Professional Documents
Culture Documents
ISBN: 9781849283342
Conclusions of the research and accompanying analysis indicate that there is a direct and quantifiable historical linkage between the Peoples Republic of China and cyber warfare. This correlation is divided into three sectors as a nation state information warfare initiative; these three separate and distinct aspects are the Communist Party of China (CPC), the Peoples Liberation Army (PLA) and commercial corporate entities. Given current events in the U.S. Department of Defenses (DoD) 5th domain of warfare, cyber and information warfare, the conclusion can be made that indeed there are clear and present dangers emanating from cyber-space, whether it is an individual acting alone, a non-governmental organization (NGO), a military or even a government sponsored cyber initiative. However, at some point the research must conclude and a response from the U.S. is imminent. It is fair to say that there is a true danger from the Peoples Republic of China from a cyber-warfare perspective. The China cyber threat is omnipresent and is manifested by official Communist Party of China (CPC) edicts, the Peoples Liberation Army, commercial enterprise espionage and civilian hacktivists.
Table of Contents
Executive Summary ........................................................................................................................ 1
Problem/Opportunity Statement ............................................................................................................... 1 Results & Recommendations .................................................................................................................... 2
Description of paper methodology................................................................................................ 12 Statistics of the Cyber Warfare Threat.......................................................................................... 12 Statistics of the Chinese Cyber Warfare Threat ............................................................................ 14 Overview of the Attackers ............................................................................................................ 17
The Peoples Republic of China Communist Party of China (CPC) .................................................. 17 Peoples Liberation Army (PLA) ........................................................................................................... 18 State Owned Enterprises (SOE) ............................................................................................................. 18 Civilian Hackers (Hacktivists) ............................................................................................................... 18 3
Chinas Thousand Grains of Sand .......................................................................................................... 29 Eight Pillars of the PLAs Cyber Warfare Strategy: Why is the PLA pursuing Cyber Warfare? .......... 29
Conclusions of applying the Eight Pillars of Unrestricted Chinese Warfare to the Peoples Liberation Army use of Information and Cyber Warfare ........................................................................................ 36 Chinese State Owned Enterprises (SOE) & the PLA............................................................................. 37 Where is the alleged Chinese Cyber Warfare Threat Coming From?.................................................... 44 OMITTED.............................................................................................................................................. 44 Specific Alleged Peoples Republic of China Cyber Attacks ................................................................ 44
Analysis of the information collected ........................................................................................... 47 Results of the research and analysis and conclusions ................................................................... 48 Recommendations for a solution to the problem .......................................................................... 48 References ....................................................................................................................................... 1
Appendix A Significant Peoples Liberation Army (PLA) Information Warfare Personalities ............ 4 Appendix B 11 -Year Timeline of Chinese Cyber Warfare Attacks...................................................... 7
.............................................. 27
) ........................................................................... 29
Introduction
Motivation of the Peoples Republic of China
The motivation of the Peoples Republic of Chinese to conduct cyber-warfare is comprised of fear, self-preservation and hegemony. China, also known as the Middle Kingdom, has a centuries old history of being invaded by foreigners, or outsiders, in fact the Chinese characters or symbols for foreigner are derogatory and mean outsider, non-Chinese. literally means outsider, and the English Pin Yin pronunciation is Wigu rn. Thus, based upon a history of invasions, the Chinese have developed a very strong sense of defending themselves. From Sun Tzus Art of War treatise, which details how commanders in the ancient Chinese armies were to conduct battle both tactically and strategically, to the Thirty Six Strategies of Ancient China, which explain economic, political and psychological tactics and strategies for dealing with Wigu rn to Sun Pins Military Methods(great grandson of Sun Tzu) which further elaborated on the Art of War, bringing more military clarity and definition of purpose to martial China; and finally Military Methods and the Seven Military Classics of Ancient China, of which the Art of War was only one of the seven allowed to be seen outside of the Ancient Imperial Chinese Government, these classics explain in great detail how to overcome, through a combination of political, economic, espionage, military, psychological and strategic means enemies of China, the Wi gu rn, . While the Chinese outwitted, out maneuvered their opponents in the Forbidden City and on the battlefield, they were still subject to abject humiliation by foreign invaders. Over centuries the Chinese tried to physically stop the mass invasions by building one of the Seven Wonders of the World, the Great Wall of China. To no avail, the Mongols, Marco Polo and others simply went around the wall or through it at various geographic locations. It is with an understanding of Chinese history from 500 B.C. through the various dynasties, repeated invasions by the Mongols led by Ghengis Khan and his sons, to the Boxer Rebellions in 1910, to the subsequent invasion by the Mao Tse Tung supported and endorsed Japanese invasions of the 1930s and 1940s, that one starts to minimally understand the motivations of the Peoples Republic of China for carrying out cyber-warfare: they want to be
5
first to the cyber fight, demonstrate to the world that they have dominance and proactively defend their country against would be cyber attackers. Todays Chinese cyber-warfare is born of official CPC edicts that the PLA and others, e.g., SOE and hacktivists, will conduct cyber warfare in the form of hacking other nation states to gain intelligence on possible operations which could harm China, and gathering economic information that will shed light on where natural resources are located, such as oil, natural gas, and rare earth minerals that will support Chinas economic and national interests. It is this last statement which is the underlying reason behind Chinas forays into cyber space beyond their borders which is currently causing so much concern for both world leaders as well as multi-national corporate leadership. No country is safe, no corporation is safe; those who think they have not been cyber-compromised already have been, and either cannot admit it or simply do not know it yet.
SIOBHAN GORMAN And JULIAN E. BARNES, Cyber Combat: Act of War Pentagon Sets Stage for U.S. to Respond to Computer Sabotage With Military Force, accessed on 14 JUL 2011 via the World Wide Web at http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html
warfare, and the Peoples Liberation Army (PLA) understanding and intent for planning a distinct government sponsored information warfare doctrine. The Communist Party of China (CPC) which is the Government, the Peoples Liberation Army (PLA), numerous State Owned Enterprises (SOE), and Chinese civilians or hacktivists, are all involved in information warfare. The CPC, PLA, hacktivists and SOEs have developed a very sophisticated cyber warfare capability, their methods are intentional and the targets of their computer network attacks (CNA) and computer network exploits (CNE) are as divergent as the Mandarin Chinese language. Cyber threat vectors the government, military, commercial enterprises and citizens are using to gain knowledge and sensitive information include fundamental computer hacking methods, knowledge and sophisticated information warfare techniques that have left no trace of their activities, and angered, puzzled and frustrated the most experienced information technology security professionals in the world. The Chinese allegedly have exploited weaknesses of nation states including the United States, Australia, England, Canada, France, Germany, India, Pakistan, Japan, Taiwan, South Korea, Vietnam and many others via the public Internet and World Wide Web. It is widely reported that the Chinese allegedly invade countries worldwide electronically for the purposes of data exfiltration and gaining competitive economic advantage, while inculcating disruptions in Internet service of countries and organizations who criticize the Chinese political system. The question then of nation state cyber and information warfare brought upon by the Peoples Republic of China will be examined in specific detail during this Capstone thesis argument and will include who is involved, their organization, the culture, history and motivations for carrying out this borderless information war. The distinct challenges the western world faces in terms of potential cyber-attacks from the PRC are daunting and include the facets of one-upmanship, similar to the nuclear threat faced by the former Soviet Union. However in this case cost of conducting an adequate cyber defense is frustrated by the necessity to counter attack. Information Warfare doctrine in the United States, for example, only consists of alerting and defensive measures2. An effective cyber warfare program consistently and effectively applies a
Report of the Defense Science Board Task Force on Information Warfare-Defense (IW-D), November 1996, Office of the Under Secretary of Defense for Acquisition & Technology accessed 14 JUL 2011 via the World Wide Web at http://cryptome.org/iwd.htm
cogent IW doctrine by identifying threats, mitigating these threats based upon the risk, and then countering with a similarly proactive and effective IW offensive capability. This cyber threat of warfare threat mitigation methodology is described below in Figure 1.
Figure 1: Information Warfare (IW) Power Zone. Nation states have the opportunity to mount effective cyber counter attack programs by incorporating in their IW doctrines these three tactics.
Qiao Liang and Wang Xiang sui, Unrestricted Warfare, PLA Literature and Arts Publishing House, February 1999
Statistics of cyber-warfare
Quantifying both the international impact of cyber-warfare as a general security concern and the more specific nature of the alleged Chinese cyber-threat came from a variety of online resources including the U.S. Department of Defense4, United States Strategic Command5 and various online resources listed in citations 6 31 in the footnotes and references.
Cyber Strategy, U.S. Department of Defense, accessed 12 JUL 2011 via the World Wide Web at http://www.defense.gov/home/features/2011/0411_cyberstrategy/
5
U.S. Cyber Command, United States Strategic Command accessed 13 JUL 2011 via the World Wide Web at http://www.stratcom.mil/factsheets/cyber_command/
Citations 107 119 provided information again from McAfee regarding specific examples of alleged cyber-attacks originating from within the PRC. Additional open source resources such as TechCrunch, Frank Saxtons unix designs webpage, helped describe some of the alleged cyber-attack methodologies theorized to have been used from within the PRC to attack Western governments and corporations. Homeland Security Newswire website also provided open source reports about alleged Chinese cyber-attacks on the French G-20 economic summit.
197 all of which are in the footnotes within Appendix C. Sources include news websites such as CNN, BBC, the UKs Telegraph, the SecDev Group, and many other open source resources.
11
The numbers surrounding the composite cyber warfare threat to the United States are daunting. In 2008, there were a total 54,640 total cyber-attacks against U.S. Department of Defense (DoD)6. However a year later this number of cyber incursions increased dramatically as the DoD reported that in the first quarter 2009 alone, there were a tremendous 43,785 cyber incidents of which the DoD networks were targeted, all told, this was a 60 percent increase over the entire reporting year of 20087. Curiously, in response to this growing number of cyberattacks on its networks, the U.S. military spent more than $100 million in the first six months of 2009 repairing damage caused by cyber-attacks, this statement according Army Brigadier General John Davis, deputy commander for network operations8 In 2011 the U.S. Federal Government will spend $8.3 billion to protect that is defend, its networks and computers from hackers, a year over year budget increase of a staggering 60 percent. A leading indicator of why the U.S. Government and DoD are in the reactive mode, providing a proverbial finger-in-the-dike to the seemingly exponentially growing spate of cyber-attacks, is that both government entities, when considering and procuring cyber defense
Angela Moscaritolo, Report: Cyberattacks against the U.S. "rising sharply", accessed 16 DEC 2010 via the World Wide Web at http://www.scmagazineus.com/report-cyberattacks-against-the-us-rising-sharply/article/158236/ 7 Ibid. 8 Ibid.
12
technologies are still living in the era of ensuring the cyber defense technology is designed according to military specifications (MILSPEC). For example, it takes the Pentagon 81 months to make a new computer system operational once it is first funded. Conversely, in the commercial world the development of the iPhone from initial artist concept, to design and production models for sale to the public, took Apple Corporation just 24 months.9 The U.S. Government and DoD could take a sense of urgency lesson from Apples business handbook. In a speech last year, Deputy Secretary of Defense William J. Lynn said that at the Pentagon alone, there were an estimated 90,000 people engaged in administering, monitoring and defending 15,000 networks connecting 7 million computers.10 As if to answer the need for information security defense, the Pentagons fiscal 2011 budget proposal unveiled in January 2011 described that cyber security would receive a $105 million increase from the previous year. The DoDs sub-command dedicated to cyber warfare located a facility in Fort Meade, Maryland, known as U.S. Cyber Command, is slated for a fiscal 2011 budget of $139 million,11 yet the pronouncements of adding money to a DoD command dedicated to defending the United States against all cyber enemies, both foreign and domestic did not, however, deter hackers from offering U.S DoD .mil websites for sale on the Internet, after they had been hacked.12 The North Atlantic Treaty Organization (NATO) began their implementation of a cybershield plan13 in response to the growing number of cyber hack attacks against their organization. Similarly, and for the same defensive reasons and measures, so have the United Kingdom, Germany, Australia, South Korea, Japan, Taiwan, France and many other nations who have seen and experienced an increase in cyber-related attacks on their networks.
John D. Banusiewciz, Deputy Secretary Lynn Details Anti-Cyber Threat Strategy, accessed on 14 JUL 2011 via the World Wide Web at http://www.defense.gov/news/newsarticle.aspx?id=64351 10 Angela Moscaritolo, Report: Cyberattacks against the U.S. "rising sharply", accessed 16 DEC 2010 via the World Wide Web at http://www.scmagazineus.com/report-cyberattacks-against-the-us-rising-sharply/article/158236/ 11 John J. Kruzel, Cybersecurity Seizes More Attention, Budget Dollars accessed on 26 DEC 2010 via the World Wide Web at http://www.defense.gov/news/newsarticle.aspx?id=57871 12 INFO SECURITY Website, No Byline, Hackers sell access to military and government websites accessed on 25 JAN 2011 via the World Wide Web at http://www.infosecurity-magazine.com/view/15365/hackers-sell-access-tomilitary-and-government-websites/ 13 INFO SECURITY Website, No Byline, NATO begins implementation of cyber shield plan accessed on 25 JAN 2011 via the World Wide Web at http://www.infosecurity-us.com/view/15410/nato-begins-implementation-ofcyber-shield-plan/
13
The JAMESTOWN FOUNDATION Website, No Byline, Mission Statement & Origins accessed on 7 FEB 2010 via the World Wide Web at http://www.jamestown.org/aboutus/ 15 Phil Muncaster, Night Dragon Chinese hackers go after energy firms accessed on 12 FEB 2011 via the World Wide Web at http://krypt3ia.wordpress.com/2011/02/28/operation-night-dragon-nothing-new-but-it-bears-somerepeating/ 16 McAfee Labs Website, Night Dragon Overview accessed on 12 FEB 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx 17 Kelly Jackson Higgins, Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property accessed on 14 JAN 2011 via the World Wide Web at http://www.darkreading.com/databasesecurity/167901020/security/attacks-breaches/222300840/index.html 18 PCMAG.COM Website, Definition of: zero-day exploit accessed on 7 JUL 2011 via the World Wide Web at http://www.pcmag.com/encyclopedia_term/0,2542,t=zero-day+exploit&i=55204,00.asp 19 Kelly Jackson Higgins, Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property accessed on 13 JAN 2010 via the World Wide Web at http://www.darkreading.com/databasesecurity/167901020/security/attacks-breaches/222300840/index.html 20 Kim Zetter, Google Hack Attack Was Ultra Sophisticated, New Details Show accessed on 16 JAN 2010 via the World Wide Web at http://www.wired.com/threatlevel/2010/01/operation-aurora/
14
14
Answering the claims that the PRC is behind these cyber-attacks a China military paper urges steps against U.S. cyber war threat.21, 22 Uniquely, a report by the US-China Economic and Security Review Commission (USCC) details Chinese conduct of "aggressive and large-scale" espionage against the United States,23 but it doesnt give specific facts with evidence to support any claims of Chinese cyber-hacking. What is most compelling is that besides the United States, Australia, the United Kingdom and Germany are also very concerned about the Chinese use of espionage to harvest competitive business information24 and have established their own national cyber-defense organizations. According to a recent Reuters special report: (sic) cyberspy vs. cyberspy, China has the edge25, cyber-attacks from China have been steadily increasing in frequency and velocity all with intent and purpose of gathering and harvesting economic information from foreign companies, yet again, no specific attributable evidence supporting statements about factual cyber-borne attacks from China, just that the PRC has a honed and distinct technological advantage when it comes to cyber-espionage. Further information from this report by Reuters, indicated that U.S. defense investigators had uncovered an alleged Chinese Military hacking operation they aptly named "Byzantine Hades"; U.S. investigators indirectly attributed this series of cyber-attacks to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China's People's Liberation Army.26The British intelligence organization, MI5, accused China of cyber-espionage in a leaked report titled The Threat from Chinese
21
Chris Buckley, China military paper urges steps against U.S. cyber war threat (Reuters) accessed on 17 JUN 2011 via the World Wide Web at http://wallstreetrun.com/china-military-paper-urges-stepsagainst-u-s-cyber-war-threat-reuters.htm 22 Ibid. 23 Jeremy Reimer, Report: Chinese conduct "aggressive and large-scale" espionage against US accessed on 7 JUL 2011 via the World Wide Web at http://arstechnica.com/security/news/2007/11/report-chineseconduct-aggressive-and-large-scale-espionage-against-us.ars 24 Ibid. 25 Brian Grow and Mark Hosenball, Special report: In cyberspy vs. cyberspy, China has the edge accessed on 14 APR 2011 via the World Wide Web at http://www.reuters.com/article/2011/04/14/us-china-usacyberespionage-idUSTRE73D24220110414 26 Ibid.
15
Espionage; in the report, which was sent to a variety of British corporate and governmental leaders,27 it candidly details electronic espionage as a specific cyber-attack threat vector.28 The Virtual Criminology Report found that attacks had progressed from initial curiosity probes to well-funded and well-organized operations for political, military, economic and technical espionage,29 while not naming the PRC as the source of the cyber-probes, the report attempts to build a case for attribution to the PRC. China says it is not involved in cyber warfare with U.S., according to Chinese Vice Foreign Minister Cui Tian kai.30 Yet, in an academic paper by Wang Jian wei, a graduate engineering student in Liaoning, China, includes specific and explicit details for methods to hack the U.S. energy grid. Subsequently this research paper of course set off numerous DHS and DoD alarms in the U.S.31 Statistics of the Peoples Republic of China cyber threat to the United States military are a small fraction of the overall known threat. This project examines the foundations of the Chinese Governments intent and motivation through an examination of the Peoples Liberation Army (PLA), Commercial Enterprises, their theft of intellectual property and the use of Chinese civilians to carry out a variety of cyber based hacks and malware based assaults. One statement is absolutely true: the statistics and facts surrounding the Chinese-based cyber threats are evolving daily and infinitely unceasing.
Lucas Constantin, MI5 Accuses China of Cyber-Espionage accessed on 7 JUL 2011 via the World Wide Web at http://news.softpedia.com/news/MI5-Accuses-China-of-Cyber-Espionage-133681.shtml 28 Rhys Blakely, Jonathan Richards, James Rossiter and Richard Beeston, MI5 alert on Chinas cyberspace spy threat accessed on 7 JUL 2011 via the World Wide Web at http://business.timesonline.co.uk/tol/business/industry_sectors/technology/article2980250.ece 29 Ibid. 30 Don Durfee, China says no cyber warfare with U.S. accessed on 22 JUN 2011 via the World Wide Web at http://www.reuters.com/article/2011/06/22/us-china-usa-cyberwar-idUKTRE75L1VJ20110622 31 JOHN MARKOFF and DAVID BARBOZA, Academic Paper in China Sets Off Alarms in U.S. accessed on 15 JAN 2011 via the World Wide Web at http://www.nytimes.com/2010/03/21/world/asia/21grid.html
27
16
Figure 2: Heat map of inbound and outbound cyber-attacks over a 48-hour period South China Region32
32
AKAMAI Website. No Byline, accessed on 25 JAN 2011 via the World Wide Web at http://www.akamai.com/html/technology/dataviz1.html 33 Russell Hsiao, Chinas Cyber Command?, accessed 22 JUL 2010 via the World Wide Web at http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews[tt_news]=36658&tx_ttnews[backPid]=414&no_c ache=1
17
technical vision that information warfare will be carried out by the PLA, State Owned Enterprises (SOE) and citizen hackers, or hacktivists. Peoples Liberation Army (PLA) The PLA, until only recently has little shed on it information warfare (IW) operations. Their official cyber command was started only in 2010. Prior to 2010 the PLAs organizational structure for information warfare was fairly fractured and geographically separated amongst the seven regional military commands. Command structures within the PLAs information warfare mission were generally based around significant universities who had developed computer science programs, significant bandwidth to the Internet and CPC over watch in the form of political officers. Examples of the early information units were found at Beijing University, Tsing Hua University and many others spread across the Peoples Republic of China. State Owned Enterprises (SOE) State Owned Enterprises in the Peoples Republic of China originally formed during the immediate post Mao economic reform under Deng Xiao Peng and were called collectives. This is an important nuance when it comes to understanding the commercial cyber threat vector as these original collectives, which were supported by provincial governmental authorities, are now mature, successful multi-national commercial enterprises who have found themselves having to compete on the world stage, without the benefit of knowing how to compete fairly. As a result, these SOEs, who all have direct and indirect ties to the PLA, will use cyber espionage to gather corporate knowledge which will give them an unfair advantage over their competition. Civilian Hackers (Hacktivists) Chinese Hacktivists are an interesting and very dangerous element of the Chinese cyber threat personality parade. Currently they are a very dire problem for the CPC and PLA alike, essentially uncontrollable. Hacktivists use very sophisticated hacking tools and methods in their efforts. Their original main purpose, which was supported by both CPC and PLA, was to keep the honor and pride of China pure. For example, Taiwan and Japan have been repeated targets for Chinese hacktivists. The reasons include reminding Taiwan through web defacement that they are still a province of China, albeit a runaway province. Japan has never been forgiven by the Chinese for the crimes and atrocities they carried out against the Chinese people during the
18
1930s and throughout World War II, specifically the rape and pillaging of Nan Jing and the series of chemical warfare attacks in the Inner Mongolian city of Baotou.
The history of Cyber Warfare in the Peoples Republic of China is, in relative Internet terms, very mature. Beginning on May 03, 2001 China warned the Western Hemisphere of massive hack attacks.34 In 2002 based upon the informatization proposal within the PRC, , the global energy industry saw an emergence of fundamental targeted cyber-attacks worldwide. During a speech before the 16th Party Congress, Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, stated two informatization edicts be undertaken by the Politburo and the PLA; these were35 Critical Infrastructure, specifically the energy sector, is focus of Chinas Information War and Threats due to the connection and interdependence of their information systems with the open Internet, make it a great target, such as the existing power grid in the United States or any foreign country. Why is the Grid such an invaluable target for the Chinese hacking efforts? A modern history in narrative format provides with the following popular examples of indirectly attributed Chinese cyber-warfare. In 2007 GhostNet was an International Cyber Espionage Ring based out of Ling Shui near Hai Nan Island. After over 18 months, a consortium of international law enforcement investigators and researchers from the Munk Institute in Toronto, Canada uncovered deliberate cyber evidence linking the Peoples Liberation Army and the Peoples Republic of China Government to cyber espionage.36 During 2007 - Titan
CNN World News Website, No Byline accessed on 7 JUL 2001 via the World Wide Web at http://articles.cnn.com/2001-05-03/world/china.hack_1_cyber-war-chinese-cyber-chinese-hackers?_s=PM:asiapcf 35 Office of the Secretary of Defense, Military and Security Developments Involving the Peoples Republic of China 2010 accessed on 28 NOV 2010 via the World Wide Web at http://www.defense.gov/pubs/pdfs/2010_CMPR_Final.pdf 36 Scribd Document Server, No Byline accessed on 30 MAR 2009 via the World Wide Web at http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network
34
19
Rain 37 came into the popular information security consciousness, when it was discovered that numerous U.S. Government defense networks, their servers and computers had been compromised by a foreign cyber threat. The FBI called this massive hack attack Titan Rain because of the size, persistent nature and unceasing deluge of cyber exploitation. What is very interesting about 2008 is that Time Magazine reported that Asian web surfers are rated number one in the world for time spent online38 indicating in a general sense that Chinese hacktivists have more time to learn how to effectively hack and target nation states, companies who would criticize the efficacy of Chinese nationalism. According to a U.S. DoD report called Pentagon: China Cyber Weaponry Poses Threat Internet Gives China a Global Military Presence,39 the Chinese military and civilian leaders have not likely thought through the global and systemic effects of the use of these information warfare capabilities. Pentagon officials assert that last year China apparently targeted computer systems around the world, including those operated by the U.S. government. Although these intrusions focused on exfiltration of sensitive information, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks.40
Enemies at the Firewall
The Qln operating system (QLOS), , is an operating system developed by academics at the National University of Defense Technology in the People's Republic of China, and approved for use by the People's Liberation Army. Based on Mach and FreeBSD, it is designed to add an extra level of security to the QLOS operating system. This Chinese operating system is a similar effort to Security-Enhanced Linux that was originally developed primarily by the U.S. National Security Agency. The first public version of was called Kylin41by the western
Nathan Thornburgh, Inside the Chinese Hack Attack accessed on 26 AUG 2005 via the World Wide Web at http://www.time.com/time/nation/article/0,8599,1098371,00.html 38 Vivian Yeo, Asian web surfers top for time spent online, Internet users in China aged below 25 spend on average 50 percent of their leisure time online, according to a survey accessed on 14 DEC 2008 via the World Wide Web at http://www.zdnet.co.uk/news/networking/2008/12/01/asian-web-surfers-top-for-time-spent-online-39568096/ 39 Eric Chabrow, Pentagon: China Cyber Weaponry Poses Threat accessed on 27 MAR 2007 via the World Wide Web at http://www.govinfosecurity.com/articles.php?art_id=1322 40 Ibid. 41 Dancho Danchev, China's 'secure' OS Kylin - a threat to U.S offensive cyber capabilities?
37
20
world, it was released in 2007.42 Qln, as it is known by the Pin Yin pronunciation is a FreeBSD UNIX-based operating system that was developed in response to the Western World restricting export licensing on the Unix-based operating system. Qln is in use by the Ministry of State Security, (MID), 3rd, 4th & 7th Bureaus, all of whom have responsibility for intelligence gathering, collecting and analyzing with the PLA. The question of where the Chinese cyber warfare threat is coming from then arises, and the answer is everywhere but nowhere, , the Pin Yin pronunciation is W ch bzi qu w ch. The Ling Shui Signals Intelligence Facility, which is run by the Third Technical Department of the PLA and operates very close to the infamous Hainan Island Airfield. Recall the captured US Navy P-3 Orion, during which a Peoples Liberation Army Air Force (PLAAF) crashed into a US Navy P-3 Orion reconnaissance aircraft operating out of Okinawas Kadena airbase. In Figure 3 below there is a geographic representation of Hain Nan Island.
accessed on 13 MAY 2009 via the World Wide Web at http://www.zdnet.com/blog/security/chinas-secure-os-kylina-threat-to-us-offensive-cyber-capabilities/3385 42 Bruce Schneier, Kylin: New Chinese Operating System accessed on 19 MAY 2009 via the World Wide Web at http://www.schneier.com/blog/archives/2009/05/kylin_new_chine.html
21
Based upon the current history and trends of Chinese Cyber Warfare, the question must be asked as to whether or not there is a history of cooperation, confusion or complicity? According to blog authors, Network World China has pledged China has pledged to step up administration of Internet45, essentially stating to the world it will police its own civilian hacktivists ensuring these cyber vigilantes wont create conditions for forced cyber retaliation by commercial entities, nation states or fellow hacking professionals.
Map of Hai Nan Island, Hainan Island - Lingshui Area [Topographic Map] Original scale 1:250,000. Portion of AMS series L500, sheet NE 49-6, U.S. Army Map Service, 1961. (474K). 1UpTravel Website accessed on 16 DEC 2010 via the World Wide Web at http://www.1uptravel.com/worldmaps/china30.html 44 Travel Map of Hainan Island, China, Maps Of China accessed 21 JUN 2011 via the World Wide Web at http://www.maps-of-china.net/province/hainanm.htm 45 Marlyn Williams, China pledges to step up administration of Internet The government is expanding control of the Internet to keep pace with new services accessed on 8 MAR 2011 via the World Wide Web at http://www.networkworld.com/news/2011/030711-china-pledges-to-step-up.html?page=1
43
22
Are economic ties between the U.S. and the PRC greater than cyber domination? Another aspect of the potential for Chinese cooperation by the United States and the seemingly unending stream of cyber-attacks is that perhaps the U.S. does not want to end the cyber-attacks. Two particular nefarious reasons come to mind: the U.S. wanting to enter into a cyber-war situation much like the nuclear arms race with the Russians, and the Peoples Republic of China holds a significant amount the U.S. treasury bond market, and if the US were to potentially anger these Chinese loan holders, the implications for both the U.S. and Chinese economies could be potentially devastating.46, 47 Perhaps even the military, the Peoples Liberation Army (PLA) is asserting itself as the power domain within the Central Communist Party (CPC) edicts and constructs for defending and protecting China. Who are the PLA princelings and why are the important and relevant to the cyber warfare initiative in China? Vice President Xi Jin ping48 is a key figure in Chinas cyber dominance efforts. After the Eighteenth Party Congress in Beijing, Xi will wear three very important leadership hats in the Peoples Republic of China: General Secretary of the Chinese Communist Party, President of the People's Republic of China and equally importantly, Chairman of the Central Military Commission which controls the powerful People's Liberation Army. This significant leadership change will occur during the 2012 CPC plenum. Xis history as a political leader in China is a curious one. He is the only Chinese to have publicly criticized Mao Tse Tungs economic Reform called the Great Leap Forward. This criticism did not come without punishment, as he was sent to a rehabilitation program. However, what is remarkable and important to the current state of cyber war in China is that Xi, after his re-programming was actually promoted under Deng Xia Pengs leadership and further economic reform. Thus, while Xi was seen by Mao as a mutinous Communist Party member, subsequent Chinese political and military leadership have significant confidence in him as visionary who has both
Wayne M. Morrison, Marc Labonte, Chinas Holdings of U.S. Securities: Implications for the U.S. Economy Congressional Research Service accessed on 21 JUN 2011 via the World Wide Web at http://www.fas.org/sgp/crs/row/RL34314.pdf 47 Department of the Treasury/Federal Reserve Board, MAJOR FOREIGN HOLDERS OF TREASURY SECURITIES (in billions of dollars) HOLDINGS 1/ AT END OF PERIOD accessed on 21 JUN 2011 via the World Wide Web at http://www.treasury.gov/resource-center/data-chart-center/tic/Documents/mfh.txt 48 Willy Lam, Crown prince Xi consolidates his position with PLA generals and fellow princelings accessed on 25 JAN 2011 via the World Wide Web at http://www.freepressers.com/2011/01/crown-prince-xiconsolidates-his-position-with-pla-generals-and-fellow-princelings/
46
23
mother Chinas well-being in mind and the ability to execute his strategic plans. What about the Peoples Liberation Army? Vice-President Xi Jin ping is consolidating his hold over the military forces, while Xi, 57, was made a Vice-Chairman of the policy-setting Central Military Commission (CMC) only last October, the crown prince has successfully maneuvered to expand his clout over the Peoples Liberation Army (PLA) top general officers.49 The Chinese tradition is one of manipulation which encompasses all aspects of their culture, history, language, international policy and military strategy. Playing one partys side of an issue against anothers, especially if it is in favor of the Chinese desired end-state which usually includes economic bargaining and negotiating, is the ultimate grand game. A great example recently is the decision by the Central Chinese Government to entertain bids for the national airline aircraft purchase. However, in this case it involved more than just winning a Chinese Government bid; the Chinese market is growing fast, Airbus is poised to gain the greatest benefit. The unit of European Aeronautic Defense & Space (EADSY) is winning far more orders than Boeing, which now finds itself a target in a nasty war of words between Washington and Beijing that could put Boeing even further behind its larger rival.50 On January 29, the Obama Administration informed Congress of plans to sell $6.4 billion in weapons to Taiwan, and the following day the Chinese government said it would punish U.S. companies involved in the sales. That could hurt Boeing, which makes the Harpoon missiles that Taiwan will be purchasing as part of the deal.51 Another example of coercive cooperation by the Peoples Republic of China is one in which they have pitted the United States against the European Union openly criticizing both entities for their failings economically. Since President Obama signed the latest deficit budget raising the debt limit just last week, the Chinese have a we told you so attitude stating their undisguised contempt and disgust for this Western nations inability to manage their economy without help from Chinas financial bailout efforts and offers. The EU does not escape this
Jonathon Fenby, Xi Jinping: The man who'll lead China into a new age, accessed 7 NOV 2010 via the World Wide Web at http://www.guardian.co.uk/theobserver/2010/nov/07/xi-jinping-china-david-cameron 50 Tony Capaccio and Viola Gienger, China Suspends U.S. Military Ties on Taiwan Arms Sale (Update3), accessed 30 JAN 2010 via the World Wide Web at http://www.businessweek.com/news/2010-01-30/u-s-seeks-to-sell-taiwanweapons-worth-more-than-6-billion.html 51 Bruce Enhorn, Airbus May Beat Boeing in China's Aviation Market, accessed 2 FEB 2010 via the World Wide Web at http://www.businessweek.com/globalbiz/content/feb2010/gb2010022_703055.htm
49
24
withering condemnation from the Peoples Republic of China either. China cannot contain itself over the EUs failure to shore up the Greek economy.52
52
Jon E. Doughterty, China: Debt Deals Unlikely to Salvage U.S., Europe, accessed 5 AUG 2011 via the World Wide Web at http://www.newsroomamerica.com/story/157496.html 53 Military Regions / Military Area Commands, GlobalSecurity.org Website accessed on 16 DEC 2010 via the World Wide Web at http://www.globalsecurity.org/military/world/china/mr.htm
25
XinJiang Military Region which comprises most of the former Silk Road and faces Afghanistan, Russia and Pakistan. Figure 4 is a map which illustrates the PLAs seven military regions.
The Peoples Liberation Army (PLA) Cyber Attack Command is Chinas Information Security Base and within this organization are found the origins and establishment of Chinas Cyber Command PLA Information Warfare (IW) Foundations.
54
China Military Regions Map, accessed on 2 JUN 2011 via the World Wide Web at http://redreform.com/map_of_china_military_areas.htm 55 CIA World FactBook, accessed on 2 JUN 2011 via the World Wide Web at https://www.cia.gov/library/publications/the-world-factbook/geos/ch.html
26
It is important to note that even though China has a deep and rich cultural history which has included a variety of political leaders and their systems, today the Communist Party of China (CPC) owes its legacy and current power structure to the leader of Chinas Long March in 1948 and appropriately, the following quote attributed to Mao Tse-Tung is a codified mission statement for todays PLA cyber warriors; To achieve victory we must as far as possible make the enemy blind and deaf by sealing his eyes and ears, and drive his commanders to distraction by creating confusion in their minds. Mao Tse-Tung56
Battlefield Deception, FM 90-2, Headquarters, US Army, Chapter 5, Deception Means accessed on 20 APR 2011 via the World Wide Web at http://www.fas.org/irp/doddir/army/fm90-2/90-2ch5.htm 57 Major General Wang Pufeng, Peoples Liberation Army, THE CHALLENGE OF INFORMATION WARFARE accessed on 18 DEC 2010 via the World Wide Web at http://www.fas.org/irp/world/china/docs/iw_mg_wang.htm
56
27
Major General Hou Shu sen .58 The PLAs Third Department houses the PLAs Cyber Command and is organized per Figure 5 below;
Figure 5: Table of Organizations forming the Peoples Liberation Army Infowar Task Force.59
58 59
PLA Daily, July 20; China Times, July 20; Global Times, July 22 accessed 2010-08-08 B. Charles, The PLAs Information Warfare Profile, Issue no. 555 dated 04 October, 2007 accessed 19 JAN 2011 via the World Wide Web at http://www.intelligenceonline.com/article/read_article.aspx?doc_i_id=33852514&service=GRA&Context=PRT
28
James Dunnigan, China's Thousand Grains of Sand accessed on 16 JUL 2011 via the World Wide Web at http://www.strategypage.com/dls/articles2005/2005721212041.asp 61 Ibid accessed 2011-06-20 62 Krypt3ia, Krypt3ia Website, The Dragon and Eagle: Chinas Rise from Hacking To Digital Espionage accessed on 6 JUN2011 via the World Wide Web at http://krypt3ia.wordpress.com/2011/06/06/the-dragon-andeagle-chinas-rise-from-hacking-to-digital-espionage/ 63 Mara Hvistendahl, Unnatural Selection accessed on 15 FEB 2011 via the World Wide Web at http://www.thedarkvisitor.com/category/uncategorized/ 64 Richard A. Clarke and Robert K. Knake, Cyber War. The Next Threat to National Security and What to Do about It, New York, HarperCollins Publishers 2010, pp. 47 64 65 Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version)
60
29
has designed an IW strategy consisting of the use of information and cyber warfare. The eight pillars of beyond-limits combined war in Unrestricted Warfare include the following mandates;66 omni-directionality, synchrony, limited objectives, unlimited measures, asymmetry, minimal consumption, multidimensional coordination and adjustment and control of the entire process. Sun Tzu's Military Principles Snz Bngf - Sun Tzu designed and gave Chinese military leaders 13 Principles of Warfare as stated in 13 chapters, which are titled Detail Assessment and Planning, Waging War67. Chapter One is Detail Assessment and Planning Sh j, Chapter Two, is Waging War Zuzhn, Chapter Three includes Strategic Attack Mu gong, Chapter Four discusses Disposition of the Army Jn xng, in Chapter Five the topic of Forces Bng sh is covered in detail, Chapter Six includes Weaknesses and Strengths Xsh, Chapter Seven focuses on Military Maneuvers Jn zhng, Chapter Eight is concerned with Variations and Adaptability Ji bin, Chapter Nine involves Movement and Development of Troops Xngjn, Chapter Ten speaks to Terrain Dxng, Chapter Eleven includes The Nine Battlegrounds Ji de, Chapter Twelve involves Attacking with Fire Hu gong and Chapter Thirteen concludes Sun Tzus work with Intelligence and Espionage Yng jin. The first Pillar of Unrestricted Warfare is omni-directionality; this is a 360-degree observation and design including a combined use of all kinetic and non-kinetic related defense capabilities and factors -;360
Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version) 67 LIONEL GILES, M.A. (1910), SUN TZU ON THE ART OF WAR THE OLDEST MILITARY TREATISE IN THE WORLD accessed on 12 APR 2011 via the World Wide Web at http://www.chinapage.com/sunzi-e.html
66
30
,68 the Pin-Yin pronunciation is Qun fngwi de fngxing xng; zh sh yg 360 d de gunch h shj, bokule su y u de dngnng h fi dngnng xinggun de fngy nngl h yns de jih sh yng. The PLA defines omni-directionality as seeing every possible avenue of approach, including the specific use of cyber warfare and information war to achieve their strategic and tactical military objectives. There no is longer any distinction between what is or is not the battlefield. In this first pillar of warfare the efforts can be military in nature, or they can be quasimilitary, or perhaps even non-military, such as the use of hacktivists. The PLA applies this combined use of China's entire combat power, from internal strife such as those seen Xin Jiang recently involving Uyghur separatists supported by Pakistan69, or regionally to national combat power, in an intercontinental or worldwide confrontation. The PLAs doctrine explicitly includes a strategically combined use in warfare of national resources to military objectives which includes looking at every aspect, every possible avenue of approach or attack vector, including those in cyber-space. Synchrony is the second pillar and is instead of conducting actions in different spaces within the same period of time, the Pin-Yin pronunciation is Xingtng de shjin ni, zi btng de kngjin ni jn hng hng dng. The PLA believes that technical measures employed in modern warfare, specifically the spread of information technology, includes emergence of long-range warfare technology, increased ability to transform the battlefield, linking together of battlefields which stretch forever, are scattered, or are different by their nature, for example information networks, where military and non-military forces offer equal footing into the war in order to greatly shrink the course of warfare, , pronounced in Pin Yin as Hik gnb. The U.S. military's information campaign systems are an example of a target rich environment for the Chinese military intelligence community, especially if cyber warfare, via hacking mission critical systems, yields so much operational material,
Unrestricted Warfare, by Qiao Liang and Wang Xiangsui (Beijing: PLA Literature and Arts Publishing House, February 1999), page 220 69 Hannah Beech, China's Uighur Problem: One Man's Ordeal Echoes the Plight of a People accessed 28 JUL 2011 via the World Wide Web at http://globalspin.blogs.time.com/2011/07/28/chinas-uighur-problem-one-mans-ordealechoes-the-plight-of-a-people/
68
31
specifically that < 1 minute provides data on 4,000 targets and 1,200 aircraft. Thus, if China were to engage in a full-depth simultaneous attack and the United States was unable to expand to battlefields such as the cyber-realm and defend itself adequately, the PRC would overcome the cyber defenses of the U.S. through such information gathering and harvesting. In fact in a recent US Government Accounting Office report, dated July 2011, DEFENSE DEPARTMENT CYBER EFFORTS, DoD Faces Challenges in Its Cyber Activities it states that the DoD has assigned authorities and responsibilities for implementing cyberspace operations among combatant commands, military services, and defense agencies. However, the supporting relationships necessary to achieve command and control of cyberspace operations remain unclear. In response to a major computer infection in 2008, U.S. Strategic Command identified confusion regarding command and control authorities and chains of command because the exploited network fell under the purview of both its own command and a geographic combatant command. DOD-commissioned studies have recommended command and control improvements.70 The third pillar of Unrestricted Warfare is limited objectives, , the Pin Yin pronunciation is K jishu de fnwi ni shzh zh nnzhn y nd o de cush de qngkung. This aspect of warfare includes what the PLA describes as setting a compass to guide action within an acceptable range for the measures, meaning that they have a decisive commanders intent and distinct plan behind their actions before they execute. Objectives must always be smaller than resources used, which means the PLA establishes limited tactical objectives for conquest rather than very large military objectives which may or may not achieve success. The third criterion is that the PLA does not pursue objectives, which are unrestricted in time and space, which in effect supports the last aspect of the third pillar and indicates that the Chinese army will have set objectives with a defined tactical timeline of both offensive and defensive duration. And finally, consciously pursue limited objectives and eliminate objectives that are beyond one's abilities, which means that once the PLA has established attainable tactical and strategic objectives, they will solely focus on them before pursuing additional tertiary and perhaps distracting military goals.
70
Government Accounting Office Report GAO- 11-75, Defense Department Cyber Efforts, July 2011, Page 34
32
Examples the Chinese have studied and learned from include most importantly those former Western armed forces and their missteps globally. The Chinese observed with great care and curiosity the mistakes General MacArthur made in the Korean War, overcommitting his manpower in face of an underestimated foe, the North Korean and the Chinese armies. Similarly they saw the Americans experience in Vietnam, a protracted decade plus war which resulted in a humiliating withdrawal without victory, as a huge loss of face and a statement of global and martial instability. Soviets similar experience in Afghanistan, a deadly decade of war without end, resulting in the proverbial Russian Bear heading over the mountain was very telling and important for the Chinese for two reasons, one, it signaled that the SovietRussian overlord days were coming to an end, and the Chinese form of Communism, especially in the light of President Nixons trip to China in 1973, which included recognition by the United States politically, was succeeding; and two, with Mao Tse Tungs health failing, his successor dying mysteriously in a plane crash after a failed assassination attempt while fleeing to Russia71, led to Deng Xiao Pings rise to power and pronouncement that China would indeed have Communism as the bedrock of its political power base, and that China would also be an economic and political leader on the world stage72 thus becoming the worlds number one superpower. Isolationism in the Chinese view, is unacceptable, they saw similar nation state actions under the Clinton Administration which eventually led to bankruptcy. A fourth pillar of Unrestricted Warfare is unlimited measures, which is described as a trend is toward unrestricted employment of measures, but restricted to accomplishment of limited objectives, the Mandarin version is and the Pin Yin pronunciation is Qsh sh b shu xinzh jiy de cush, dn zh xiny y uxin mbio d shxin. Unlimited measures to accomplish limited objectives is the ultimate boundary, which means the PLA will have at its disposal any number of kinetic and cyber weapons to achieve with overwhelming force an physical, geographic or cyber objective. China studies Western examples to learn what it may face in an adversarial situation so they can ensure either modern warfare or cyber warfare success. For example, the PLA studied
71
Frank Ching, Chinas Fluid Ideology, accessed 4 AUG 2011 via the World Wide Web at http://thediplomat.com/2011/08/04/china%E2%80%99s-fluid-ideology/ 72 Ibid.
33
General Sherman's advance toward Savanna during the U.S. Civil War; specifically that General Sherman and his staff were not intent on conducting combat but rather a burn and plunder campaign which was a successful example of using of unlimited measures to achieve a limited objective. In this case the PLA has learned that demoralization of the enemy and their will to fight can be achieved by attacking the civilian infrastructure which in effect undermines civil support and the enemies will to fight. Another example studied by the PLA was the Yom Kippur War in 1973 and the occupation of the Sinai Peninsula. Typically seen as a failure by Western military historians as the Israelis missed victory at the Bar Lev Line in order to reach the Sinai a much larger objective, essentially they should have stopped their tactical advance and they would have achieved the same military effect. The fifth pillar is asymmetry, which is to seek nodes of action in the opposite direction from the contours of the balance of symmetry, in Mandarin Chinese it is, , and the Pin Yin pronunciation is Xnqi pnghng duchn de lnku zi xingf n de fngxing xngdng de jidi n. This aspect of Chinese Unrestricted Warfare is basically asymmetric in nature. They will use asymmetry to accomplish their military and cyber objectives; the PLA believes that asymmetry manifests itself in every aspect of warfare, including cyber warfare, and that in order to be successful in any type of kinetic or cyber warfare they must find and exploit an enemy's soft spots. In Western military strategy and thought this is known as maneuver warfare, which takes advantage of the enemys surfaces and gaps. Historical examples of exploiting a foes critical weaknesses include the wars in which Chechnya was invaded by Russia, Somalia and the United States, Northern Ireland guerrillas in Britain, and Islamic Jihad war on the entire Western world. This constitutes a wise refusal of confronting armed forces nation states head-on in symmetric war as seen during the Napoleonic times or as was seen in World War I trench warfare. This type of conflict is also known as irregular warfare and is detailed in the book Eating Soup With A Knife73 which examines counter insurgency efforts in the South Eastern Pacific.
73
David Kilcullen Biography, No Byline accessed on 28 MAR 2011 via the World Wide Web at http://www.powerbase.info/index.php/David_Kilcullen
34
Minimal consumption is the next pillar of Chinese unrestricted warfare. This pillar suggest the use of the least amount of combat resources sufficient to accomplish the objective, the Mandarin Chinese translation is and the Pin Yin transliteration is Sh yng zgu de zuzhn zyun ling zhsh o yo wnchng de mbio. Minimal consumption states that rationality in decision making is more important than thrift and that the size of combat consumption is decided by the form of combat so that a tactical commander should use "more" (more measures) to pursue "less" (lower consumption) which is in effect the model of proportionality in both kinetic and cyber battle. Historical examples of minimal consumption include the German Armys ability to sweep away the joint British-French force after crossing the Maginot Line, where they simply bypassed this multi-national surface and achieved their strategic military objective without firing a shot by taking advantage of the gap between manmade physical obstacle and geographic terrain. The multi-dimensional pillar is the next unrestricted warfare policy and describes coordinating and allocating all the forces that can be mobilized in the military and non-military spheres covering an objective. The mandarin Chinese version of this is , while the Pin Yin version is Xitio h fnpi ky zi jnsh h fi jnsh l ngy boku kgun dngyun su y u de lling. Important aspects of multidimensional approaches to war include planning for an objective of specific nature and duration. This element of unrestricted warfare indicates that coordination and cooperation among different forces in different spheres in order to accomplish an objective. An example of this is derived from the U.S. Marine Corps combined arms doctrine also known as the Marine Corps Air Ground Task Force (MAGTF) Concept. In this USMC doctrine elements of ground combat forces including infantry, artillery and armor are combined with air combat assets and logistical forces to achieve any size objective based upon the commanders intent. Another aspect of the multi-dimensional pillar is that any sphere can become a battlefield, and any force can be used under combat conditions, which means that regardless of the physical or digital nature of the field of combat, it should be considered a hostile plane. The third element is the employment of
35
intangible "strategic resources" such as geographical factors, the role of history, cultural traditions, and sense of ethnic identity, dominating and exploiting the influence of international organizations. The Chinese PLA, SOEs, hacktivists and the CPC all understand the importance of this doctrine. The eighth pillar of unrestricted warfare is adjustment and control of the entire process, in Mandarin Chinese it is , or the Pin Yin pronunciation is Tiozhng h kngzh de qun guchng. This concept is closely aligned with the theory that warfare is a dynamic process during which randomness and creativity prevail, this was CarlVon Clausewitz treatise in his book about modern warfare titled Fog of War74. He stated that with a greater use of intuition and creativity, armies will be allowed to decisively win battles and ultimately wars. Today, with information technology welding the entire world together into a network, the number of factors involved in a war is much, much greater than in past wars.75 Shift of the battlefield to non-military spheres thus the equation of Cyber-realm + Network = Cyber Warfare.
Conclusions of applying the Eight Pillars of Unrestricted Chinese Warfare to the Peoples Liberation Army use of Information and Cyber Warfare
Conclusions regarding the PLAs use of the Eight Pillars include the following statements: consider the improbable, as the PLA already has and has a plan for success; understand the enemy, the PLA has the grandfather of warfare for the inedible lessons, Sun Tzu and the Art of War at their reference and disposal; minimize an infrastructures cyber-gaps, maximize surfaces in order to channel cyber-activity and force the attacker into an untenable cyber-position; educate information security staff who are engaged in cyber-warfare duties; realize that the alleged Chinese cyber-threat is asymmetric and unceasing; understand that a countrys will to defeat the alleged Chinese cyber-threat must significantly outlast theirs; setbacks in cyber-offense and defense will occur, but learn from these cyber-events, adapt and overcome the cyber-threat vectors which pose the greatest challenges; and know that simply throwing money, e.g.: hardware, software and personnel, at the alleged Chinese cyber-threat is ineffectual at best, a
74
Alan D. Beyerchen, Clausewitz, Nonlinearity and the Unpredictability of War accessed on 28 MAR 2011 via the World Wide Web at http://www.clausewitz.com/readings/Beyerchen/CWZandNonlinearity.htm 75 Ibid.
36
combined arms approach of direct diplomacy combined with threat of direct military action is a great first step towards mitigating any nation states cyber offense. What is the PLA Cyber Command interested in the United States? United States Critical Infrastructure surface and gaps exploitation is absolutely the cyberattack objective set of the Peoples Republic of China. Critical Infrastructure surface and gaps exploitation is a key element of the Chinese Cyber and Information Warfare initiative;, specifically the energy industry, which includes the oil, gas and electricity market segments. Intelligence gathering, practiced by the Chinese Government and the Peoples Liberation Army, will provide information dominance, enabling an advantage during any widespread conflict. They will use a combined digital arms approach using any variety of the threat vectors described below.76 These avenues of cyber-attacks include: vulnerability discovery and exploitation, automation, management of cyber warfare operations, malware, use of rootkits, optimization of backdoors, analysis of information gathered in preparation for further exploitation, compromising routing infrastructure via the manipulation of existing protocols such as border gateway protocol (BGP), open simple path first (OSPF), virtual routing and forwarding (VRF), intelligent resilient framework (IRF), link aggregation control protocol (LACP), and virtual router redundancy protocol (VRRP), distributed denial of service (DDoS) technology and domain name service (DNS) Attacks. Chinese State Owned Enterprises (SOE) & the PLA Examples of SOE & PLA cyber-attacks are well known through the study of case studies such as Operation Night Dragon, which specifically targeted the global energy industry. According to the McAfee report, the attacks were described to be targeted, using techniques such as social engineering and spear phishing. The purpose of the attacks appears to be penetration of corporate networks in order to extract sensitive data attacks use a variety of components - there is no single piece or family of malware responsible. The first stage of the attack involved
Richard Stiennon, Technology And The Advent of Cyber War accessed on 4 JAN 2011 via the World Wide Web at http://www.itgrcforum.com/index.php?option=com_content&view=article&id=1571:technology-and-the-adventof-cyber-war&catid=59:it-security-management&Itemid=263
76
37
penetration of the target network, known as 'breaking down the front door'. Other advanced techniques such as spear phishing and SQL injections of public facing web servers were reported to have been used by McAfee. Once in, the attackers then upload freely available hacker tools onto the compromised servers in order to gain visibility into the internal network. Thus the internal network was then be penetrated by typical cyber penetration methods (accessing Active Directory account details, cracking user passwords, etc.) in order to infect machines on the network with remote administration tools (RATs).77 Elements of the energy industry such as oil, gas and electricity, are definite targets economically by Chinese hackers. For example, Baker Hughes Inc. said it was hacked recently as part of a wide assault on energy companies. Baker Hughes provides advanced drilling equipment and proprietary techniques - assessing the quality and accessibility of oil reserves, both of which make them a prime cyber target of a country looking for fast track information on natural resource research. Chinese cyber-attacks against oil and gas companies to gain their competitive bid information, architectural plans, project definition documents, functional operational aspects such as information to win competitive bids Siberia to China. 78 Thus the question is asked, are the Chinese interested in industry infiltration or economic data exfiltration? The U.S.-China Economic and Security Review Commission, which attempts to bridge the gap economically and politically between interested U.S. businesses, the U.S. Government and Chinese businesses.79 Chinas proliferation practices, which are both qualitative and quantitative nature in terms of economic transfers of U.S. production activities to China, have an effect on Chinas development of world energy supplies. Additionally, access to and use of U.S. capital markets by China, such as buying a U.S. Treasury note and other government issued financial instruments will certainly impact Chinas regional economic and security initiatives.80
Operation Night Dragon, McAfee Reports, accessed 15 JAN 2010 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 78 Michael Riley and Sara Forden, Hacking of DuPont, J&J, GE Were Google-Type Attacks That Weren't Disclosed accessed on 9 MAR 2011 via the World Wide Web at http://www.bloomberg.com/news/2011-03-08/hacking-ofdupont-j-j-ge-were-google-type-attacks-that-weren-t-disclosed.html 79 The U.S.-China Economic and Security Review Commission website accessed 15 NOV 2010 via the World Wide Web at http://www.uscc.gov/ 80 U.S.-China Economic and Security Review Commission Website, No Byline accessed on 16 DEC 2010 via the World Wide Web at http://www.uscc.gov/index.php
77
38
Why are the Chinese targeting the U.S. Department of Defense? The Chinese have carried out pre-planned targeting to gain sensitive intelligence and military secrets on specific defense applications they do not currently have, such as the Joint Strike Fighter. A very interesting case involved former L-3 worker, Sixing "Steve" Liu, 47, who was indicted for taking sensitive customer data to China. L3 is a significant DoD and DHS Contractor and Liu worked for L-3's Space & Navigation unit in New Jersey from March 2009 until November 30, 2010 as an engineer on a precision navigation device.81 Facebook has been deigned the Chinese financial Trojan horse as traffic destined for Facebook from AT&T's servers took a strange loop though China and South Korea. China is well known for its harmful networking practices by limiting network functionality and spying on its users, and when your data is flowing over their network, your data could be treated as any Chinese citizens."82 The international telecommunications manufacturer Huawei is described as an enemy in our firewall. Huawei was founded by a People's Liberation Army officer who retains links with China's security services. Huawei has denied the links, but these suspicions have torpedoed other attempted U.S. deals in the past. Curiously Huawei sold 3COM to it hardware manufacturer HP in 2010. It is important to understand that HPs A- Series core network infrastructure was designed and architected by Huawei in the PRC, including firewall/security products83 such as Tipping Point Intrusion Prevention Systems (IPS). Huawei plans on building the U.S. new 4G telecom infrastructure. Huawei is in talks with federal, state and local government agencies in the United States to provide wireless technology to build the country's first nation-wide public safety network.84
Reuters News Website, No Byline, Former L-3 worker indicted for taking data to China accessed on 6 APR 2011 via the World Wide Web at http://www.reuters.com/article/2011/04/06/l3communications-china-idUSN0626580820110406 82 Jeremy Kirk, AT&T Facebook traffic takes a loop through China accessed on 25 MAR 2011 via the World Wide Web at http://www.computerworld.com/s/article/9215029/AT_T_Facebook_traffic_takes_a_loop_through_China?source=C TWNLE_nlt_pm_2011-03-24 83 China Military Power Mashup Website, No Byline accessed on 6 APR 2011 via the World Wide Web at http://www.china-defense-mashup.com 84 SHAYNDI RAICE, China's Huawei Is Finalist for U.S. Cellular Job accessed on 5 APR 2011 via the World Wide Web at http://online.wsj.com/article/SB10001424052748703712504576243203039296860.html
81
39
ZTE is an international Chinese state sponsored telecommunications company. ZTE has made heavy investment in Africa and South America for over a decade and a half. The company made initial attempts in the U.S. between1996 and 2001 - early days of Internet - to partner with Internet Service Providers and telecommunication carriers for sales of their telecommunications hardware. Currently ZTE provides telecommunications infrastructure throughout Africa and has been doing so for over a decade. Interestingly ZTE has both a South African85 and North African86 presence for conducting business. In 2010 ZTE won a $ 378 million (USD) contract to provide cellular infrastructure to South African mobile operator Cell C Ltd.87 Ecobank opens a China desk to manage its Africa loan operations88. Chinese investment in Africa has one distinct goal besides international commerce and profit, ensuring a direct supply of natural resources such as oil and rare earth minerals.89 In fact, China's environmental footprint in Africa includes heavy oil extraction from Nigeria and rare earth minerals.90 China's environmental concerns at home have driven Beijing's quest for resources overseas, argues author Ian Taylor in that the country must consider the ecological impact of its logging and oil extraction in Africa.91 There is then of course the great controversy and drama surrounding Google versus Chinas Great Firewall. The timeline is lengthy and began in September 2002 as China blocked
85
ZTE Corporate website accessed 12 AUG 2011 via the Worldwide Web at http://wwwen.zte.com.cn/en/about/global_sales_offices/south_africa/
86
ZTE Corporate website accessed 12 AUG 2011 via the Worldwide Web at http://wwwen.zte.com.cn/en/about/global_sales_offices/north_africa/
87
Doug Young and Ken Wills, Chinas ZTE gets $ 378 mln South Africa deal, accessed 19 June 2011 via the World Wide Web at , http://www.reuters.com/article/2010/01/27/zte-idUSTOE60Q02620100127
88
REUTERS AFRICA Website, No Byline, accessed on 6 APR 2011 via the World Wide Web at http://chinadigitaltimes.net/2011/04/ecobank-opens-china-desk-to-manage-africa-loans/ 89 Deborah Brautigam, Africas Eastern PromiseWhat the West Can Learn From Chinese Investment in Africa accessed on 6 JAN 2010 via the World Wide Web at http://www.foreignaffairs.com/articles/65916/deborahbrautigam/africa%E2%80%99s-eastern-promise 90 The race for strategic minerals, Africa-Asia Confidential website, Vol 2, No 10, August 2009 accessed 21 JUL 2011 via the World Wide Web at http://www.africa-asia-confidential.com/articlepreview/id/274/The_race_for_strategic_minerals
91
Ian Taylor, China's environmental footprint in Africa accessed on 8 FEB 2008 via the World Wide Web at http://www.chinadialogue.net/article/show/single/en/741-China-s-environmental-footprint-in-Africa
40
Google92 searches by Internet users in China. Again, during January 2011, Google search engines were blocked by China. Both of these fracas with Google came out of Chinas antigovernment unrest also basis - amid an intensified Internet crackdown following widespread unrest in the Middle East93. Of course the human basis for the Internet was a foundation as well these concerns by the Central Chinese Government included pornography, human rights ideas from other countries. The following was a Google Mainland China service availability message This page has been replaced by a more general worldwide transparency report. Using it, you can find not only traffic disruptions but also the volume of government queries for some countries. Google Google The China specific portion equivalent to this report page is here. It charts query volume for various Google properties over time. The new report shows each region's fraction of worldwide volume scaled such that 100% is the highest ever seen from that region. Service disruptions will show up as dips in the graphs. This page will redirect to the new site in 60 seconds. 6094, 95
BBC News Business Website, World Edition, No Byline accessed on 2 SEP 2002 via the World Wide Web at http://news.bbc.co.uk/2/hi/technology/2231101.stm 93 Tini Tran, Gmail In China Being Blocked By Government, Says Google accessed on 21 MAR 2011 via the World Wide Web at http://www.huffingtonpost.com/2011/03/21/gmail-china_n_838255.html 94 Google Mainland China service availability statement accessed on 17 APR 2011 via the World Wide Web at http://www.google.com/prc/report.html
92
41
Another example of loosely attributed cyber-attacks was the Codera IT infrastructure denial of service (DOS) events. It was reported that alleged China-related DoS attack took down several Codero-hosted Web sites. One website was run and managed by a Codero customer that hosts DNS records for sites on the Internet, including a Web site critical of communism that appeared to be the ultimate end target. It resulted in > 1.5 million packets per second DoS attack. These advanced persistent threats (APT) Paralyzed Coderas core routers. Upstream providers were unable to pinpoint where the target IPs were coming from96 Chinese Aurora Hackers Hit DuPont. Chinese hackers allegedly infiltrated the computer networks of the global chemical company DuPont in late 200997. DuPont was the target of an industrial espionage campaign, specifically company PCs were infected with spyware during a DuPont business trip to China. Initially DuPont denied it had been hacked. After a DuPont internal investigation discovered some computers were implanted with spyware during a business trip to China where the PCs were stored in a hotel safe.98 Google said in January 2010 it had lost intellectual property assets to hackers based in China. Adobe Systems Inc. (ADBE) said it had been attacked by hackers based in China. Intel Corp. (INTC) said it was attacked in a sophisticated incident around the same time as Google and multi-national companies such as Johnson & Johnson, General Electric were also GoogleType Attacks That Weren't Disclosed99until significantly later. Another series of alleged Chinese hacking took place during the Paris G20 summit, when files from the conference were stolen by cyber thieves. Also during the Paris G20 files stolen in a
95
Google Transparency Report Website, accessed on 18 2011 via the World Wide Web at http://www.google.com/transparencyreport/traffic/?r=CN&l=EVERYTHING&csd=1296723600000&ced=1303063 529815 96 Elinor Mills, China-related DoS attack takes down Codero-hosted Web sites accessed on 8 MAR 2011 via the World Wide Web at http://news.cnet.com/8301-27080_3-20040625-245.html?part=rss&subj=news&tag=2547-1_30-20 97 Matt Liebowitz, Chinese Aurora Hackers Hit DuPont accessed on 9 MAR 2011 via the World Wide Web at http://www.securitynewsdaily.com/chinese-aurora-hackers-hit-dupont-0594/ 98 Michael Riley and Sara Forden, Hacking of DuPont, J&J, GE Were Google-Type Attacks That Weren't Disclosed accessed on 9 MAR 2011 via the World Wide Web at accessed on 15 JAN 2011 via the World Wide Web at http://www.bloomberg.com/news/2011-03-08/hacking-of-dupont-j-j-ge-were-google-type-attacks-that-weren-tdisclosed.html accessed 9 MAR 2011 99 Michael Riley and Sara Forden, Hacking of DuPont, J&J, GE Were Google-Type Attacks That Weren't Disclosed accessed on 9 MAR 2011 via the World Wide Web at http://www.bloomberg.com/news/2011-03-08/hacking-ofdupont-j-j-ge-were-google-type-attacks-that-weren-t-disclosed.html
42
cyber attack100 affected the French Budget Ministry's 170,000 computers. Circumstantial evidence pointed to China, no clear indication suggesting attacks were Chinese government sponsored; this most recent attack against the French government was the latest in a string of cyber-attacks on companies and governments around the world. Cyber investigators and forensic specialists did uncover that the attacks originated from a server in Shandong Province, China which hosted one of the pieces of attack malware used to carry out the cyber-attacks. Analysts also found that the attacks were conducted using IP addresses in Beijing during the hours of 9 a.m. and 5 p.m.101; typically the normal working hours of most militaries including the Peoples Liberation Army. During 2010 January Yahoo e-mail accounts of foreign journalists in China and Taiwan were hacked.102 These cyber-attacks included "at least a dozen rights activists, academics and journalists who cover China," including the author Andrew Jacobs.103 The alleged Chinese hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address.104 When there has been anti-Chinese Government rhetoric on the web, or cries for human rights equilibrium and parity with Western nations, the PLA has acted swiftly and decisively in the cyber realm. China has clamped down further on the Internet to prevent unrest(turbulence?), wanting to avoid public unrest similar to Egypt, Libya and Bahrain.105 Examples included blocked access to Facebook, YouTube, and Twitter, as well as cellphone calls, electronic messages, and emails; residents say they have never seen such high levels of censorship before.
HOMELAND SECURITY NEWSWIRE Website, Paris G20 files stolen in cyber attack accessed on 18 MAR 2011 via the World Wide Web at http://homelandsecuritynewswire.com/paris-g20-files-stolencyber-attack 101 BBC News Business Website, No Byline accessed on 19 MAR 2011 via the World Wide Web at http://www.bbc.co.uk/news/business-12662596 102 BBC News Website, No Byline, Yahoo targeted in China cyber attacks accessed on 30 MAR 2011 via the World Wide Web at http://news.bbc.co.uk/2/hi/technology/8596410.stm 103 Ibid. 104 Andrew Jacobs, Journalists E-Mails Hacked in China accessed on 30 MAR 2011 via the World Wide Web at http://www.nytimes.com/2010/03/31/world/asia/31china.html?_r=1 105 HOMELAND SECURITY NEWSWIRE Website, China clamps down further on Internet to prevent unrest accessed on 30 MAR 2011 via the World Wide Web at http://homelandsecuritynewswire.com/china-clamps-downfurther-internet-prevent-unrest
100
43
There does seem to be a sense of cooperation as the Chinese are tired of being the labeled the cyber bullies and are currently working the FBI to conduct joint cyber investigations with China.106 The FBI recently posted a cyber-security expert in China to foster cooperation, coordination and cooptation and while this initiative will be law enforcement agency (LEA) focused the focus will be on who is the perpetrator behind the keyboard. Will the FBI be able to handle the truth? Will they even be able to bring anyone from China to justice in the United States? No, the Peoples Republic of China is simply placating the foreigners. Specific examples & case studies of cyber-attack methodologies used by the PLA Cyber warfare? China has downloaded 10 to 20 terabytes of data from NIPRNET. There are around three million daily scans of the GID or Global Information Grid, the Defense Departments main network artery.107 Is this just vicarious curiosity or Data Exfiltration preparing for war? Cyber hacking methods allegedly used by Chinese hackers have been represented by both elementary hacking methods and more advanced persistent threat (APT) methods. They will use a combined digital arms approach using any variety of the below threat vectors.108 Where is the alleged Chinese Cyber Warfare Threat Coming From?
Origins of Cyber Warfare Attacks OMITTED
Specific Alleged Peoples Republic of China Cyber Attacks Operation Night Dragon
Eric Beidel, FBI to Conduct Joint Cyber Investigations With China , accessed on 1 APR 2011 via the World Wide Web at http://www.nationaldefensemagazine.org/blog/lists/posts/post.aspx?ID=358 107 D3vIL-HuNT, Pseudonym, China: The Great Red Cyber Army accessed on 23 MAR 2011 via the World Wide Web at http://2wapworld.com/web/w_posts.php?topic_id=2757118 108 Richard Stiennon, Technology And The Advent of Cyber War accessed on 4 JAN 2011 via the World Wide Web at http://www.itgrcforum.com/index.php?option=com_content&view=article&id=1571:technology-and-the-adventof-cyber-war&catid=59:it-security-management&Itemid=263 109 IPillion Internet Detective Website, 119.145.149.38 is from China accessed on 23 MAR 2011 via the World Wide Web at http://www.ipillion.com/ip/119.145.149.38
106
44
109
The global energy industry was hit by Night Dragon cyber-attacks between November 2009 and February 2011. In the McAfee report specifically about Night Dragon, the global energy cyber-attacks most likely originated from China. The report states that the cyber-attacks were described as targeted in nature. The perpetrators used hacking techniques such as social engineering and spear phishing. Night Dragon attacks targeted corporate networks in order to extract sensitive data attacks use a variety of components, there was no single piece or family of malware responsible. However the McAfee report does specify that the following various forms of Advanced Persistent Threats included Trojans, remote access tools, and a variety of malware to infiltrate the corporate networks of global energy companies.110 First stage of the Night Dragon attack involved penetrating the target network, 'breaking down the front door'111 - Techniques such as spear phishing and SQL injection of public facing web servers are reported to have been used. Once in, the attackers then upload freely available hacker tools onto the compromised servers in order to gain visibility into the internal network. The internal network can then be penetrated by typical penetration methods (accessing Active Directory account details, cracking user passwords etc.) in order to infect machines on the network with remote administration tools (RATs).112 Troj/NDragon-A113 and Mal/NDragon-A114 detections are noted to group the various components together, the latter genotype, Mal/NDragon-A, detection providing generic detection for other variants that are likely to be in the wild. Available details from Sohpos suggest that in addition to the above malware, various legitimate tools were used in the attacks (e.g. SysInternals tools). Sophos suggested to its customers potentially unwanted application
Night Dragon, McAfee Reports website, No ByLine, accessed on 22 JAN 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 111 Tim Greene, Top 10 Web hacking techniques of 2010 revealed accessed on 24 JAN 2011 via the World Wide Web at http://www.networkworld.com/news/2011/012411-top-web-hacking-techniques.html 112 McAfee Labs website, Night Dragon, accessed on 16 MAR 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 113 SOPHOS Viruses and Spyware definitions page accessed on 13 MAR 2011 via the World Wide Web at http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/Troj~NDragon-A.aspx accessed 114 SOPHOS Viruses and Spyware definitions page accessed on 13 MAR 2011 via the World Wide Web at http://www.sophos.com/en-us//threat-center/threat-analyses/viruses-and-spyware/Mal~NDragon-A.aspx
110
45
(PUA)115 and application control (AppC) detections to fully manage the use of such tools within their environment. These tools can include software that is legitimate, but that you really do not want to allow being run on your network (for example, IP scanning, password recovery and remote administration tools).116 The style of attack may be similar (breach the perimeter using whatever means necessary, and then penetrate the internal network to find and extract the required data), but we cannot read too much into what is a very standard form of attacksimilarities have been suggested between the Night Dragon and Aurora attacks.117
Operation Aurora: Command Structure of the Operation Aurora Botnet: History, Patterns, and Findings
Attacks previously identified as occurring in mid-December 2009 targeting Google appear to originate in July 2009 from Mainland China. Hosts compromised with Aurora botnet agents and rallied to the botnet Command-and-Control (CnC) channels were distributed across multiple countries before the public disclosure of Aurora, with the top five countries being the United States, China, Germany, Taiwan and the United Kingdom.118 Timeline of malware associations back to May 2, 2009 tracked via evolution of malware used by Auroras operators. Simple command topology made extensive use of Dynamic DNS (DDNS) CnC techniques. The construction of the botnet would be classed as old-school. The hackers had reliance upon dynamic domain name service (DDNS) thus CnC is typically associated with new and amateurish botnet operators. The criminals behind the Google attack appear to have built and managed a number of separate botnets and run a series of targeted attack campaigns in parallel. The conclusions are based upon CnC domain registration and
115
SOPHOS Adware and PUAs definitions page accessed on 14 MAR 2011 via the World Wide Web at http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas.aspx 116 McAfee Labs website, Night Dragon, accessed on 16 MAR 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 117 McAfee Labs website, Night Dragon, accessed on 16 MAR 2011 via the World Wide Web at http://www.mcafee.com/es/about/night-dragon.aspx?cid=WBB009 118 Robin Wauters, McAfee Calls Operation Aurora A "Watershed Moment In Cybersecurity", Offers Guidance ,TechCrunch Website accessed 18 JAN 2010 viathe World Wide Web at http://techcrunch.com/2010/01/17/mcafeeoperation-aurora-2/
46
management information. The earliest of the CnC domains associated with these botnets, reliant upon DDNS service provisioning, appear to have been registered on July 13, 2009.119 Criminals used Fake AV Alert/Scareware Login Software 2009 and Fake Microsoft Antispyware Service, both of which employed fake antivirus infection messages to socially engineer victims into installing malicious botnet agents.120
119 Frank Saxton, The "No Network is 100% Secure" series - The Aurora Power Grid Vulnerability - accessed on 16 FEB 2011 via the World Wide Web at http://unix.nocdesigns.com/aurora_white_paper.htm 120 Ibid. 121 Michael Kan, WordPress: DDoS Attacks Came From China accessed on 19 MAR 2011 via the World Wide Web at http://www.pcworld.com/businesscenter/article/221467/wordpress_ddos_attacks_came_from_china.html 122 Homeland Security Newswire Website, No Byline, Paris G20 files stolen in cyber attack accessed on 26 FEB 2011 via the World Wide Web at http://homelandsecuritynewswire.com/paris-g20-files-stolencyber-attack
47
penultimately detail the unceasing and inherent distrust by non-China watchers of China itself. This composite picture of research information collected is significantly dynamic. Given the dynamic and constantly changing amount of applicable information regarding the PRCs alleged use of cyber warfare, all of which is current, a distinct challenge lies in understanding which cyber-attacks may or may not be attributable to a particular nation state.
The following table, Table 2, places emphasis on short and long term moves for business decision makers, corporate strategists, innovators and government entities that are concerned or involved in understanding how to deal with Chinese cyber threat. The first short term move
48
involves a holistic strategy across all key stakeholders who have a vested interest in dealing with the high risk of the Chinese cyber threat. The lead entity would be the International Undersecretary, U.S. Department of Commerce working with all affected corporate stakeholders who may suffer losses if their intellectual property were stolen. The second move is also of an immediate focus and relied on corporate leadership to create awareness of the Chinese data exfiltration threat within the IT security organization and throughout the entire impacted company. In conjunction with (ICW) security hardware and software manufacturers create a IT security defense-in-depth standard that protects both national economic and critical infrastructure from Chinese cyber-attack vectors; this would be both an immediate and sustainable long term move. The fourth short and long term strategy would be based upon the diplomatic lead of the U.S. State Department, DoD and USAID. Their task would be to define a mutual understanding of the Chinese cyber-threat nationally within the U.S. and then internationally with NATO and primarily the Chinese Government so that incidences of cyber-attacks, rather than loosely being attributed to a nation state, such as China, could then be identified, investigated mutually and mitigated cooperatively.
49
References
[1] Siobahn Gorman and Julian E. Barnes. (2010) Cyber Combat: Act of War
Pentagon Sets Stage for U.S. to Respond to Computer Sabotage with Military Force, [Online] Available: http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html. [2] Qiao Liang and Wang Xiang sui, Unrestricted Warfare, 1st ed. Beijing, Peoples Republic of China: PLA Literature and Arts Publishing House, February 1999. [3] U.S. Department of Defense, Cyber Strategy, [Online] Available: http://www.defense.gov/home/features/2011/0411_cyberstrategy/ [4] U.S. Cyber Command, United States Strategic Command [Online]. Available: http://www.stratcom.mil/factsheets/cyber_command/ [5] Angela Moscaritolo. (2011) Report: Cyberattacks against the U.S. "rising sharply", [Online] Available: http://www.scmagazineus.com/report-cyberattacks-against-the-us-risingsharply/article/158236/ [6] John D. Banusiewciz. (2011). Deputy Secretary Lynn Details Anti-Cyber Threat Strategy, [Online] Available: http://www.defense.gov/news/newsarticle.aspx?id=64351 [7] Xu Wu, Chinese Cyber Nationalism, 5th ed. Lanham, MD: Lexington Books, 2007 [8] Gabriel Li and Edmond Wong, The Rise of Digital China, 1st ed. San Francisco, CA: China Books and Periodicals, 2001 [9] Francoise Mengin, Cyber China, 1st ed. New York, NY: Palgrave MacMillan, 2004 [10] Ralph D. Sawyer, Sun Tzu Art of War, 1st ed. Boulder, CO: Westview Press, 1994 [11] Ralph D. Sawyer, Sun Pin Military Methods, 1st ed. Boulder, CO: Westview Press, 1995 [12] Martin Jacques, When China Rules the World, 1st ed. New York, NY: Penguin Press, 2009 [13] Richard A. Clarke and Robert K.Knake, Cyber War, 1st ed. New York, NY: Harper Collins, 2010 [14] George J. Rattray, Strategic Warfare in Cyberspace, 1st ed. Cambridge, MA: MIT Press, 2001 [15] Jeffrey N. Wassertrom, China in the 21st Century, 1st ed. New York, NY: Oxford University Press, 2010
1
[16] Infowar-monitor.net. Shadows in the Cloud: Investigating Cyber Espionage 2.0. [Online] Available: http://www.infowar-monitor.net/2010/04/shadows-in-the-cloud-an-investigation-intocyber-espionage-2-0/ [17] Infowar-monitor.net. Tracking GhostNet: Investigating a Cyber Espionage Network. [Online] Available: http://www.infowar-monitor.net/ [18] Phil Muncaster. February 2011. Night Dragon Chinese hackers go after energy firms. [Online]. Available http://krypt3ia.wordpress.com/2011/02/28/operation-night-dragon-nothingnew-but-it-bears-some-repeating/ [19] Coping with the Dragon, 1st ed. The Center for Technology and National Security Policy at the National Defense University, Washington D.C., 2007 [20] Chris Buckley. June 2011. China military paper urges steps against U.S. cyber war threat (Reuters). [Online] Available http://wallstreetrun.com/china-military-paper-urges-steps-againstu-s-cyber-war-threat-reuters.htm [21] Ralph D. Sawyer, The Seven Military Classics of Ancient China, 1st ed. Boulder, CO: Westview Press, 1993 [22] Jason Andress and Steven Winterfeld, Cyber Warfare, 1st ed. Boston, MA: Syngress, 2011 [23] Jeffrey Carr, Inside Cyber Warfare, 1st ed. Cambridge, MA: OReilly, 2010 [24] David M. Lampton, The Three Faces of Chinese Power Might, Money, and Minds, San Francisco: University of California Press, Berkeley, 2008 [25] Daniel Burstein and Arne de Keijzer, Big Dragon, The Future of China, 1st ed. New York, NY: Touchstone Press, 1999 [26] Rafe De Crespigny, China This Century, 1st ed. New York, NY: Oxford University Press, 1992 [27] David Wise, Tiger trap: Americas Secret Spy War with China, 1st ed. New York, NY: Houghton Mifflin Harcourt, 2011 [28] Peter Navarro and Greg Autry, Death by China, 1st ed. Prentice, NJ: Prentice Hall 2011 [29] Peter Navarro, The Coming China Wars, 2nd ed. Prentice, NJ: Prentice Hall 2008
2
[30] Henry Kissinger, On China, 1st ed. New York, NY: Penguin Press, 2011
Appendices
Appendix A Significant Peoples Liberation Army (PLA) Information Warfare Personalities
Major General Dai Qing min, was the director of the PLAs electronic warfare department (Fourth Department); his intent was a comprehensive information warfare effort. He advocated cyber command stated missions which complement the PLA's information warfare (IW) units. Missions of cyber doctrine have been developed by the PLA since at least 2003. The PLA's IW strategy was originally spearheaded by Major General Dai Qing min since 1995. Zhang Qin sheng 123 General Zhang is a member of the 17th CPC Central Committee, 1st Deputy Chief of the General Staff, General Department of the PLA. He is of the pure Han nationality, and is a native of Xiaoxi City, Shanxi province. Born in 1948, he joined the PLA in 1968. Serving successively as director of the military training department of the Beijing Military Region, and deputy director of the military training department of the General Staff Headquarters, General Zhang has conducted research on network command systems. In December 2004, then-Major General Zhang was elevated to chief of staff assistant of General Staff Department, and was promoted to vice chief of staff in December 2006. In 2007, he was appointed commander of Guangzhou Military Region. Zhang was recently promoted to the rank of general (4-Stars) by President Hu in mid-July 2010 according to Xinhua News Agency, July 20.124
China VITAE Website, No Byline, accessed on 15 JAN 2011 via the World Wide Web at http://www.chinavitae.com/biography/ 124 Jamestown Foundation, China's Cyber Command?, 22 July 2010, China Brief Volume: 10 Issue: 15, accessed on 21 JUN 2011 via the World Wide Web at http://www.unhcr.org/refworld/docid/4c74e64d2.html
123
Chen Bing de 125 General Chen is a member of the 17th CPC Central Committee, Member of the 17th CPC Central Military Commission; Member of the Central Military Commission of the PRC, and Chief of General Staff, Peoples Liberation Army. A native of Nantong, Jiangsu Province, General Chen is also of the Han nationality. Born in 1941, he holds the equivalent of an associate the degree from the Academy of Military Sciences. General Chen joined the PLA in 1961 and the Central Party Committee in 1962. Ma Xiao tian 126 General Ma is a member of the 17th CPC Central Committee, Deputy Chief of the PLA General Staff. Along with his contemporaries, he is of the Han nationality, and is a native of Gongyi City, Henan province. General Ma born in 1949, joined the Chinese PLA in 1965 and subsequently joined the CPC in 1969. He graduated from the 12th Aviation School with the academic credentials of junior college. General Ma is an air marshal of the Peoples Liberation Army Air Force (PLAAF) and was made deputy chief of staff of the organization in 1997. Ma was a member of the 16th CPC Central Committee. Sun Jian guo 127 Sun Jian guo, male, Han nationality, is a native of Wuqiao City, Heibei Province. Serving as an alternate member of the 17th CPC Central Committee, he is also Deputy Chief of the General Staff, PLA. Born in 1952, he entered the work force in 1968 and joined the PLA in 1970. General Sun graduated from Navy Submarine Institute of Chinese Peoples Liberation Army. Duties included serving as a coxswain of a Changzheng-3 nuclear submarine. In 2006, he was
125 126
promoted to be vice-admiral of the Navy. Since 2009, he serves as Deputy Chief of the General Staff, PLA. Hou Shu sen 128 Currently General Hou serves as the Deputy Chief, PLA, Headquarters of the General Staff. Much like his fellow cyber warfare princelings, General Hou is of Han nationality, born in 1950 and is a native of Fumeng County, Liaoning province. General Hou was promoted to the rank of lieutenant general in 2007. A Jilin University graduate, General Hou has spent most of his career in the Shengyang Military Region. In 2009 he became Deputy Chief of Staff of the PLA. The current PLA IW Tacticians are Major General Hu Xiao feng, Deputy Director for the National Defense University Department of Information Warfare and Training Command; and Professor Meng Xiang qing, who currently works at the Chinese National Defense University Institute for Strategic Studies.
128
2003 The U.S. government's designates Operation Titan Rain as a series of coordinated attacks
on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown. The activity known as 'Titan Rain' is believed to be associated with an Advanced Persistent Threat (APT).129 August: Reports of Chinese hackers against Taiwanese government and commercial sites.130 The Chinese government grants licenses to open Internet cafe chains to just 10 firms,
including three affiliated to the Ministry of Culture, one linked to the politically powerful Central Committee of China Youth League and six state-owned telecom operators.131 2004 2005 Honker Union of China reforms.132 Chinese hackers hit Japan government website over dispute over Diaoyu Island. July: Chinese hacker attacks against Taiwan continues. November: Media reports of attacks against several US military installations.
Bradley Graham, Hackers Attack Via Chinese Web Sites, accessed 29 JUL 2011 via the World Wide Web at http://www.washingtonpost.com/wp-dyn/content/article/2005/08/24/AR2005082402318.html 130 Michael Richardson, Taiwan is cyber warfare battlefield and Chinese target says security study, accessed on 24 JUL 2011 via the World Wide Web at http://www.examiner.com/taiwan-policy-in-national/taiwan-is-cyber-warfarebattlefield-and-chinese-target-says-security-study 131 Heidi Blake, Timeline of Chinese web censorship and cyber attacks, accessed 29 JUL 2011 via the World Wide Web at http://www.independent.ie/business/technology/timeline-of-chinese-web-censorship-and-cyber-attacks2426210.html
129
December: The director of the SANS Institute, a security institute in the U.S., said that
the Titan Rain attacks were "most likely the result of Chinese military hackers attempting to gather information on U.S. systems."133 March: Several attacks from sites in allegedly in China against multiple sites in Japan.134 August: Media reporting of Chinese Espionage condemned "Titan Rain." September: According to media staff in Taiwan, the National Security Council is targeted
via social engineering e-mails.135 China purchases over 200 routers from Cisco Systems, an American company, that allow
the government more sophisticated technological censoring capabilities. In October, the government blocks access to Wikipedia.136 2006 British MPs allegedly targeted by Chinese hacking attempts.137 June: Chinese hackers strike at Taiwan MoD.138 August: Claims of Congressional computers being hacked are made.139 November: U.S. Naval War College computers infrastructure reportedly attacked.140
Amit Grower, Cyber Wars Final Frontier: Network Centric Warfare Framework, pp. 20 21, Identity Theft and Financial Fraud Research and Operations Center 133 Ibid. 134 Robin Ghandi, et al, Dimensions of Cyber Attacks, IEEE Technology AND SOCIETY MAGAZINE, pp 15. 135 Ibid, pp 18. 136 Heidi Blake, China hijacks internet traffic: timeline of Chinese web censorship and cyber-attacks, accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142328/Chinahijacks-internet-traffic-timeline-of-Chinese-web-censorship-and-cyber-attacks.html 137 Peter Warren, Smash and grab, the hi-tech way, accessed 25 JUL 2011 via the World Wide Web at http://www.guardian.co.uk/politics/2006/jan/19/technology.security 138 AFP, The Straits Times, Chinese plan to hack into Taiwan websites, No Byline, accessed 29 JUL 2011 via the World Wide Web at http://www.hartford-hwp.com/archives/55/105.html 139 Daniel W. Reilly, Lawmakers say congressional computers hacked by Chinese, accessed 23 JUL 2011 via the World Wide Web at http://www.politico.com/blogs/thecrypt/0608/AP_Lawmakers_say_congressional_computers_hacked_by_Chinese.h tml 140 Siobahn Gorman, China Expands Cyberspying in U.S., Report Says, accessed on 22 JUL 2011 via the World Wide web at http://online.wsj.com/article/SB125616872684400273.html
132
January: A group of former senior Communist party officials in China criticize the
internet censorship, warning that it could "sow the seeds of disaster" for China's political transition.141 February: Google agrees to block websites that the Chinese Government deems illegal, in
exchange for a license to operate on Chinese soil. The search engine responds to international criticism by protesting that it has to obey local laws.142 May: Chinese Internet users encountered difficulties when connecting to Hotmail,
Microsoft's popular email service. Microsoft says the break in service is caused by technical problems, but there is widespread speculation that the incident is linked to state censorship. In the last week of May, Google and many of its services also became unreachable.143 July: Researchers at Cambridge University claim to have broken through the Great
Firewall of China in response, the Peoples Republic of China Government imposed blocks on large portions of the web.144 November: The Chinese language version of Wikipedia is briefly unblocked before being shut down again the same month.145
Heidi Blake, China hijacks internet traffic: timeline of Chinese web censorship and cyber-attacks, accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142328/Chinahijacks-internet-traffic-timeline-of-Chinese-web-censorship-and-cyber-attacks.html 142 GOOGLE AND INTERNET CONTROL IN CHINA:A NEXUS BETWEEN HUMAN RIGHTS AND TRADE?, HEARING before the CONGRESSIONAL-EXECUTIVE COMMISSION ON CHINA ONE HUNDRED ELEVENTH CONGRESS SECOND SESSION, U.S. GOVERNMENT PRINTING OFFICE, Washington DC March 2010 143 Yi Heng, China Internet Censorship, accessed 29 JUL 2011 via the World Wide Web at http://www.facebook.com/topic.php?uid=64863896079&topic=7889 144 Tom Espiner, Academics break the Great Firewall of China, accessed 29 JUL 2011 via the World Wide Web at http://news.cnet.com/2100-7348_3-6090437.html 145 Simon Burns, Wikipedia partly unblocked in China, accessed 30 JUL 2011 via the World Wide Web at http://www.pcauthority.com.au/News/84044,wikipedia-partly-unblocked-in-china.aspx
141
2007 The Chinese government hacked a noncritical DoD computer system in June.146 Pentagon investigators could not definitively link the cyber-attack to the Chinese
military, a source said, but the technology was sophisticated enough that it indicated to Pentagon officials as well as those in charge of computer security that it came from within the Chinese government.147 German Chancellery compromised and China was accused of being the perpetrator.148 U.S. Pentagon email servers compromised for an extended period, with the cost to Oak Ridge National Laboratory targeted by Chinese hackers.150 June: Office of the Secretary of Defense (OSD) computers attacked via malicious e151
December: MI5 Issues warring on Chinese Cyber Attacks.152 January: President Hu Jintao, the Peoples Republic of China President, pledges to
"purify" the Internet. He makes no specific mention of censorship, saying China needs to "strengthen administration and development of our country's Internet culture."153
Jennifer Griffin, Pentagon Source Says China Hacked Defense Department Computers, accessed 22 JUL 2011 via the World Wide Web at http://www.foxnews.com/story/0,2933,295640,00.html 147 Fox News.com from Financial Times, No ByLine, Pentagon Source Says China Hacked Defense Department Computers, accessed 21 JUL 2011 via the World Wide Web at http://www.foxnews.com/story/0,2933,295640,00.html 148 Speigel Staff, Merkel's China Visit Marred by Hacking Allegations, accessed 30 JUL 2011 via the World Wide Web at http://www.spiegel.de/international/world/0,1518,502169,00.html 149 Richard Stiennon, Haephrati technique used to crack US research lab,accessed 26 JUL 2011 via the World Wide Web at http://www.zdnet.com/blog/threatchaos/haephrati-technique-used-to-crack-us-research-lab/497 150 Ibid. 151 Robert McMillan, Pentagon Shuts Down Systems After Cyber-Attack, accessed via the World Wide Web on 24 JUL 2011 at http://www.pcworld.com/article/133301/pentagon_shuts_down_systems_after_cyberattack.html 152 Michael Smith, Spy chiefs fear Chinese cyber attack, accessed via the World Wide Web on 24 JUL 2011 at http://www.timesonline.co.uk/tol/news/uk/article5993156.ece 153 Chinas Communists Seek to Purify The Net, No ByLine, Status of Chinese People ( ) Website accessed 23 JUL 2011 via the World Wide Web at http://chinaview.wordpress.com/2007/01/27/chinas-communistsseek-to-purify-the-net/
146
10
March: Access to the LiveJournal, Xanga, Blogger and Blogspot blogging services from
within China become blocked. Blogger and Blogspot become accessible again later the same month.154 June: American military warn that China is gearing up to launch a cyber-war on the U.S. and has plans to hack U.S. networks for trade and defense secrets.155
Kelley Beyer, Jumping the Great Firewall: Social Media Among Chinas Youth, accessed on 25 JUL 2011 via the World Wide Web at http://www.datelineshanghai.com/scaling-the-great-internet-wall/ 155 Webster G. Tarpley, US Readies Cyberwar, Virtual-Flag Terrorism, accessed 23 JUL 2011 via the World Wide Web at http://rockcreekfreepress.tumblr.com/post/465992689/us-readies-cyberwar-virtual-flag-terrorism
154
11
2008 December: French Embassy Web site attacked in protest over meeting with the Dali
Lama.156 April: MI5 writes to more than 300 senior executives at banks, accountants and legal
firms warning them that the Chinese army is using Internet spyware to steal confidential information.157 June: Hu Jintao, the Chinese president, makes his first tentative steps online by answering questions on a web forum.158 August: China faces widespread criticism for Internet censorship in the run-up to the
Beijing Olympics. The government surprises critics by lifting some of the restrictions, making the websites of human rights organizations such as Amnesty International accessible for the first time.159 2009 March: Operation GhostNet is detected: China's global cyber-espionage network
GhostNet penetrates 103 countries. A vast Chinese cyber-espionage network, codenamed GhostNet, has penetrated 103 countries and infects at least a dozen new computers every week, according to researchers.160 The three largest resource companies in Australia, including Rio Tinto, are
compromised.
CHINESE CYBERNATIONLISTS AND HACKERS AND THEIR ACTIVITIES IN CHINA AND ABROAD website, No Byline, accessed 26 JUL 2011 via the World Wide Web at http://factsanddetails.com/china.php?itemid=1636&catid=7&subcatid=43 157 Ibid. 158 Richard Spencer, China: Internet debut for leader Hu Jintao, accessed on 21 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/2164637/China-Internet-debut-for-leader-Hu-Jintao.html 159 CHINESE CYBERNATIONLISTS AND HACKERS AND THEIR ACTIVITIES IN CHINA AND ABROAD website, No Byline, accessed 26 JUL 2011 via the World Wide Web at http://factsanddetails.com/china.php?itemid=1636&catid=7&subcatid=43 160 Malcolm Moore, China's global cyber-espionage network GhostNet penetrates 103 countries, accessed 16 JAN 2011 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/5071124/Chinas-globalcyber-espionage-network-GhostNet-penetrates-103-countries.html
156
12
April: Compromise of systems across 103 countries by Chinese cyber spies while April: Daily attacks reported against German government.162 April: The Chinese government denies reports of hacking the Australian Prime Ministers April: Chinese hackers targeting South Korea official with social engineered e-mail.164 March: Bill Gates, Chairman of Microsoft, weighs into the Internet censorship argument,
e-mail.163
declaring that "Chinese efforts to censor the Internet have been very limited" and that the Great Firewall of China is "easy to go around". His comments are met with scorn by commentators on the web.165 March: The Peoples Republic of China government blocks the video-sharing website YouTube after footage appearing to show police beating Tibetan monks is posted on the site.166 June: China imposes an information black-out in the lead up to the anniversary of the
Tiananmen Square massacre, blocking access to networking sites such as Twitter as well as BBC television reports.167 June: China faces a storm of criticism over plans to force all computer users to install
Ibid. Marcel Frstenau, Andreas Illmer, Germany shores up defenses against Internet attacks accessed 26 JUL 2011 via the World Wide Web at http://www.dw-world.de/dw/article/0,,14870892,00.html 163 Chinese Cyberwar Attacks Canadian and Australian Governments, No Byline, accessed 30 MAR 2011 via the World Wide Web at http://beforeitsnews.com/story/522/258/Chinese_Cyberwar_Attacks_Canadian_and_Australian_Governments.html 164 Ricardo Gatomalo, Chinese Hacker TimeLine, accessed 24 JUL 2011 via the World Wide Web at http://uscyberlabs.com/blog/?p=6 165 Robert McMahon and Isabela Bennett, U.S. Internet Providers and the 'Great Firewall of China' accessed 24 FEB 2011 via the World Wide Web at http://www.cfr.org/china/us-internet-providers-great-firewall-china/p9856 166 MSNBC via the associated Press, No Byline, China blasts video claiming Tibet violence, accessed via 25 JUL 2011 via the World Wide Web at http://www.msnbc.msn.com/id/29863003/ns/world_news-asia_pacific/t/chinablasts-video-claiming-tibet-violence/ 167 Peter Foster, China begins internet 'blackout' ahead of Tiananmen anniversary, accessed via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/5429152/China-begins-internet-blackout-ahead-ofTiananmen-anniversary.html
162
161
13
June: Lord West, the British security minister, warns that Britain faces the threat of a
"cyber cold war" with China amid fears that hackers could gain the technology to shut down the computer systems that control Britain's power stations, water companies, air traffic, government and financial markets.168 August: The U.S. Government begins covertly testing technology to allow people in
China and Iran to bypass Internet censorship firewalls set up by their own governments. December: The Peoples Republic of China government offers rewards of up to 10,000
Yuan (888) to users who report websites featuring pornography. The number of pornographic related searches in China skyrockets.169 2010 Shadows in the Cloud report from the SecDev Group on successful attacks against India's
military networks.170 January: The Operation Aurora attack aimed at dozens of other organizations, of which
Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical were also among the targets.171 January: China announces plans to force its 400 million Internet users to register their
real names before making comments on the country's many chat rooms and discussion forums.
Duncan Gardham, Al-Qaeda, China and Russia 'pose cyber war threat to Britain', warns Lord West, accessed 29 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/news/uknews/law-and-order/5634820/Al-QaedaChina-and-Russia-pose-cyber-war-threat-to-Britain-warns-Lord-West.html 169 Heidi Blake, China hijacks internet traffic: timeline of Chinese web censorship and cyber-attacks, accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142328/Chinahijacks-internet-traffic-timeline-of-Chinese-web-censorship-and-cyber-attacks.html 170 Joint Report, Information Monitor and ShadowServer Foundation, Shadows in The Cloud: Investigating Cyber Espionage 2.0 Report accessed on 29 JUL 2011 via the World Wide Web at http://www.nartv.org/mirror/shadowsin-the-cloud.pdf 171 Kelly Jackson Higgins, 'Fog of War' Led To Operation Aurora Malware Mistake, accessed 31 MAR 2010 via the World Wide Web at http://www.darkreading.com/database-security/167901020/security/attacksbreaches/224200972/fog-of-war-led-to-operation-aurora-malware-mistake.html
168
14
January: Around 5,000 people in the Peoples Republic of China are arrested for viewing
Internet pornography and 9,000 websites are deleted for containing sexual images and other "harmful information".172 January: Google threatens to pull out of China if it is not allowed to operate without
censorship. The search engine blames the government for "highly sophisticated" attacks on its servers and attempts to target the Gmail accounts of human rights activists.173 March: Google shuts down its China-based search engine and redirects users to an uncensored site based in Hong Kong.174 April: Chinese state-owned telecommunications firm "hijacks" 15 percent of the world's
Internet traffic, including highly sensitive U.S. government and military exchanges, raising security fears.175 June: The Peoples Republic of China Government restricts access to Foursquare after players used the geo-location service to draw attention to the 21st anniversary of the Tiananmen Square massacre.176 July: Google stops automatically redirecting users of its Chinese search engine to its
Hong Kong site, but continues to allow users to access the uncensored search engine by clicking a separate tab. The following week, the row between the search giant and the superpower seems to have drawn to a close as the Chinese government renews Google's licensed to operate its business in China.177
ZiXue Tai, The Internet in China Cyberspace and Civil Society, Routledge, 2006, pp. 99, 133, and 156. Edmund Conway, Google threatens to quit China over censorship, accessed 13 JAN 2010 via the World Wide Web at http://www.telegraph.co.uk/technology/google/6977756/Google-threatens-to-quit-China-overcensorship.html 174 Miguel Helft and David Barboza, Google Shuts China Site in Dispute Over Censorship, accessed 22 MAR 2010 via the World Wide Web at http://www.nytimes.com/2010/03/23/technology/23google.html 175 Heidi Blake, China 'hijacks' 15 per cent of world's internet traffic , accessed 18 NOV 2010 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8142267/China-hijacks-15-per-cent-of-worldsinternet-traffic.html 176 Claudine Beaumont, Foursquare blocked in China, accessed 29 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/technology/social-media/7802992/Foursquare-blocked-in-China.html 177 BBC News Business website, No ByLine, Google says China licence renewed by government accessed via the World Wide Web on 10 JUL 2010 at http://www.bbc.co.uk/news/10566318
173
172
15
November: A security report to the U.S. Congress warns that the hijacking of 15 percent
of the world's Internet traffic by a Chinese telecommunications firm may have been "malicious" including data from U.S. military, civilian organizations and those of other U.S. allies.178 2011 January 14: U.S. warns on China cyber, anti-satellite capability -"Advances by China's
military in cyber and anti-satellite warfare technology could challenge the ability of U.S. forces to operate in the Pacific, U.S. Defense Secretary Robert Gates said during a visit to Japan.179 February 4: China attacks British government computers. William Hague British Foreign
Secretary and First Secretary of State told a security conference in Munich that the Foreign Office repelled the attack last month from "a hostile state intelligence agency". Although the foreign secretary did not name the country behind the attacks, intelligence sources familiar with the incidents made it clear he was referring to China. The sources did not want to be identified because of the sensitive nature of the issue. February 9: Its reported that Oil Firm Hit by Hackers From China and that Western
energy firms have specifically been targeted in cyber espionage attacks, apparently orchestrated by hackers working from inside China.180 February 17: In March, Andrew Jacobs, a correspondent working for The New York
Times in Beijing, peered for the first time into the obscure corners of his Yahoo e-mail account settings. Under the "mail forwarding" tab was an e-mail address he had never seen before. That other e-mail address had been receiving copies of all of his incoming e-mails for months. His account had been hacked.181
European Times, No ByLine, accessed 20 NOV 2010 via the World Wide Web at http://www.eutimes.net/2010/11/china-has-hijacked-us-based-internet-traffic/ 179 TAIPEI TIMES, No ByLine, Chinas military advances challenge US power: Gates accessed on 15 JAN 2011 via the World Wide Web at http://www.taipeitimes.com/News/front/archives/2011/01/15/2003493537 180 Nathan Hodge and Adam Entous, Oil Firms Hit by Hackers From China, Report Says, accessed on 10 FEB 2011 via the World Wide Web at http://online.wsj.com/article/SB10001424052748703716904576134661111518864.html 181 Samuel Wade, Journalists Under Online Attack, in China and Beyond, accessed 17 FEB 2011 via the World Wide Web at http://chinadigitaltimes.net/2011/02/journalists-under-online-attack-in-china-and-beyond/
178
16
attack on government computers, and was traced back to computers in China. From CBC: The attack, apparently from China, also gave foreign hackers access to highly classified federal information and also forced the Finance Department and Treasury Board the Federal government's two main economic nerve centers off the Internet.182 March 10: China's growing capabilities in cyber-warfare and intelligence gathering are a
"formidable concern" to the United States, the top U.S. intelligence official told a Senate panel.183 April 5: The Toronto spy hunters not only learned what kinds of material had been stolen,
but were able to see some of the documents, including classified assessments about security in several Indian states, and confidential embassy documents about India's relationships in West Africa, Russia and the Middle East. The intruders breached the systems of independent analysts, taking reports on several Indian missile systems. Spying on computer spies traces data theft to China. They also obtained a year's worth of the Dalai Lama's personal e-mail messages.184 April 19: Rio, BHP, Fortescue Hit by China Computer Hackers185, Rio Tinto Group faced
cyber-attacks from China at about the time of the arrest of four executives in the country, while BHP Billiton Ltd. and Fortescue Metals Group Ltd. have also been hit, Australian Broadcasting Corp. reported.186 April 29: Kaspersky Labs' Threat Post reports that Glass Dragon: China's Cyber
Offensive Obscures Woeful Defense, which outlines China's online defenses, have failed to keep
David Ljunggren and Peter Cooney, Canada hit by cyber-attack from China computers: CBC accessed 17 FEB 2011 via the World Wide Web at http://www.reuters.com/article/2011/02/17/idUSN1623272920110217 183 Paul Eckert and John Whitesides, China's cyber abilities worry U.S. - spy chief, accessed on 10 MAR 2011 via the World Wide Web at http://uk.reuters.com/article/2011/03/10/oukin-uk-china-usa-cyberidUKTRE7295XF20110310 184 John Markoff and David Barboza, Researchers Trace Data Theft to Intruders in China accessed 5 APR 2010 on the World Wide Web at http://www.nytimes.com/2010/04/06/science/06cyber.html 185 Jesse Riseborough, Rio Tinto, BHP Billiton, Fortescue Hit by China Computer Hackers, ABC Says accessed 20 APR 2010 via the World Wide Web at http://www.bloomberg.com/news/2010-04-19/rio-tinto-bhp-billitonfortescue-hit-by-china-computer-hackers-abc-says.html 186 Ibid.
182
17
pace with its widely hyped offensive capabilities.187 For the last 18 months, Dillon Beresford, a security researcher with testing firm NSS Labs and divorced father of one, has spent up to seven hours a day of his spare time crawling the networks of China's state and provincial governments, as well as stealthier networks belonging to the PLA and the country's top universities. Armed with free tools like Metasploit and Netcat, as well as Google Translate, he's pulled back the curtains on the state of cyber security in China. What he's discovered may come as a surprise to many U.S. policymakers and Pentagon officials.188 March 19: EMC RSA - In an open letter, RSA executive chairman Art Coviello
revealed that the information was stolen via an APT (advanced persistent threat) attack. He stated specifically "while at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, [it] could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."189 May 7: China is ramping up espionage efforts in the United States. One key component
of their strategy is to recruit U.S. citizens to join clandestine defense organizations and pass along information to Chinese handlers. In a specific incident reported by the Associated Press a successfully recruited citizen was said to be a seemingly all-American, clean-cut guy: No criminal record. Engaged to be married. A job teaching English overseas. In letters to the judge, loved ones described the 29-year-old Midwesterner as honest and caringa good citizen. His fiance called him "Mr. Patriot."190
Paul Roberts, Glass Dragon: China's Cyber Offense Obscures Woeful Defense accessed on27 APR 2011 via the World Wide Web at http://threatpost.com/en_us/blogs/glass-dragon-chinas-cyber-offense-obscures-woeful-defense042711 188 Ibid. 189 Adam Vincent, RSA hacked by Advanced Persistent Threat (APT) accessed on 19 MAR 2011 via the World Wide Web at http://www.cybersquared.com/rsa-hacked-by-advanced-persistent-threat-apt/ 190 Pauline Arrillaga, AP IMPACT: China's spying seeks secret US info, accessed 7 MAY 2011 via the World Wide Web at http://www.cbsnews.com/stories/2011/05/07/ap/business/main20060765.shtml
187
18
May 25: China set up a specialized online "Blue Army" unit that it claims will protect the
People's Liberation Army from outside attacks, prompting fears that the crack team was being used to infiltrate foreign governments' systems.191 May 30: During an infrequent and rare briefing reported by the Beijing News,, China's
defense ministry spokesman, Geng Yansheng, announced that a 30-strong team, China's cyber squad for defense called Blue Army, was formed to improve the military's security.192 May 5: Lockheed Martin, the largest provider of IT services to the U.S. government and
military, suffered a network intrusion stemming from data stolen pertaining to RSA. It seems that the cyber-thieves managed to compromise the algorithm used by RSA to generate security keys. RSA will have to replace the SecurID tokens of more than 40 million customers around the world, including some of the world's biggest companies.193 May 19: A cyber-attack directed at the Norwegian Military happened when 100 senior
military personnel received an email in Norwegian with an attachment. The attached file was in reality a Trojan designed to steal information. At least one person opened the attachment, but the attack was a failure and no data was lost.194 May: Citigroup revealed that information for more than 360,000 U.S. credit card
accounts had been compromised by a website hack. The worst thing about this attack is the fact that the data thieves did not even have to hack a server.195 June 22: China restricts popular report-a-bribe websites - Chen's website
http://www.ibribery.com drew 200,000 unique visitors in two weeks. Its anonymous posts wrote about bribing everybody: from officials who demanded luxury cars and villas, to police
Robert Cazares, China Confirms Existence of Elite Cyber-Warfare Outfit the 'Blue Army', accessed 26 MAY 2011 via the World Wide Web at www.foxnews.com/scitech/2011/05/26/china-confirms-existence-blue-army-elitecyber-warfare-outfit/?test=latestnews 192 Li Hong, China's cyber squad is for defense - Blue Army, accessed 31 MAY 2011 via the World Wide Web at http://english.peopledaily.com.cn/90002/96743/7395784.html 193 Matt Liebowitz, Lockheed Martin Suffering 'Major' Network Disruption, accessed 27 MAY 2011 via the World Wide Web at http://www.securitynewsdaily.com/lockheed-martin-suffering-major-network-disruption-0828/ 194 John E. Dunn, Norwegian military admits to March cyber-attack , accessed 24 MAY 2011 via the World Wide Web at http://www.cio.com.au/article/387581/norwegian_military_admits_march_cyberattack/ 195 AFP News Website, No ByLine, Citigroup says 360,000 US credit card accounts hacked, almost double original estimate, http://www.theaustralian.com.au/australian-it/citigroup-says-360000-us-credit-card-accounts-hackedalmost-double-original-estimate/story-e6frgakx-1226076520086
191
19
officers who needed inducements not to issue traffic tickets. Some ousted doctors receiving cash under the table to ensure safe surgical procedures. Mainstream media spread word about the site, amplifying the outrage among netizens.196 June 24: Since 2008, the Chinese government has opened a string of National Intelligence
Colleges on campuses around the country in an effort to improve the skills of the nation's spies. The Telegraph reported that The move comes amid growing worries in the West at the scale and breadth of Chinese intelligence-gathering, with MI5 saying that the Chinese government "represents one of the most significant espionage threats to the UK".197 June: International Monetary Fund said it had been targeted by a sophisticated cyber-
attack for months, even though the organization has made no public statement about the motivation behind it. The nature of the information stored by the institution would seem to indicate that this was a targeted attack made public. This data included user names, FTP accounts and even FTP login details stored in plain text files.198
Chi-Chi Zhang, China restricts popular report-a-bribe websites, accessed 22 JUN 2011 via the World Wide Web at http://seattletimes.nwsource.com/html/nationworld/2015389255_apaschinabriberybattle.html?syndication=rss 197 Malcolm Moore, China opens string of spy schools, accessed on 29 JUL 2011 via the World Wide Web at http://www.telegraph.co.uk/news/worldnews/asia/china/8596647/China-opens-string-of-spy-schools.html 198 Rory Cellan-Jones, IMF hit by 'very major' cyber security attack, accessed 12 JUN 2011 via the World Wide Web at http://www.bbc.co.uk/news/world-us-canada-13740591
196
20