Category Archives: china cyber

China cyber capability puts US forces at risk-report | Reuters

US supply chain could be penetrated by China – report Risk of “catastrophic failure” of US networks cited Congress weighing cybersecurity billsBy Jim WolfWASHINGTON, March 8 Reuters – Chinese cyberwarfare would pose a “genuine risk” to the U.S. military in a conflict, for instance over Taiwan or disputes in the South China Sea, according to a report prepared for the U.S. Congress.Operations against computer networks have become fundamental to Beijings military and national development strategies over the past decade, said the 136-page analysis by Northrop Grumman Corp released on Thursday by the U.S.-China Economic and Security Review Commission.

via China cyber capability puts US forces at risk-report | Reuters.


Joint Chiefs Chair: Chinese Hackers ‘Not Necessarily Hostile

This headline from CNN – “Joint Chiefs Chair: Chinese Hacking Not Necessarily a Hostile Act” – reads like it came from the Onion. But don’t jump into your bunker yet – the reasoning behind this apparently blissfully naive statement by General Martin Dempsey is at least slightly plausible:

Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, said he “believe(s) someone in China is hacking into our systems and stealing technology and intellectual property, which at this point is a crime.”

But Dempsey said in testimony to the Senate Armed Services Committee that he cannot attribute the Chinese hacking to China’s military, the People’s Liberation Army (PLA).

Asked by Sen. Lindsey Graham, R-South Carolina, that if it could be proven that the PLA was behind a hacking of the defense infrastructure, whether it would it be considered a “hostile act,” Dempsey said such wasn’t necessarily the case.

Now, you can quibble over the semantics in this. A cyberattack on the United States’ defenses might not come from the Chinese government itself – though one has to wonder how much privacy hackers enjoy, given China’s notoriously censor-happy culture. Moreover, even if a private hacker was good enough to evade the Chinese government’s own crop of cybersecurity experts and bypass our security, it’s fairly obvious that the hacker in question would be able to sell his method for a very high price.

via Joint Chiefs Chair: Chinese Hackers ‘Not Necessarily Hostile’ | TheBlaze.com.


Hacked: How China is stealing Americas business secrets

Sen. John Kerry is fed up with Chinas penchant for looting technology from U.S. businesses — up to $400 billion worth of data each year. When will it stop?POSTED ON FEBRUARY 16, 2012, AT 3:52 PMChinese gamers at an internet cafe: Sen. John Kerry D-Mass. says Chinese hackers are illegally stealing business secrets from American firms. Photo: Imaginechina/Corbis SEE ALL 54 PHOTOSChinese Vice President Xi Jinping, slated to be the next leader of the worlds most populous nation, is getting an earful from U.S. officials over Chinas shady business practices. During Xis first official tour of the U.S. this week, Sen. John Kerry D-Mass. accused a Chinese company of bankrupting a U.S. competitor by ransacking its software. And thats just the tip of the iceberg, alleges Kerry, implicating China in “cyber-attacks, access-to-market issues, espionage [and] theft.” And, indeed, a flurry of recent reports indicate that Chinese hackers, backed by the government, are stealing business secrets from the U.S. Here, a guide:

via Hacked: How China is stealing Americas business secrets – The Week.


Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report – Security – News & Reviews – eWeek.com

Attackers breached Nortel and had free rein to spy on its internal network and communications from 2000 to 2009, according to an internal report. As usual, China is the prime suspect.

Chinese hackers allegedly breached telecommunications company Nortel in 2000 and these cyber-spies gained access to reams of sensitive technical documents, as well as internal communications and email, for nearly 10 years, according to a report in The Wall Street Journal.

The attackers, suspected of being based in China, breached the network using stolen credentials and installed spying software deep within the company’s networking environment to gain access to all documents and communications, the Journal reported Feb. 14. The breach appears to date as far back as 2000, Brian Shields, the former senior advisor for systems security at Nortel who led the internal investigation, told the paper.

via Cyber-Spies Intercepted Sensitive Files, Emails From Nortel: Report – Security – News & Reviews – eWeek.com.


McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com

By MIKE MCCONNELL, MICHAEL CHERTOFF AND WILLIAM LYNNOnly three months ago, we would have violated U.S. secrecy laws by sharing what we write here—even though, as a former director of national intelligence, secretary of homeland security, and deputy secretary of defense, we have long known it to be true. The Chinese government has a national policy of economic espionage in cyberspace. In fact, the Chinese are the worlds most active and persistent practitioners of cyber espionage today.Evidence of Chinas economically devastating theft of proprietary technologies and other intellectual property from U.S. companies is growing. Only in October 2011 were details declassified in a report to Congress by the Office of the National Counterintelligence Executive. Each of us has been speaking publicly for years about the ability of cyber terrorists to cripple our critical infrastructure, including financial networks and the power grid. Now this report finally reveals what we couldnt say before: The threat of economic cyber espionage looms even more ominously.

via McConnell, Chertoff and Lynn: Chinas Cyber Thievery Is National Policy—And Must Be Challenged – WSJ.com.


PLA “Online Blue Army” gets ready for cyber warfare

Defense Ministry spokesman Geng Yansheng hosts the ministry’s second regular press conference in Beijing, May 25, 2011. [Photo/China Daily, mod.gov.cn]

The People’s Liberation Army (PLA) confirmed in May 2011 that it has established an “Online Blue Army” to improve China’s defense capability and ensure the security of the country’s military network. The announcement drew close attention from military watchers and experts worldwide.

Zhang Shaozhong, a military expert and a professor from PLA National Defense University, told the People’s Daily that China is increasingly dependent on the Internet, but makes no domestic root servers, and various other types of software and Internet hardware are U.S. made. In this sense, China can be described as merely a computer user with a fairly fragile Internet security system. These are circumstances that cry out for the build up of Internet security forces.

Throughout 2010, 480,000 Trojans viruses and 13,782 Zombie viruses were detected, with 221,000 Trojan and 6,531 Zombie remote control clients found to originate in foreign countries.

via PLA “Online Blue Army” gets ready for cyber warfare – Headlines, features, photo and videos from ecns.cn.


China’s Cyber Militia

There’s been an interesting new development in China’s use of cyber space as an element in its intelligence and security operations. The People’s Liberation Army (PLA) is reportedly funding a vast complex of part-time cyber-devotees to supplement and compliment the official structure of cyber interception and invasion.

Equally as interesting is the willingness of the Chinese authorities to allow the publication of this fact. The first official recognition of this program occurred in one chosen hi-tech factory in 2002. According to an official PLA publication, there are now thousands of such units around the country. Obviously the proliferation was considered too great to hide.

via The American Spectator : China’s Cyber Militia.


Pentagon Worried About Chinese Hackers – Softpedia

Every year, the annual report on China’s military power that the Pentagon presents before the U.S. Congress is met with criticism by the Asian country, and every year the US say that they are worried by the advancement level the rival power has achieved. That’s the backbone of what has been going on, the meat on the bones is, however, changed every year with various details.

via Pentagon Worried About Chinese Hackers – Softpedia.


U.S. GOES ON THE OFFENSE CYBER ATTACKS FROM CHINA

China's Cyber Warfare campaign against the US

The military must move from defending against major cyberattacks to deterring assaults by letting enemies know the U.S. is willing to retaliate with its own virtual weapons or military force, a top general said Thursday.

The Pentagon’s new strategy for threats from computer hackers primarily deals with enhancing the defense of its computer systems and those of its military contractors. But Marine Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said that policy is just a start. He said that over the next decade the military would move beyond building better firewalls and make clear to adversaries that they will pay a price for serious cyberattacks.

Gen. Cartwright said.

“There is no penalty to attacking us now. We have to figure out a way to change that.” 

Deputy Secretary of Defense William Lynn said the laws of armed conflict apply in cyberspace, implying that the U.S., in some cases, reserves the right to use real bullets and real bombs to retaliate for virtual attacks. The Wall Street Journal reported the military’s conclusion in May.

At the same time, a critical part of the new strategy is to improve the defenses of the military’s computer networks to ensure that cyberattackers are quickly identified and get little of benefit when they strike.

Mr. Lynn said.

“If we can minimize the impact of attacks on our operations and attribute them quickly and definitively, we may be able to change the decision calculus of an attacker.”

Cyberattacks have resulted in the theft of thousands of files from the U.S. government, allies and private industry. Each year, a volume of intellectual property exceeding the size of the Library of Congress is stolen from U.S. government and private-sector networks, the Pentagon strategy document says.

Attackers have targeted the Pentagon’s most expensive weapons system, the Joint Strike Fighter (F-35), a project led by Lockheed Martin Corp.  Lockheed was the target of a more recent cyberattack, facilitated by a breach of the computer-security firm RSA, which makes tokens for secure network connections. A hacking group called AntiSec said this week it had hacked into defense contractor and consultancy Booz Allen Hamilton and stolen 90,000 military email addresses and passwords.

The document says about its information infrastructure.

“Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity. Many foreign nations are working to exploit [the Pentagon’s] unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements.”

Mr. Lynn said a “foreign intelligence service” had stolen 24,000 files from a U.S. defense contractor in a March cyberattack. He provided no other details of the attack but said a weapons system may need to be at least partly redesigned as a result of the breach.

Critics said the Pentagon strategy was incomplete.

“The plan as described fails to engage on the hard issues, such as offense and attribution,” or identifying who mounted an attack, said Stewart Baker, a former general counsel at the National Security Agency.

Gen. Cartwright cautioned that the U.S. wouldn’t routinely strike at foreign state-sponsored hackers, either with cyberweapons or real-world weapons. At a roundtable sponsored by the Center for Media and Security, he said subsequent strategy documents will clarify how the laws of war apply to cyberspace and what policies should guide deterrence.

Gen. Cartwright said he hoped the Defense Department’s cyber efforts will have moved from being 90% focused on defense to 90% focused on deterrence within a decade.

If the U.S. were attacked in a way that justified a response under the laws of armed conflict, it could react in a variety of ways. Responses could begin with diplomatic efforts, then escalate into a “kinetic” attack, with real-world weapons, Gen. Cartwright said.

Some cybersecurity specialists said the strategy was a reasonable first step. “They’ve identified the right problems and the right approaches to addressing them,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies, who frequently advises the administration.

Rep. Jim Langevin, a Rhode Island Democrat who has pressed for enhanced cybersecurity, applauded the strategy, but said it leaves key questions unanswered, such as whether data theft alone—rather than cyberattack that disabled the power grid, for instance—could ever amount to an act of war.

COMMENTARY:   China needs to be taught a lesson.  I think it’s time for the U.S. military to send China a dose of the Stuxnet: The Virus That Shutdown Iran’s Nuclear Program.   These cyber attacks are unwarranted.  The only reason they are doing this is because they have an inferior military and their high-technology weaponry is no match for the U.S., so they are testing us just incase there is armed conflict.  It really pisses me off knowing that we trade with China, we have thousands of plants and branch offices of American companies over there, and they pull this stunt.

Thankfully, we are well prepared for cyberattacks, and we can take it as well as give it. The two organizations entrusted with the role of defending our nation against cyber attacks is the United States Cyber Command or CYBERCOM and the National Security Agency or NSA.

United States Cyber Command or CYBERCOM

In a blog article dated February 7, 2011, I wrote about the United States Cyber Command or USCYBERCOM, the multi-branch military arm of the Department of Defense entrusted with protecting the U.S. against cyber attacks.  And, we really have a lot to protect, including all of our military installations, and our land, sea and air-based defense facilities throughout the world.  A successful cyberattack on any of these installations or facilities could be just as being attacked by weapons of mass destruction.

The precise mission of USCYBERCOM is to plan, coordinate, integrate, synchronize, and conduct activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

National Security Agency or NSA

In a blog article dated April 28, 2011, I wrote about the NSA, the super-secret intelligence agency that goes by the nickname, “No Such Agency”.  NSA’s work is limited to communications intelligence; it does not perform field or human intelligence (spying on people) activities. By law, NSA’s intelligence gathering is limited to foreign communications.  NSA has the ability to spy on any individual, organization, business or government agency (foreign or domestic) and has done so 24/7, 365.   The NSA is a cryptologic intelligence agency and specializes in “signal intelligence”or code breaking.

The NSA is directed by at least a Army lieutenant general or Navy vice-admiral.   The present Director of the NSA is U.S. Army General Keith B. Alexander.  He is also Commander, U.S. Cyber Command or CYBERCOM.    See above video.

The NSA can intercept any electronic signal, in any form, frequency or language, encrypted or non-encrypted.  They can eavesdrop on anybody, even listen to conversations through brick walls.  Yes, they even listened to Osama Bin Ladin’s satellite phone conversations when he was hiding out in Tora Bora, and they could be listening to you right now.   You can bet that the NSA is watching China’s every move, and knows what Chinese are up especially of they plan future cyberattacks.

The Chinese Response

Naturally China has denied any wrongdoing, but the official newspaper of the People’s Liberation Army said it was Beijing that was vulnerable to attack, in a news report that surveyed the Pentagon’s efforts in cyber security.

The report in the Chinese-language Liberation Army Daily concluded.

“The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak. Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army.”

The article was also published on the website of China’s Ministry of Defense (http://www.mod.gov.cn).

Although it does not amount to an official government statement, the report in the military newspaper — which is closely vetted to reflect official thinking — shows how China is also focused on the issues of Internet attacks and defense.

The report said.

“Although our country has developed into an Internet great power, our Internet security defenses are still very weak. So we must accelerate development of Internet battle technology and armament. Comprehensively improve our military’s ability to defend the Internet frontiers.”

Earlier this month, U.S. Defense Secretary Robert Gates said Washington was seriously concerned about cyber-attacks and prepared to use force against any it considered acts of war.

Although it does not amount to an official government statement, the report in the military newspaper — which is closely vetted to reflect official thinking — shows how China is also focused on the issues of Internet attacks and defense.

China’s military has set up an elite Internet security task force tasked with fending off cyber attacks, state media reported May 27, denying that the initiative is intended to create a “hacker army.”

The People’s Liberation Army has reportedly invested tens of millions of dollars in the project, which is sure to ring alarm bells around the world among governments and businesses wary of Beijing’s intentions.

Ministry spokesperson Geng Yansheng of the People's Liberation Army announces formation of a Blue Cyber Team

The Global Times quoted China’s defense ministry spokesman Geng Yansheng as telling a rare briefing this week.

“Cyber attacks have become an international problem affecting both civilian and military areas.  China is relatively weak in cyber-security and has often been targeted. This temporary program is aimed at improving our defenses against such attacks.”

The 30-member “Cyber Blue Team” – the core of the PLA’s cyber force – has been organized under the Guangdong military command in the country’s south and will carry out “cyber-warfare drills”, the newspaper said.

Brainstorming China's Cyber Capabilities -- Defense and Offense

The Cyber Blue Team  is based in Jinan, China where there are 12 Universities and a high tech zone and boast 6 million people. It’s also the headquarter of the PLA. The squad is aimed at carrying out attacks on other countries Internet.

China's Blue Cyber Team busy hacking computer systems throughout the world

Li Li, a military expert at the National Defense University said,

“China’s Online Blue Army is currently at its fledging period.”  

Zhang Shaozhong, a military expert from the PLA adds.

“Just like the army and air forces, the ‘online blue army’  is a historical necessity.”

The reason is very simple. Teng Jianqun, a research fellow at the China Institute of International Studies, said.

“We must adapt to the new types of warfare in the information era. The ‘online blue army’ is of great strategic significance to China’s economic development and social stability.” 

The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide-range of cyberattacks on government and corporate computer systems worldwide.

But in a commentary, the Global Times hit out at “some foreign media” for interpreting the program as a breeding ground for a “hacker army” said.

“China’s capability is often exaggerated. Without substantiated evidence, it is often depicted by overseas media as the culprit for cyberattacks on the US and Europe. China needs to develop its strong cyber defense strength. Otherwise, it would remain at the mercy of others.”

China’s military has received annual double-digit increases in its budget over much of the last two decades as it tries to develop a more modern force capable of winning increasingly high-tech wars.

In 2007, the Pentagon raised concerns about a successful Chinese ballistic missile test strike on a satellite. That weapon could be used to knock out the high-tech communications of its enemies.

U.S. computer firm McAfee said in February that hackers from China have also infiltrated the computer networks of global oil companies and stole financial documents on bidding plans and other confidential information.

According to US diplomatic cables obtained and published by WikiLeaks, the United States believes that China’s leadership has directed hacking campaigns against U.S. Internet giant Google and Western governments.

In one cable, the U.S. Embassy in Beijing said it learned from “a Chinese contact” that the Politburo had led years of hacking into computers of the United States, its allies and Tibet’s exiled spiritual leader, the Dalai Lama.

Chinese Hacking Groups

The Chinese were ahead of the game in connecting not only with the People’s Liberation Army, but also the nascent hacker communities in their country. Using a combination of leveraging companies like Huawei to tap into their technical staff and the patriotism on the part of the PLA and the hacker communities, China has forged a solid directorate for electronic warfare and espionage.

  • The Chinese Military (PLA) —–> Leverage many corporations that the military actually has majority stock in to gain access to technology and assets.
  • The Chinese Hacker Community —-> Sell and work for the PLA creating 0day and performing hacks for money as well as patriotism.  (NOTE: See the video below)
  • Chinese Corporations —-> Often used as cutouts to gain access economically and intelligence wise to assets in other countries

Often, the corporations, which are many times, sponsored or majority owned by the PLA are the training grounds and the operative section for soft power operations for China. By using financial deals and alliances, China often attempts to gain the upper hand by having asset connections inside of companies that they wish to affect or to steal from. No longer is it needed to install spies within when the company is partially owned or has access granted because they are working “together”

It is the Chinese hacking community that is of most interest to many in my field however. Many of these people are still in universities and are often times motivated by their nationalistic tendencies ostensibly. Some of these groups have become actual companies producing security software or offering security services.

Of course they are still likely to be assets for the PLA and probably the tip of the spear operators for China in operations. The reason for this simply would be that they are expendable in the sense of hacking as a nation state would cause international issues. Hacking as a hacking group though could be seen as their own initiative and they could be burned without losing face.

Within this amalgam of groups we then see the attack “teams” who crack the systems, then other teams perform recon, and still others, keep the access open and retrieve dataAll in all, they have a slick operation and we would be wise to pay attention to how they operate.

Cyber warfare is not just a political and military problem between nations, but there is a huge network of individual hackers and hacking communities who hack computer systems throughout the world out of nationalistic pride because they believe the governments in those countries represent a threat to their country.  Other groups are social and political activists who are anti-corporate and anti-government, and this is their way at fighting back, creating chaos and effecting political and social change.

To get a clearer picture at just how vast the Chinese hacking community is, I highly recommend The Dark Visitor blog.

Courtesy of an article dated July 15, 2011 appearing in The Wall Street Journal  and an article dated May 27, 2011 appearing in Defense News and an article dated July 8, 2011 appearing in the China Cyber Warfare Blog an article dated April 21, 2011 appearing inInfosec Island, and an article dated May 26, 2011 appearing in Radio86.com

Red More – U.S. GOES ON THE OFFENSE TO DETER CYBER ATTACKS FROM CHINA AND OTHER ENEMIES DETERMINED TO ATTACK US THROUGH CYBERSPACE – PBT Consulting.


US – China Cyber Detente or Confrontation? – IEEE Spectrum

“Senior U.S. officials know well that the government of China is systematically attacking the computer networks of the U.S. government and American corporations. Beijing is successfully stealing research and development, software source code, manufacturing know how and government plans. In a global competition among knowledge-based economies, Chinese cyber operations are eroding America’s advantage.”

via US – China Cyber Detente or Confrontation? – IEEE Spectrum.