China's Cyber Warfare campaign against the US

The military must move from defending against major cyberattacks to deterring assaults by letting enemies know the U.S. is willing to retaliate with its own virtual weapons or military force, a top general said Thursday.

The Pentagon’s new strategy for threats from computer hackers primarily deals with enhancing the defense of its computer systems and those of its military contractors. But Marine Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said that policy is just a start. He said that over the next decade the military would move beyond building better firewalls and make clear to adversaries that they will pay a price for serious cyberattacks.

Gen. Cartwright said.

“There is no penalty to attacking us now. We have to figure out a way to change that.” 

Deputy Secretary of Defense William Lynn said the laws of armed conflict apply in cyberspace, implying that the U.S., in some cases, reserves the right to use real bullets and real bombs to retaliate for virtual attacks. The Wall Street Journal reported the military’s conclusion in May.

At the same time, a critical part of the new strategy is to improve the defenses of the military’s computer networks to ensure that cyberattackers are quickly identified and get little of benefit when they strike.

Mr. Lynn said.

“If we can minimize the impact of attacks on our operations and attribute them quickly and definitively, we may be able to change the decision calculus of an attacker.”

Cyberattacks have resulted in the theft of thousands of files from the U.S. government, allies and private industry. Each year, a volume of intellectual property exceeding the size of the Library of Congress is stolen from U.S. government and private-sector networks, the Pentagon strategy document says.

Attackers have targeted the Pentagon’s most expensive weapons system, the Joint Strike Fighter (F-35), a project led by Lockheed Martin Corp.  Lockheed was the target of a more recent cyberattack, facilitated by a breach of the computer-security firm RSA, which makes tokens for secure network connections. A hacking group called AntiSec said this week it had hacked into defense contractor and consultancy Booz Allen Hamilton and stolen 90,000 military email addresses and passwords.

The document says about its information infrastructure.

“Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity. Many foreign nations are working to exploit [the Pentagon’s] unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements.”

Mr. Lynn said a “foreign intelligence service” had stolen 24,000 files from a U.S. defense contractor in a March cyberattack. He provided no other details of the attack but said a weapons system may need to be at least partly redesigned as a result of the breach.

Critics said the Pentagon strategy was incomplete.

“The plan as described fails to engage on the hard issues, such as offense and attribution,” or identifying who mounted an attack, said Stewart Baker, a former general counsel at the National Security Agency.

Gen. Cartwright cautioned that the U.S. wouldn’t routinely strike at foreign state-sponsored hackers, either with cyberweapons or real-world weapons. At a roundtable sponsored by the Center for Media and Security, he said subsequent strategy documents will clarify how the laws of war apply to cyberspace and what policies should guide deterrence.

Gen. Cartwright said he hoped the Defense Department’s cyber efforts will have moved from being 90% focused on defense to 90% focused on deterrence within a decade.

If the U.S. were attacked in a way that justified a response under the laws of armed conflict, it could react in a variety of ways. Responses could begin with diplomatic efforts, then escalate into a “kinetic” attack, with real-world weapons, Gen. Cartwright said.

Some cybersecurity specialists said the strategy was a reasonable first step. “They’ve identified the right problems and the right approaches to addressing them,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies, who frequently advises the administration.

Rep. Jim Langevin, a Rhode Island Democrat who has pressed for enhanced cybersecurity, applauded the strategy, but said it leaves key questions unanswered, such as whether data theft alone—rather than cyberattack that disabled the power grid, for instance—could ever amount to an act of war.

COMMENTARY:   China needs to be taught a lesson.  I think it’s time for the U.S. military to send China a dose of the Stuxnet: The Virus That Shutdown Iran’s Nuclear Program.   These cyber attacks are unwarranted.  The only reason they are doing this is because they have an inferior military and their high-technology weaponry is no match for the U.S., so they are testing us just incase there is armed conflict.  It really pisses me off knowing that we trade with China, we have thousands of plants and branch offices of American companies over there, and they pull this stunt.

Thankfully, we are well prepared for cyberattacks, and we can take it as well as give it. The two organizations entrusted with the role of defending our nation against cyber attacks is the United States Cyber Command or CYBERCOM and the National Security Agency or NSA.

United States Cyber Command or CYBERCOM

In a blog article dated February 7, 2011, I wrote about the United States Cyber Command or USCYBERCOM, the multi-branch military arm of the Department of Defense entrusted with protecting the U.S. against cyber attacks.  And, we really have a lot to protect, including all of our military installations, and our land, sea and air-based defense facilities throughout the world.  A successful cyberattack on any of these installations or facilities could be just as being attacked by weapons of mass destruction.

The precise mission of USCYBERCOM is to plan, coordinate, integrate, synchronize, and conduct activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

National Security Agency or NSA

In a blog article dated April 28, 2011, I wrote about the NSA, the super-secret intelligence agency that goes by the nickname, “No Such Agency”.  NSA’s work is limited to communications intelligence; it does not perform field or human intelligence (spying on people) activities. By law, NSA’s intelligence gathering is limited to foreign communications.  NSA has the ability to spy on any individual, organization, business or government agency (foreign or domestic) and has done so 24/7, 365.   The NSA is a cryptologic intelligence agency and specializes in “signal intelligence”or code breaking.

The NSA is directed by at least a Army lieutenant general or Navy vice-admiral.   The present Director of the NSA is U.S. Army General Keith B. Alexander.  He is also Commander, U.S. Cyber Command or CYBERCOM.    See above video.

The NSA can intercept any electronic signal, in any form, frequency or language, encrypted or non-encrypted.  They can eavesdrop on anybody, even listen to conversations through brick walls.  Yes, they even listened to Osama Bin Ladin’s satellite phone conversations when he was hiding out in Tora Bora, and they could be listening to you right now.   You can bet that the NSA is watching China’s every move, and knows what Chinese are up especially of they plan future cyberattacks.

The Chinese Response

Naturally China has denied any wrongdoing, but the official newspaper of the People’s Liberation Army said it was Beijing that was vulnerable to attack, in a news report that surveyed the Pentagon’s efforts in cyber security.

The report in the Chinese-language Liberation Army Daily concluded.

“The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak. Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army.”

The article was also published on the website of China’s Ministry of Defense (http://www.mod.gov.cn).

Although it does not amount to an official government statement, the report in the military newspaper — which is closely vetted to reflect official thinking — shows how China is also focused on the issues of Internet attacks and defense.

The report said.

“Although our country has developed into an Internet great power, our Internet security defenses are still very weak. So we must accelerate development of Internet battle technology and armament. Comprehensively improve our military’s ability to defend the Internet frontiers.”

Earlier this month, U.S. Defense Secretary Robert Gates said Washington was seriously concerned about cyber-attacks and prepared to use force against any it considered acts of war.

Although it does not amount to an official government statement, the report in the military newspaper — which is closely vetted to reflect official thinking — shows how China is also focused on the issues of Internet attacks and defense.

China’s military has set up an elite Internet security task force tasked with fending off cyber attacks, state media reported May 27, denying that the initiative is intended to create a “hacker army.”

The People’s Liberation Army has reportedly invested tens of millions of dollars in the project, which is sure to ring alarm bells around the world among governments and businesses wary of Beijing’s intentions.

Ministry spokesperson Geng Yansheng of the People's Liberation Army announces formation of a Blue Cyber Team

The Global Times quoted China’s defense ministry spokesman Geng Yansheng as telling a rare briefing this week.

“Cyber attacks have become an international problem affecting both civilian and military areas.  China is relatively weak in cyber-security and has often been targeted. This temporary program is aimed at improving our defenses against such attacks.”

The 30-member “Cyber Blue Team” – the core of the PLA’s cyber force – has been organized under the Guangdong military command in the country’s south and will carry out “cyber-warfare drills”, the newspaper said.

Brainstorming China's Cyber Capabilities -- Defense and Offense

The Cyber Blue Team  is based in Jinan, China where there are 12 Universities and a high tech zone and boast 6 million people. It’s also the headquarter of the PLA. The squad is aimed at carrying out attacks on other countries Internet.

China's Blue Cyber Team busy hacking computer systems throughout the world

Li Li, a military expert at the National Defense University said,

“China’s Online Blue Army is currently at its fledging period.”  

Zhang Shaozhong, a military expert from the PLA adds.

“Just like the army and air forces, the ‘online blue army’  is a historical necessity.”

The reason is very simple. Teng Jianqun, a research fellow at the China Institute of International Studies, said.

“We must adapt to the new types of warfare in the information era. The ‘online blue army’ is of great strategic significance to China’s economic development and social stability.” 

The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide-range of cyberattacks on government and corporate computer systems worldwide.

But in a commentary, the Global Times hit out at “some foreign media” for interpreting the program as a breeding ground for a “hacker army” said.

“China’s capability is often exaggerated. Without substantiated evidence, it is often depicted by overseas media as the culprit for cyberattacks on the US and Europe. China needs to develop its strong cyber defense strength. Otherwise, it would remain at the mercy of others.”

China’s military has received annual double-digit increases in its budget over much of the last two decades as it tries to develop a more modern force capable of winning increasingly high-tech wars.

In 2007, the Pentagon raised concerns about a successful Chinese ballistic missile test strike on a satellite. That weapon could be used to knock out the high-tech communications of its enemies.

U.S. computer firm McAfee said in February that hackers from China have also infiltrated the computer networks of global oil companies and stole financial documents on bidding plans and other confidential information.

According to US diplomatic cables obtained and published by WikiLeaks, the United States believes that China’s leadership has directed hacking campaigns against U.S. Internet giant Google and Western governments.

In one cable, the U.S. Embassy in Beijing said it learned from “a Chinese contact” that the Politburo had led years of hacking into computers of the United States, its allies and Tibet’s exiled spiritual leader, the Dalai Lama.

Chinese Hacking Groups

The Chinese were ahead of the game in connecting not only with the People’s Liberation Army, but also the nascent hacker communities in their country. Using a combination of leveraging companies like Huawei to tap into their technical staff and the patriotism on the part of the PLA and the hacker communities, China has forged a solid directorate for electronic warfare and espionage.

  • The Chinese Military (PLA) —–> Leverage many corporations that the military actually has majority stock in to gain access to technology and assets.
  • The Chinese Hacker Community —-> Sell and work for the PLA creating 0day and performing hacks for money as well as patriotism.  (NOTE: See the video below)
  • Chinese Corporations —-> Often used as cutouts to gain access economically and intelligence wise to assets in other countries

Often, the corporations, which are many times, sponsored or majority owned by the PLA are the training grounds and the operative section for soft power operations for China. By using financial deals and alliances, China often attempts to gain the upper hand by having asset connections inside of companies that they wish to affect or to steal from. No longer is it needed to install spies within when the company is partially owned or has access granted because they are working “together”

It is the Chinese hacking community that is of most interest to many in my field however. Many of these people are still in universities and are often times motivated by their nationalistic tendencies ostensibly. Some of these groups have become actual companies producing security software or offering security services.

Of course they are still likely to be assets for the PLA and probably the tip of the spear operators for China in operations. The reason for this simply would be that they are expendable in the sense of hacking as a nation state would cause international issues. Hacking as a hacking group though could be seen as their own initiative and they could be burned without losing face.

Within this amalgam of groups we then see the attack “teams” who crack the systems, then other teams perform recon, and still others, keep the access open and retrieve dataAll in all, they have a slick operation and we would be wise to pay attention to how they operate.

Cyber warfare is not just a political and military problem between nations, but there is a huge network of individual hackers and hacking communities who hack computer systems throughout the world out of nationalistic pride because they believe the governments in those countries represent a threat to their country.  Other groups are social and political activists who are anti-corporate and anti-government, and this is their way at fighting back, creating chaos and effecting political and social change.

To get a clearer picture at just how vast the Chinese hacking community is, I highly recommend The Dark Visitor blog.

Courtesy of an article dated July 15, 2011 appearing in The Wall Street Journal  and an article dated May 27, 2011 appearing in Defense News and an article dated July 8, 2011 appearing in the China Cyber Warfare Blog an article dated April 21, 2011 appearing inInfosec Island, and an article dated May 26, 2011 appearing in Radio86.com



About gatoMalo

I am a veteran served on the USS Saratoga. After the military I worked on computers for the last 30 or so years. I worked as a hardware, software, network, email, groupware developer and security dude. I am now an abuelo. I belive in guarding the guards. We are all citizen warriors for our country the 5th battlefield is Cyber Space so here I am. Later, quis custodiet ipsos custodes? View all posts by gatoMalo


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: