCIETY MAGAZINE, pp 15. 135 Ibid, pp 18. 136 Heidi Blake, China hijacks internet traffic: timeline of Chinese web censorship and cyber-attacks, accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142328/Chinahijacks-internet-traffic-timeline-of-Chinese-web-censorship-and-cyber-attacks.html 137 Peter Warren, Smash and grab, the hi-tech way, accessed 25 JUL 2011 via the World Wide Web at http://www.guardian.co.uk/politics/2006/jan/19/technology.security 138 AFP, The Straits Times, Chinese plan to hack into Taiwan websites, No Byline, accessed 29 JUL 2011 via the World Wide Web at http://www.hartford-hwp.com/archives/55/105.html 139 Daniel W. Reilly, Lawmakers say congressional computers hacked by Chinese, accessed 23 JUL 2011 via the World Wide Web at http://www.politico.com/blogs/thecrypt/0608/AP_Lawmakers_say_congressional_computers_hacked_by_Chinese.h tml 140 Siobahn Gorman, China Expands Cyberspying in U.S., Report Says, accessed on 22 JUL 2011 via the World Wide web at http://online.wsj.com/article/SB125616872684400273.html

132

January: A group of former senior Communist party officials in China criticize the

internet censorship, warning that it could "sow the seeds of disaster" for China's political transition.141 February: Google agrees to block websites that the Chinese Government deems illegal, in

exchange for a license to operate on Chinese soil. The search engine responds to international criticism by protesting that it has to obey local laws.142 May: Chinese Internet users encountered difficulties when connecting to Hotmail,

Microsoft's popular email service. Microsoft says the break in service is caused by technical problems, but there is widespread speculation that the incident is linked to state censorship. In the last week of May, Google and many of its services also became unreachable.143 July: Researchers at Cambridge University claim to have broken through the Great

Firewall of China in response, the Peoples Republic of China Government imposed blocks on large portions of the web.144 November: The Chinese language version of Wikipedia is briefly unblocked before being shut down again the same month.145

Heidi Blake, China hijacks internet traffic: timeline of Chinese web censorship and cyber-attacks, accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142328/Chinahijacks-internet-traffic-timeline-of-Chinese-web-censorship-and-cyber-attacks.html 142 GOOGLE AND INTERNET CONTROL IN CHINA:A NEXUS BETWEEN HUMAN RIGHTS AND TRADE?, HEARING before the CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA ONE HUNDRED ELEVENTH CONGRESS SECOND SESSION, U.S. GOVERNMENT PRINTING OFFICE, Washington DC March 2010 143 Yi Heng, China Internet Censorship, accessed 29 JUL 2011 via the World Wide Web at http://www.facebook.com/topic.php?uid=64863896079&topic=7889 144 Tom Espiner, Academics break the Great Firewall of China, accessed 29 JUL 2011 via the World Wide Web at http://news.cnet.com/2100-7348_3-6090437.html 145 Simon Burns, Wikipedia partly unblocked in China, accessed 30 JUL 2011 via the World Wide Web at http://www.pcauthority.com.au/News/84044,wikipedia-partly-unblocked-in-china.aspx

141

2007 The Chinese government hacked a noncritical DoD computer system in June.146 Pentagon investigators could not definitively link the cyber-attack to the Chinese

military, a source said, but the technology was sophisticated enough that it indicated to Pentagon officials as well as those in charge of computer security that it came from within the Chinese government.147 German Chancellery compromised and China was accused of being the perpetrator.148 U.S. Pentagon email servers compromised for an extended period, with the cost to Oak Ridge National Laboratory targeted by Chinese hackers.150 June: Office of the Secretary of Defense (OSD) computers attacked via malicious e151

recover reported as $100 million.149 mail.

December: MI5 Issues warring on Chinese Cyber Attacks.152 January: President Hu Jintao, the Peoples Republic of China President, pledges to

"purify" the Internet. He makes no specific mention of censorship, saying China needs to "strengthen administration and development of our country's Internet culture."153

Jennifer Griffin, Pentagon Source Says China Hacked Defense Department Computers, accessed 22 JUL 2011 via the World Wide Web at http://www.foxnews.com/story/0,2933,295640,00.html 147 Fox News.com from Financial Times, No ByLine, Pentagon Source Says China Hacked Defense Department Computers, accessed 21 JUL 2011 via the World Wide Web at http://www.foxnews.com/story/0,2933,295640,00.html 148 Speigel Staff, Merkel's China Visit Marred by Hacking Allegations, accessed 30 JUL 2011 via the World Wide Web at http://www.spiegel.de/international/world/0,1518,502169,00.html 149 Richard Stiennon, Haephrati technique used to crack US research lab,accessed 26 JUL 2011 via the World Wide Web at http://www.zdnet.com/blog/threatchaos/haephrati-technique-used-to-crack-us-research-lab/497 150 Ibid. 151 Robert McMillan, Pentagon Shuts Down Systems After Cyber-Attack, accessed via the World Wide Web on 24 JUL 2011 at http://www.pcworld.com/article/133301/pentagon_shuts_down_systems_after_cyberattack.html 152 Michael Smith, Spy chiefs fear Chinese cyber attack, accessed via the World Wide Web on 24 JUL 2011 at http://www.timesonline.co.uk/tol/news/uk/article5993156.ece 153 Chinas Communists Seek to Purify The Net, No ByLine, Status of Chinese People ( ) Website accessed 23 JUL 2011 via the World Wide Web at http://chinaview.wordpress.com/2007/01/27/chinas-communistsseek-to-purify-the-net/

146

10

March: Access to the LiveJournal, Xanga, Blogger and Blogspot blogging services from

within China become blocked. Blogger and Blogspot become accessible again later the same month.154 June: American military warn that China is gearing up to launch a cyber-war on the U.S. and has plans to hack U.S. networks for trade and defense secrets.155

Kelley Beyer, Jumping the Great Firewall: Social Media Among Chinas Youth, accessed on 25 JUL 2011 via the World Wide Web at http://www.datelineshanghai.com/scaling-the-great-internet-wall/ 155 Webster G. Tarpley, US Readies Cyberwar, Virtual-Flag Terrorism, accessed 23 JUL 2011 via the World Wide Web at http://rockcreekfreepress.tumblr.com/post/465992689/us-readies-cyberwar-virtual-flag-terrorism

154

11

2008 December: French Embassy Web site attacked in protest over meeting with the Dali

Lama.156 April: MI5 writes to more than 300 senior executives at banks, accountants and legal

firms warning them that the Chinese army is using Internet spyware to steal confidential information.157 June: Hu Jintao, the Chinese president, makes his first tentative steps online by answering questions on a web forum.158 August: China faces widespread criticism for Internet censorship in the run-up to the

Beijing Olympics. The government surprises critics by lifting some of the restrictions, making the websites of human rights organizations such as Amnesty International accessible for the first time.159 2009 March: Operation GhostNet is detected: China's global cyber-espionage network

GhostNet penetrates 103 countries. A vast Chinese cyber-espionage network, codenamed GhostNet, has penetrated 103 countries and infects at least a dozen new computers every week, according to researchers.160 The three largest resource companies in Australia, including Rio Tinto, are

compromised.

CHINESE CYBERNATIONLISTS AND HACKERS AND THEIR ACTIVITIES IN CHINA AND ABROAD website, No Byline, accessed 26 JUL 2011 via the World Wide Web at http://factsanddetails.com/china.php?itemid=1636&catid=7&subcatid=43 157 Ibid. 158 Richard Spencer, China: Internet debut for leader Hu Jintao, accessed on 21 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/2164637/China-Internet-debut-for-leader-Hu-Jintao.html 159 CHINESE CYBERNATIONLISTS AND HACKERS AND THEIR ACTIVITIES IN CHINA AND ABROAD website, No Byline, accessed 26 JUL 2011 via the World Wide Web at http://factsanddetails.com/china.php?itemid=1636&catid=7&subcatid=43 160 Malcolm Moore, China's global cyber-espionage network GhostNet penetrates 103 countries, accessed 16 JAN 2011 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/5071124/Chinas-globalcyber-espionage-network-GhostNet-penetrates-103-countries.html

156

12

April: Compromise of systems across 103 countries by Chinese cyber spies while April: Daily attacks reported against German government.162 April: The Chinese government denies reports of hacking the Australian Prime Ministers April: Chinese hackers targeting South Korea official with social engineered e-mail.164 March: Bill Gates, Chairman of Microsoft, weighs into the Internet censorship argument,

Chinese government denies enrollment in GhostNet.161

e-mail.163

declaring that "Chinese efforts to censor the Internet have been very limited" and that the Great Firewall of China is "easy to go around". His comments are met with scorn by commentators on the web.165 March: The Peoples Republic of China government blocks the video-sharing website YouTube after footage appearing to show police beating Tibetan monks is posted on the site.166 June: China imposes an information black-out in the lead up to the anniversary of the

Tiananmen Square massacre, blocking access to networking sites such as Twitter as well as BBC television reports.167 June: China faces a storm of criticism over plans to force all computer users to install

Green Dam Internet monitoring software. The plan is dropped in August.

Ibid. Marcel Frstenau, Andreas Illmer, Germany shores up defenses against Internet attacks accessed 26 JUL 2011 via the World Wide Web at http://www.dw-world.de/dw/article/0,,14870892,00.html 163 Chinese Cyberwar Attacks Canadian and Australian Governments, No Byline, accessed 30 MAR 2011 via the World Wide Web at http://beforeitsnews.com/story/522/258/Chinese_Cyberwar_Attacks_Canadian_and_Australian_Governments.html 164 Ricardo Gatomalo, Chinese Hacker TimeLine, accessed 24 JUL 2011 via the World Wide Web at http://uscyberlabs.com/blog/?p=6 165 Robert McMahon and Isabela Bennett, U.S. Internet Providers and the 'Great Firewall of China' accessed 24 FEB 2011 via the World Wide Web at http://www.cfr.org/china/us-internet-providers-great-firewall-china/p9856 166 MSNBC via the associated Press, No Byline, China blasts video claiming Tibet violence, accessed via 25 JUL 2011 via the World Wide Web at http://www.msnbc.msn.com/id/29863003/ns/world_news-asia_pacific/t/chinablasts-video-claiming-tibet-violence/ 167 Peter Foster, China begins internet 'blackout' ahead of Tiananmen anniversary, accessed via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/5429152/China-begins-internet-blackout-ahead-ofTiananmen-anniversary.html
162

161

13

June: Lord West, the British security minister, warns that Britain faces the threat of a

"cyber cold war" with China amid fears that hackers could gain the technology to shut down the computer systems that control Britain's power stations, water companies, air traffic, government and financial markets.168 August: The U.S. Government begins covertly testing technology to allow people in

China and Iran to bypass Internet censorship firewalls set up by their own governments. December: The Peoples Republic of China government offers rewards of up to 10,000

Yuan (888) to users who report websites featuring pornography. The number of pornographic related searches in China skyrockets.169 2010 Shadows in the Cloud report from the SecDev Group on successful attacks against India's

military networks.170 January: The Operation Aurora attack aimed at dozens of other organizations, of which

Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also among the targets.171 January: China announces plans to force its 400 million Internet users to register their

real names before making comments on the country's many chat rooms and discussion forums.

Duncan Gardham, Al-Qaeda, China and Russia 'pose cyber war threat to Britain', warns Lord West, accessed 29 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/news/uknews/law-and-order/5634820/Al-QaedaChina-and-Russia-pose-cyber-war-threat-to-Britain-warns-Lord-West.html 169 Heidi Blake, China hijacks internet traffic: timeline of Chinese web censorship and cyber-attacks, accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142328/Chinahijacks-internet-traffic-timeline-of-Chinese-web-censorship-and-cyber-attacks.html 170 Joint Report, Information Monitor and ShadowServer Foundation, Shadows in The Cloud: Investigating Cyber Espionage 2.0 Report accessed on 29 JUL 2011 via the World Wide Web at http://www.nartv.org/mirror/shadowsin-the-cloud.pdf 171 Kelly Jackson Higgins, 'Fog of War' Led To Operation Aurora Malware Mistake, accessed 31 MAR 2010 via the World Wide Web at http://www.darkreading.com/database-security/167901020/security/attacksbreaches/224200972/fog-of-war-led-to-operation-aurora-malware-mistake.html

168

14

January: Around 5,000 people in the Peoples Republic of China are arrested for viewing

Internet pornography and 9,000 websites are deleted for containing sexual images and other "harmful information".172 January: Google threatens to pull out of China if it is not allowed to operate without

censorship. The search engine blames the government for "highly sophisticated" attacks on its servers and attempts to target the Gmail accounts of human rights activists.173 March: Google shuts down its China-based search engine and redirects users to an uncensored site based in Hong Kong.174 April: Chinese state-owned telecommunications firm "hijacks" 15 percent of the world's

Internet traffic, including highly sensitive U.S. government and military exchanges, raising security fears.175 June: The Peoples Republic of China Government restricts access to Foursquare after players used the geo-location service to draw attention to the 21st anniversary of the Tiananmen Square massacre.176 July: Google stops automatically redirecting users of its Chinese search engine to its

Hong Kong site, but continues to allow users to access the uncensored search engine by clicking a separate tab. The following week, the row between the search giant and the superpower seems to have drawn to a close as the Chinese government renews Google's licensed to operate its business in China.177

ZiXue Tai, The Internet in China Cyberspace and Civil Society, Routledge, 2006, pp. 99, 133, and 156. Edmund Conway, Google threatens to quit China over censorship, accessed 13 JAN 2010 via the World Wide Web at http://www.telegraph.co.uk/technology/google/6977756/Google-threatens-to-quit-China-overcensorship.html 174 Miguel Helft and David Barboza, Google Shuts China Site in Dispute Over Censorship, accessed 22 MAR 2010 via the World Wide Web at http://www.nytimes.com/2010/03/23/technology/23google.html 175 Heidi Blake, China 'hijacks' 15 per cent of world's internet traffic , accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142267/China-hijacks-15-per-cent-of-worldsinternet-traffic.html 176 Claudine Beaumont, Foursquare blocked in China, accessed 29 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/technology/social-media/7802992/Foursquare-blocked-in-China.html 177 BBC News Business website, No ByLine, Google says China licence renewed by government accessed via the World Wide Web on 10 JUL 2010 at http://www.bbc.co.uk/news/10566318
173

172

15

November: A security report to the U.S. Congress warns that the hijacking of 15 percent

of the world's Internet traffic by a Chinese telecommunications firm may have been "malicious" including data from U.S. military, civilian organizations and those of other U.S. allies.178 2011 January 14: U.S. warns on China cyber, anti-satellite capability -"Advances by China's

military in cyber and anti-satellite warfare technology could challenge the ability of U.S. forces to operate in the Pacific, U.S. Defense Secretary Robert Gates said during a visit to Japan.179 February 4: China attacks British government computers. William Hague British Foreign

Secretary and First Secretary of State told a security conference in Munich that the Foreign Office repelled the attack last month from "a hostile state intelligence agency". Although the foreign secretary did not name the country behind the attacks, intelligence sources familiar with the incidents made it clear he was referring to China. The sources did not want to be identified because of the sensitive nature of the issue. February 9: Its reported that Oil Firm Hit by Hackers From China and that Western

energy firms have specifically been targeted in cyber espionage attacks, apparently orchestrated by hackers working from inside China.180 February 17: In March, Andrew Jacobs, a correspondent working for The New York

Times in Beijing, peered for the first time into the obscure corners of his Yahoo e-mail account settings. Under the "mail forwarding" tab was an e-mail address he had never seen before. That other e-mail address had been receiving copies of all of his incoming e-mails for months. His account had been hacked.181

European Times, No ByLine, accessed 20 NOV 2010 via the World Wide Web at http://www.eutimes.net/2010/11/china-has-hijacked-us-based-internet-traffic/ 179 TAIPEI TIMES, No ByLine, Chinas military advances challenge US power: Gates accessed on 15 JAN 2011 via the World Wide Web at http://www.taipeitimes.com/News/front/archives/2011/01/15/2003493537 180 Nathan Hodge and Adam Entous, Oil Firms Hit by Hackers From China, Report Says, accessed on 10 FEB 2011 via the World Wide Web at http://online.wsj.com/article/SB10001424052748703716904576134661111518864.html 181 Samuel Wade, Journalists Under Online Attack, in China and Beyond, accessed 17 FEB 2011 via the World Wide Web at http://chinadigitaltimes.net/2011/02/journalists-under-online-attack-in-china-and-beyond/

178

16

February 17: Foreign hackers attack Canadian Government an "unprecedented" cyber-

attack on government computers, and was traced back to computers in China. From CBC: The attack, apparently from China, also gave foreign hackers access to highly classified federal information and also forced the Finance Department and Treasury Board the Federal government's two main economic nerve centers off the Internet.182 March 10: China's growing capabilities in cyber-warfare and intelligence gathering are a

"formidable concern" to the United States, the top U.S. intelligence official told a Senate panel.183 April 5: The Toronto spy hunters not only learned what kinds of material had been stolen,

but were able to see some of the documents, including classified assessments about security in several Indian states, and confidential embassy documents about India's relationships in West Africa, Russia and the Middle East. The intruders breached the systems of independent analysts, taking reports on several Indian missile systems. Spying on computer spies traces data theft to China. They also obtained a year's worth of the Dalai Lama's personal e-mail messages.184 April 19: Rio, BHP, Fortescue Hit by China Computer Hackers185, Rio Tinto Group faced

cyber-attacks from China at about the time of the arrest of four executives in the country, while BHP Billiton Ltd. and Fortescue Metals Group Ltd. have also been hit, Australian Broadcasting Corp. reported.186 April 29: Kaspersky Labs' Threat Post reports that Glass Dragon: China's Cyber

Offensive Obscures Woeful Defense, which outlines China's online defenses, have failed to keep

David Ljunggren and Peter Cooney, Canada hit by cyber-attack from China computers: CBC accessed 17 FEB 2011 via the World Wide Web at http://www.reuters.com/article/2011/02/17/idUSN1623272920110217 183 Paul Eckert and John Whitesides, China's cyber abilities worry U.S. - spy chief, accessed on 10 MAR 2011 via the World Wide Web at http://uk.reuters.com/article/2011/03/10/oukin-uk-china-usa-cyberidUKTRE7295XF20110310 184 John Markoff and David Barboza, Researchers Trace Data Theft to Intruders in China accessed 5 APR 2010 on the World Wide Web at http://www.nytimes.com/2010/04/06/science/06cyber.html 185 Jesse Riseborough, Rio Tinto, BHP Billiton, Fortescue Hit by China Computer Hackers, ABC Says accessed 20 APR 2010 via the World Wide Web at http://www.bloomberg.com/news/2010-04-19/rio-tinto-bhp-billitonfortescue-hit-by-china-computer-hackers-abc-says.html 186 Ibid.

182

17

pace with its widely hyped offensive capabilities.187 For the last 18 months, Dillon Beresford, a security researcher with testing firm NSS Labs and divorced father of one, has spent up to seven hours a day of his spare time crawling the networks of China's state and provincial governments, as well as stealthier networks belonging to the PLA and the country's top universities. Armed with free tools like Metasploit and Netcat, as well as Google Translate, he's pulled back the curtains on the state of cyber security in China. What he's discovered may come as a surprise to many U.S. policymakers and Pentagon officials.188 March 19: EMC RSA - In an open letter, RSA executive chairman Art Coviello

revealed that the information was stolen via an APT (advanced persistent threat) attack. He stated specifically "while at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, [it] could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."189 May 7: China is ramping up espionage efforts in the United States. One key component

of their strategy is to recruit U.S. citizens to join clandestine defense organizations and pass along information to Chinese handlers. In a specific incident reported by the Associated Press a successfully recruited citizen was said to be a seemingly all-American, clean-cut guy: No criminal record. Engaged to be married. A job teaching English overseas. In letters to the judge, loved ones described the 29-year-old Midwesterner as honest and caringa good citizen. His fiance called him "Mr. Patriot."190

Paul Roberts, Glass Dragon: China's Cyber Offense Obscures Woeful Defense accessed on27 APR 2011 via the World Wide Web at http://threatpost.com/en_us/blogs/glass-dragon-chinas-cyber-offense-obscures-woeful-defense042711 188 Ibid. 189 Adam Vincent, RSA hacked by Advanced Persistent Threat (APT) accessed on 19 MAR 2011 via the World Wide Web at http://www.cybersquared.com/rsa-hacked-by-advanced-persistent-threat-apt/ 190 Pauline Arrillaga, AP IMPACT: China's spying seeks secret US info, accessed 7 MAY 2011 via the World Wide Web at http://www.cbsnews.com/stories/2011/05/07/ap/business/main20060765.shtml

187

18

May 25: China set up a specialized online "Blue Army" unit that it claims will protect the

People's Liberation Army from outside attacks, prompting fears that the crack team was being used to infiltrate foreign governments' systems.191 May 30: During an infrequent and rare briefing reported by the Beijing News,, China's

defense ministry spokesman, Geng Yansheng, announced that a 30-strong team, China's cyber squad for defense called Blue Army, was formed to improve the military's security.192 May 5: Lockheed Martin, the largest provider of IT services to the U.S. government and

military, suffered a network intrusion stemming from data stolen pertaining to RSA. It seems that the cyber-thieves managed to compromise the algorithm used by RSA to generate security keys. RSA will have to replace the SecurID tokens of more than 40 million customers around the world, including some of the world's biggest companies.193 May 19: A cyber-attack directed at the Norwegian Military happened when 100 senior

military personnel received an email in Norwegian with an attachment. The attached file was in reality a Trojan designed to steal information. At least one person opened the attachment, but the attack was a failure and no data was lost.194 May: Citigroup revealed that information for more than 360,000 U.S. credit card

accounts had been compromised by a website hack. The worst thing about this attack is the fact that the data thieves did not even have to hack a server.195 June 22: China restricts popular report-a-bribe websites - Chen's website

http://www.ibribery.com drew 200,000 unique visitors in two weeks. Its anonymous posts wrote about bribing everybody: from officials who demanded luxury cars and villas, to police

Robert Cazares, China Confirms Existence of Elite Cyber-Warfare Outfit the 'Blue Army', accessed 26 MAY 2011 via the World Wide Web at www.foxnews.com/scitech/2011/05/26/china-confirms-existence-blue-army-elitecyber-warfare-outfit/?test=latestnews 192 Li Hong, China's cyber squad is for defense - Blue Army, accessed 31 MAY 2011 via the World Wide Web at http://english.peopledaily.com.cn/90002/96743/7395784.html 193 Matt Liebowitz, Lockheed Martin Suffering 'Major' Network Disruption, accessed 27 MAY 2011 via the World Wide Web at http://www.securitynewsdaily.com/lockheed-martin-suffering-major-network-disruption-0828/ 194 John E. Dunn, Norwegian military admits to March cyber-attack , accessed 24 MAY 2011 via the World Wide Web at http://www.cio.com.au/article/387581/norwegian_military_admits_march_cyberattack/ 195 AFP News Website, No ByLine, Citigroup says 360,000 US credit card accounts hacked, almost double original estimate, http://www.theaustralian.com.au/australian-it/citigroup-says-360000-us-credit-card-accounts-hackedalmost-double-original-estimate/story-e6frgakx-1226076520086

191

19

officers who needed inducements not to issue traffic tickets. Some ousted doctors receiving cash under the table to ensure safe surgical procedures. Mainstream media spread word about the site, amplifying the outrage among netizens.196 June 24: Since 2008, the Chinese government has opened a string of National Intelligence

Colleges on campuses around the country in an effort to improve the skills of the nation's spies. The Telegraph reported that The move comes amid growing worries in the West at the scale and breadth of Chinese intelligence-gathering, with MI5 saying that the Chinese government "represents one of the most significant espionage threats to the UK".197 June: International Monetary Fund said it had been targeted by a sophisticated cyber-

attack for months, even though the organization has made no public statement about the motivation behind it. The nature of the information stored by the institution would seem to indicate that this was a targeted attack made public. This data included user names, FTP accounts and even FTP login details stored in plain text files.198

Chi-Chi Zhang, China restricts popular report-a-bribe websites, accessed 22 JUN 2011 via the World Wide Web at http://seattletimes.nwsource.com/html/nationworld/2015389255_apaschinabriberybattle.html?syndication=rss 197 Malcolm Moore, China opens string of spy schools, accessed on 29 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8596647/China-opens-string-of-spy-schools.html 198 Rory Cellan-Jones, IMF hit by 'very major' cyber security attack, accessed 12 JUN 2011 via the World Wide Web at http://www.bbc.co.uk/news/world-us-canada-13740591

196

20