The title is inspired by the article Are Chinese Telecoms Acting as the Ears for Central Asian Authoritarians? published in Eurasianet.org, examining the probable role of Chinese telecoms firms, notably Huawei and ZTE, in espionage and surveillance. The article notes that both ZTE and Huawei have signed contracts worth tens of millions of US dollars with governments in Central Asia, not known for their democratic credentials. The article also flags an on-going US congressional committee probe into the two companies in particular, and how the telecoms products (like USB dongles) and possibly even services (including underlying network technologies and infrastructure) aid espionage. As the article avers,
Sen. John Kerry is fed up with Chinas penchant for looting technology from U.S. businesses — up to $400 billion worth of data each year. When will it stop?POSTED ON FEBRUARY 16, 2012, AT 3:52 PMChinese gamers at an internet cafe: Sen. John Kerry D-Mass. says Chinese hackers are illegally stealing business secrets from American firms. Photo: Imaginechina/Corbis SEE ALL 54 PHOTOSChinese Vice President Xi Jinping, slated to be the next leader of the worlds most populous nation, is getting an earful from U.S. officials over Chinas shady business practices. During Xis first official tour of the U.S. this week, Sen. John Kerry D-Mass. accused a Chinese company of bankrupting a U.S. competitor by ransacking its software. And thats just the tip of the iceberg, alleges Kerry, implicating China in “cyber-attacks, access-to-market issues, espionage [and] theft.” And, indeed, a flurry of recent reports indicate that Chinese hackers, backed by the government, are stealing business secrets from the U.S. Here, a guide:
Defense Ministry spokesman Geng Yansheng hosts the ministry’s second regular press conference in Beijing, May 25, 2011. [Photo/China Daily, mod.gov.cn]
The People’s Liberation Army (PLA) confirmed in May 2011 that it has established an “Online Blue Army” to improve China’s defense capability and ensure the security of the country’s military network. The announcement drew close attention from military watchers and experts worldwide.
Zhang Shaozhong, a military expert and a professor from PLA National Defense University, told the People’s Daily that China is increasingly dependent on the Internet, but makes no domestic root servers, and various other types of software and Internet hardware are U.S. made. In this sense, China can be described as merely a computer user with a fairly fragile Internet security system. These are circumstances that cry out for the build up of Internet security forces.
Throughout 2010, 480,000 Trojans viruses and 13,782 Zombie viruses were detected, with 221,000 Trojan and 6,531 Zombie remote control clients found to originate in foreign countries.
It was supposed to be just another piece of Chinese propaganda. It ended up as a major “oops,” revealing that a Chinese military university is engaged in cyberwarfare against the U.S.
The Epoch Times reports that the film, screened in mid-July, included a screenshot that it calls a “damaging revelation.” Here’s the screenshot:
And here‘s why it’s so damaging, according to the Times:
The screenshots appear as B-roll footage in the documentary for six seconds—between 11:04 and 11:10 minutes—showing custom-built Chinese software apparently launching a cyber-attack against the main website of the Falun Gong spiritual practice, by using a compromised IP address belonging to a United States university.
Two super powers have opposing views as to what shape security on the Internet should take!
WASHINGTON – For two years, academic experts from the United States and China have quietly held talks on cyber-security, straining to establish rules of the road in a realm that has proven a persistent irritant between the world’s two largest economies.
The informal discussions have yielded modest progress in areas such as cooperation to combat Internet fraud, where both Beijing and Washington have an incentive to work together, according to participants.
AFP/Getty Images
Chinese anti-terrorism police undergo a drill in Suining, southwest China’s Sichuan province. After setting up its own cyber-warfare team, China’s military has now developed its first online war game aimed at improving combat skills and battle awareness, state press said. China and the U.S. have contrasting views on cyber security. Photo: Getty Images
China’s contrasting view of cyber security was made clear as soon as the United States began discussing the need to protect computer networks, James Mulvenon, a China expert at the Defense Group Inc, told a recent Washington conference.
China wanted to talk about censorship “The Chinese came back immediately and said no, no, no, we want to talk about information security, which is both protecting the network and policing the content on the network,” Mulvenon said.
“Right from the outset, we were talking past one another,” he asaid.
Digital attacks and cyber snooping on U.S. technology firms and government agencies including the Pentagon, many of them believed to have originated in or been routed through China, have pushed cyber-security up the list of thorny issues troubling Sino-American relations.
While Beijing denies it, U.S. officials and experts suspect China’s hand was behind the hacking and phishing of web-search giant Google Inc. this year and last, as well as intrusions into Pentagon networks.
On Thursday, the Pentagon is due to release its formal cyber-security strategy.
Unlike nuclear, chemical and biological weaponry, or trade wars, there are no existing international treaties that cover cyber-war, computer espionage or hacking.
Former Secretary of State Henry Kissinger, an architect of the U.S. opening with China in the 1970s, told a Thomson Reuters event last month that a high-level agreement between the two sides is needed. “If you take it case by case it will lead to accusations and counter-accusations,” he said.
But so far, there has been relatively little official movement.
The annual cabinet-level U.S.-China Strategic and Economic Dialogue included cyber security for the first time this year, but the session was just 90 minutes long, cut in half by translation and produced no breakthroughs.
The unofficial talks between experts began after China approached the United States with concerns that hacker intrusions were stoking bilateral tension, said James Lewis, a cybersecurity expert who leads the U.S. side of the talks.
The U.S. group and experts from the state-affiliated China Institutes of Contemporary International Relations have covered four areas: law enforcement, trade, military issues and espionage.
Five group meetings and three smaller informal meetings have made headway in the law enforcement area, said Lewis, of the Center for Strategic and International Studies, a Washington think tank.
In one instance, the FBI helped China’s law enforcement agencies by staging raids in New York on Chinese in the United States who were defrauding people back home, he said.
“It’s slow, but I think there’s a little bit of progress,” said Lewis, adding that the goal is to eventually hand the conversations over to official negotiating teams.
But the military and espionage tracks have been hard going, highlighting what analysts say is a huge U.S.-China perception gap over values, capabilities, interests – and even basic definitions of deterrence and cyber security.
Analysts say China’s People’s Liberation Army believes its ability to attack U.S. cyber infrastructure compensates for its conventional military weakness compared to the United States.
“I’m quite skeptical of the likelihood that any effective understanding of offensive operations can be reached with the Chinese government,” said Stewart Baker, a former U.S. Department of Homeland Security official, now at the law firm Steptoe & Johnson.
China’s eagerness to acquire foreign technology also has inspired cyber intrusions that anger trade partners.
Hackers based in China have been accused of trying to steal everything from Google’s valuable search algorithm to manuals for U.S. satellites to gigabytes of proprietary business information from Western energy companies.
But China’s spymasters, paradoxically for a centrally controlled government, do not keep a tight leash on hackers and others that they train, said Lewis, whose group will hold its next round of unofficial cyber-security talks later this year.
Lewis said he was skeptical that Beijing was directing the high-value intellectual property theft or could stop it.
“They do train people and they do use proxies but that doesn’t mean that everyone is under their control,” he said.
Even if the United States could verify that China was behind malicious cyber activity and Beijing had the capacity to rein it in, negotiations toward a cyber treaty might require concessions Washington would be loathe to put on the table.
Jack Goldsmith, an international law and cyber-security expert at Harvard Law School, says China and other countries would likely demand U.S. restraint in areas such as intelligence gathering and encouraging political activists who challenge curbs on Internet freedom.
“Until the United States gets serious about which concessions that are attractive to our adversaries it is willing and able to make, American talk of a cyber-arms agreement is empty,” Goldsmith wrote recently.
The military must move from defending against major cyberattacks to deterring assaults by letting enemies know the U.S. is willing to retaliate with its own virtual weapons or military force, a top general said Thursday.
The Pentagon’s new strategy for threats from computer hackers primarily deals with enhancing the defense of its computer systems and those of its military contractors. But Marine Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said that policy is just a start. He said that over the next decade the military would move beyond building better firewalls and make clear to adversaries that they will pay a price for serious cyberattacks.
Gen. Cartwright said.
“There is no penalty to attacking us now. We have to figure out a way to change that.”
Deputy Secretary of Defense William Lynn said the laws of armed conflict apply in cyberspace, implying that the U.S., in some cases, reserves the right to use real bullets and real bombs to retaliate for virtual attacks. The Wall Street Journal reported the military’s conclusion in May.
At the same time, a critical part of the new strategy is to improve the defenses of the military’s computer networks to ensure that cyberattackers are quickly identified and get little of benefit when they strike.
Mr. Lynn said.
“If we can minimize the impact of attacks on our operations and attribute them quickly and definitively, we may be able to change the decision calculus of an attacker.”
Cyberattacks have resulted in the theft of thousands of files from the U.S. government, allies and private industry. Each year, a volume of intellectual property exceeding the size of the Library of Congress is stolen from U.S. government and private-sector networks, the Pentagon strategy document says.
Attackers have targeted the Pentagon’s most expensive weapons system, the Joint Strike Fighter (F-35), a project led by Lockheed Martin Corp. Lockheed was the target of a more recent cyberattack, facilitated by a breach of the computer-security firm RSA, which makes tokens for secure network connections. A hacking group called AntiSec said this week it had hacked into defense contractor and consultancy Booz Allen Hamilton and stolen 90,000 military email addresses and passwords.
The document says about its information infrastructure.
“Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity. Many foreign nations are working to exploit [the Pentagon’s] unclassified and classified networks, and some foreign intelligence organizations have already acquired the capacity to disrupt elements.”
Mr. Lynn said a “foreign intelligence service” had stolen 24,000 files from a U.S. defense contractor in a March cyberattack. He provided no other details of the attack but said a weapons system may need to be at least partly redesigned as a result of the breach.
Critics said the Pentagon strategy was incomplete.
“The plan as described fails to engage on the hard issues, such as offense and attribution,” or identifying who mounted an attack, said Stewart Baker, a former general counsel at the National Security Agency.
Gen. Cartwright cautioned that the U.S. wouldn’t routinely strike at foreign state-sponsored hackers, either with cyberweapons or real-world weapons. At a roundtable sponsored by the Center for Media and Security, he said subsequent strategy documents will clarify how the laws of war apply to cyberspace and what policies should guide deterrence.
Gen. Cartwright said he hoped the Defense Department’s cyber efforts will have moved from being 90% focused on defense to 90% focused on deterrence within a decade.
If the U.S. were attacked in a way that justified a response under the laws of armed conflict, it could react in a variety of ways. Responses could begin with diplomatic efforts, then escalate into a “kinetic” attack, with real-world weapons, Gen. Cartwright said.
Some cybersecurity specialists said the strategy was a reasonable first step. “They’ve identified the right problems and the right approaches to addressing them,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies, who frequently advises the administration.
Rep. Jim Langevin, a Rhode Island Democrat who has pressed for enhanced cybersecurity, applauded the strategy, but said it leaves key questions unanswered, such as whether data theft alone—rather than cyberattack that disabled the power grid, for instance—could ever amount to an act of war.
COMMENTARY: China needs to be taught a lesson. I think it’s time for the U.S. military to send China a dose of the Stuxnet: The Virus That Shutdown Iran’s Nuclear Program. These cyber attacks are unwarranted. The only reason they are doing this is because they have an inferior military and their high-technology weaponry is no match for the U.S., so they are testing us just incase there is armed conflict. It really pisses me off knowing that we trade with China, we have thousands of plants and branch offices of American companies over there, and they pull this stunt.
Thankfully, we are well prepared for cyberattacks, and we can take it as well as give it. The two organizations entrusted with the role of defending our nation against cyber attacks is the United States Cyber Command or CYBERCOM and the National Security Agency or NSA.
United States Cyber Command or CYBERCOM
In a blog article dated February 7, 2011, I wrote about the United States Cyber Command or USCYBERCOM, the multi-branch military arm of the Department of Defense entrusted with protecting the U.S. against cyber attacks. And, we really have a lot to protect, including all of our military installations, and our land, sea and air-based defense facilities throughout the world. A successful cyberattack on any of these installations or facilities could be just as being attacked by weapons of mass destruction.
The precise mission of USCYBERCOM is to plan, coordinate, integrate, synchronize, and conduct activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
National Security Agency or NSA
In a blog article dated April 28, 2011, I wrote about the NSA, the super-secret intelligence agency that goes by the nickname, “No Such Agency”. NSA’s work is limited to communications intelligence; it does not perform field or human intelligence (spying on people) activities. By law, NSA’s intelligence gathering is limited to foreign communications. NSA has the ability to spy on any individual, organization, business or government agency (foreign or domestic) and has done so 24/7, 365. The NSA is a cryptologic intelligence agency and specializes in “signal intelligence”or code breaking.
The NSA is directed by at least a Army lieutenant general or Navy vice-admiral. The present Director of the NSA is U.S. Army General Keith B. Alexander. He is also Commander, U.S. Cyber Command or CYBERCOM. See above video.
The NSA can intercept any electronic signal, in any form, frequency or language, encrypted or non-encrypted. They can eavesdrop on anybody, even listen to conversations through brick walls. Yes, they even listened to Osama Bin Ladin’s satellite phone conversations when he was hiding out in Tora Bora, and they could be listening to you right now. You can bet that the NSA is watching China’s every move, and knows what Chinese are up especially of they plan future cyberattacks.
The Chinese Response
Naturally China has denied any wrongdoing, but the official newspaper of the People’s Liberation Army said it was Beijing that was vulnerable to attack, in a news report that surveyed the Pentagon’s efforts in cyber security.
The report in the Chinese-language Liberation Army Daily concluded.
“The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak. Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army.”
The article was also published on the website of China’s Ministry of Defense (http://www.mod.gov.cn).
Although it does not amount to an official government statement, the report in the military newspaper — which is closely vetted to reflect official thinking — shows how China is also focused on the issues of Internet attacks and defense.
The report said.
“Although our country has developed into an Internet great power, our Internet security defenses are still very weak. So we must accelerate development of Internet battle technology and armament. Comprehensively improve our military’s ability to defend the Internet frontiers.”
Earlier this month, U.S. Defense Secretary Robert Gates said Washington was seriously concerned about cyber-attacks and prepared to use force against any it considered acts of war.
Although it does not amount to an official government statement, the report in the military newspaper — which is closely vetted to reflect official thinking — shows how China is also focused on the issues of Internet attacks and defense.
China’s military has set up an elite Internet security task force tasked with fending off cyber attacks, state media reported May 27, denying that the initiative is intended to create a “hacker army.”
The People’s Liberation Army has reportedly invested tens of millions of dollars in the project, which is sure to ring alarm bells around the world among governments and businesses wary of Beijing’s intentions.
The Global Times quoted China’s defense ministry spokesman Geng Yansheng as telling a rare briefing this week.
“Cyber attacks have become an international problem affecting both civilian and military areas. China is relatively weak in cyber-security and has often been targeted. This temporary program is aimed at improving our defenses against such attacks.”
The 30-member “Cyber Blue Team” – the core of the PLA’s cyber force – has been organized under the Guangdong military command in the country’s south and will carry out “cyber-warfare drills”, the newspaper said.
The Cyber Blue Team is based in Jinan, China where there are 12 Universities and a high tech zone and boast 6 million people. It’s also the headquarter of the PLA. The squad is aimed at carrying out attacks on other countries Internet.
Li Li, a military expert at the National Defense University said,
“China’s Online Blue Army is currently at its fledging period.”
Zhang Shaozhong, a military expert from the PLA adds.
“Just like the army and air forces, the ‘online blue army’ is a historical necessity.”
The reason is very simple. Teng Jianqun, a research fellow at the China Institute of International Studies, said.
“We must adapt to the new types of warfare in the information era. The ‘online blue army’ is of great strategic significance to China’s economic development and social stability.”
The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide-range of cyberattacks on government and corporate computer systems worldwide.
But in a commentary, the Global Times hit out at “some foreign media” for interpreting the program as a breeding ground for a “hacker army” said.
“China’s capability is often exaggerated. Without substantiated evidence, it is often depicted by overseas media as the culprit for cyberattacks on the US and Europe. China needs to develop its strong cyber defense strength. Otherwise, it would remain at the mercy of others.”
China’s military has received annual double-digit increases in its budget over much of the last two decades as it tries to develop a more modern force capable of winning increasingly high-tech wars.
In 2007, the Pentagon raised concerns about a successful Chinese ballistic missile test strike on a satellite. That weapon could be used to knock out the high-tech communications of its enemies.
U.S. computer firm McAfee said in February that hackers from China have also infiltrated the computer networks of global oil companies and stole financial documents on bidding plans and other confidential information.
According to US diplomatic cables obtained and published by WikiLeaks, the United States believes that China’s leadership has directed hacking campaigns against U.S. Internet giant Google and Western governments.
In one cable, the U.S. Embassy in Beijing said it learned from “a Chinese contact” that the Politburo had led years of hacking into computers of the United States, its allies and Tibet’s exiled spiritual leader, the Dalai Lama.
Chinese Hacking Groups
The Chinese were ahead of the game in connecting not only with the People’s Liberation Army, but also the nascent hacker communities in their country. Using a combination of leveraging companies like Huawei to tap into their technical staff and the patriotism on the part of the PLA and the hacker communities, China has forged a solid directorate for electronic warfare and espionage.
The Chinese Military (PLA) —–> Leverage many corporations that the military actually has majority stock in to gain access to technology and assets.
The Chinese Hacker Community —-> Sell and work for the PLA creating 0day and performing hacks for money as well as patriotism. (NOTE: See the video below)
Chinese Corporations —-> Often used as cutouts to gain access economically and intelligence wise to assets in other countries
Often, the corporations, which are many times, sponsored or majority owned by the PLA are the training grounds and the operative section for soft power operations for China. By using financial deals and alliances, China often attempts to gain the upper hand by having asset connections inside of companies that they wish to affect or to steal from. No longer is it needed to install spies within when the company is partially owned or has access granted because they are working “together”
It is the Chinese hacking community that is of most interest to many in my field however. Many of these people are still in universities and are often times motivated by their nationalistic tendencies ostensibly. Some of these groups have become actual companies producing security software or offering security services.
Of course they are still likely to be assets for the PLA and probably the tip of the spear operators for China in operations. The reason for this simply would be that they are expendable in the sense of hacking as a nation state would cause international issues. Hacking as a hacking group though could be seen as their own initiative and they could be burned without losing face.
Within this amalgam of groups we then see the attack “teams” who crack the systems, then other teams perform recon, and still others, keep the access open and retrieve data. All in all, they have a slick operation and we would be wise to pay attention to how they operate.
Cyber warfare is not just a political and military problem between nations, but there is a huge network of individual hackers and hacking communities who hack computer systems throughout the world out of nationalistic pride because they believe the governments in those countries represent a threat to their country. Other groups are social and political activists who are anti-corporate and anti-government, and this is their way at fighting back, creating chaos and effecting political and social change.
To get a clearer picture at just how vast the Chinese hacking community is, I highly recommend The Dark Visitor blog.
As Wen Jiabao, the Chinese Premier, sips tea with the Prime Minister at Downing Street on Monday, both men will already know that their countries are in a state of undeclared war.
Although the Cold War is long over, MI5 is left tackling a constant threat from Chinese espionage.
Jonathan Evans, the director general of MI5, has singled out China for their “unreconstructed attempts” to spy on Britain saying they “continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects and trying to obtain political and economic intelligence at our expense.”
MI5 believes that the Chinese government “represents one of the most significant espionage threats to the UK.”
A 14-page “restricted” report from MI5’s Centre for the Protection of National Infrastructure (CPNI) last year, described how China has attacked British defence, energy, communications and manufacturing companies in a concerted hacking campaign.
One of the main focuses of Britain’s Office of Cyber Security and the Cyber Security Operations Centre based at GCHQ is the constant attempts to break into government departments and private sector companies by Chinese hackers.
But the CPNI report also claimed that China has gone much further, saying Chinese agents are trying to cultivate “long-term relationships” with the employees of key British companies, adding: “Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurise individuals to co-operate with them.”
It warned that hotel rooms in major Chinese cities, such as Beijing and Shanghai, frequented by foreigners, were likely to be bugged and have been searched while the occupants are out of the room.
Victims include one of Gordon Brown’s aides who was caught in a “honeytrap” operation by a suspected Chinese intelligence agent who is thought to have stolen his Blackberry phone after she approached him in a Shanghai hotel disco three years ago.
No doubt David Cameron’s aides will have their wits about them throughout the visit.
The Chinese PLA (Peoples Liberation Army) now has a cyber “Blue Team” that can use cyber space as the new frontier for warfare.
The US and China defense policies are changing. The (Cyber Blue Team, 2011) is based in Jinan, China where there are 12 Universities and a high tech zone and boast 6 million people. It’s also the headquarter of the PLA. The squad is aimed at carrying out attacks on other countries Internet. (Li Li, 2011), a military expert at the National Defense University said, “China’s Online Blue Army is currently at its fledging period. (Zhang Shaozhong, 2011), a military expert from the PLA said, “Just like the army and air forces, the ‘online blue army’ is a historical necessity. The reason is very simple. “We must adapt to the new types of warfare in the information era. The ‘online blue army’ is of great strategic significance to China’s economic development and social stability,” Teng Jianqun, a research fellow at the China Institute of International Studies, said.
The Internet has the potential to transform Chinese (Jones E-Library, 2011) society and politics. Cyber Space is the next front lines for military operations.
Consider the US (US cyber attack Iraq, 2003) prior to invasion the US froze Saddam Hussein’s bank account and disable the country’s financial and communication system before a shot was ever fired. Cyber Warfare is a first strike capabilities weapon and it can be a deterrent if used wisely. China wants’ to be able to do the things it’s cyber brothers can do and who could blame them. The truth be told China has a bad cyber infrastructure and we are hacking them all the time. DHS (disclosed china secrets, 2011) the US told the world that China had some major security holes. Now the whole hacking communities (lulzsec and anonymous) know about China’s problems. This is a shot at the bow of the Chinese government to stop hacking the US or we are going to hack you.
It is a fact that Russia and others are quietly going about cyber intelligence and espionage but they are good so nobody hears about them but they are out there. When China get’s it’s Cyber Blue Team going strong we will not hear a sound about China then the Cyber warfare has really started and there is no way back. The Internet is here to stay and to government like China this an essential weapon to be a world player in cyber space.
China Cyber Warfare Blog 