Trojan Dragons: China's International Cyber Warriors

The Heritage Foundation ^ | December 12, 2007 | By John J. Tkacik, Jr.

[JACKRUSSELL]

This week, The New York Times reported that in a series of "sophisticated attempts" against the U.S. nuclear weapons lab at Oak Ridge, Tennessee, Chinese hackers were able to "remove data."[1] The story illustrates an alarming fact: China's cyber spies are now a part of America's computer network, literally. It is time for U.S. authorities to be open with the American people about the escalating threat posed by China to America's science and technology secrets.

Continuous Attacks

U.S. Strategic Command Chief General James E. Cartwright told Congress in March 2007 that "America is under widespread attack in cyberspace." During fiscal year 2007, the Department of Homeland Security received 37,000 reports of attempted breaches on government and private systems, which included 12,986 direct assaults on federal agencies and more than 80,000 attempted attacks on Department of Defense computer network systems. Some of these attacks "reduced the U.S. military's operational capabilities."[2] As for China's part in this trend, one American cyber security firm that focuses on "a centralised group of activity based from China" now says that "in the last three months, the attacks [from China] have almost tripled."[3]

A Global Threat

Officials in Europe have not hesitated to spotlight China's cyber warfare. Publicly, they have been more vocal and pointed about Chinese involvement than their American counterparts. Earlier this month, Jonathan Evans, the chief of Great Britain's domestic counterintelligence service, MI-5, sent a confidential letter to 300 accountants, legal firms, and chief executives and security chiefs at banks, warning them that they were under "electronic espionage attack" from "Chinese state organisations." Mr. Evans noted that a number of British companies--Rolls Royce is one example--had discovered that viruses of Chinese government origin were uploading vast quantities of industrial secrets to Internet servers in China.[4]

It was just the latest warning from European governments that China is the source of a breathtakingly broad campaign of cyber penetrations of European government and commercial information systems. In October, one of Germany's top internal security officers, Hans Elmar Remberg, told a Berlin conference on industrial espionage that his country was involved in "the Chinese cyber war"--and in case his audience was under the illusion that the aggressors were mere "hackers"--he averred, "In our view, state Chinese interests [Chinesische Staatsinteressen] stand behind these digital attacks." The German news magazine Der Spiegel termed the attackers as "The Yellow Spies."[5] The unfortunate use of racial language gave an opening to Chinese students in Germany to claim racism.[6] The charges of racism, of course, did not gainsay the facts presented by Der Spiegel.

In September, French Secretary General for National Defence Francis Delon said, "We have proof that there was involvement with China," but he demurred, "that is not to say the Chinese government."[7]

The German government has been particularly annoyed by the attacks. In August, German Chancellor Angela Merkel learned that three computer networks in her own office had been penetrated by Chinese intelligence services. A few days later, she confronted the visiting Chinese premier directly about the attacks and demanded that China play by the rules. Premier Wen Jiabao, straight-faced, expressed utter shock and promised that his government would get to the bottom of it. He then asked for detailed information from Germany's counterintelligence agencies to help China's security police find the culprit.[8]

By far, the target attacked most intensely by the Chinese is the U.S. military, closely followed by the State Department, the Commerce Department, and apparently the Department of Homeland Security. China also targets computer networks in sensitive U.S. sectors relating to commerce, academia, industry, finance, and energy. One U.S. cyber security expert told a group of federal managers that "the Chinese are in half of your agencies' systems" already.[9]

Lessons Not Learned

While the U.S. government may be reticent to reveal the vulnerabilities of its databases to Chinese penetration, the information available shows how widespread Chinese cyber attacks have become. Cyber warfare units in the Chinese People's Liberation Army (PLA) have already penetrated the Pentagon's unclassified Unclassified but Sensitive Internet Protocol Router Network (NIPRNet) and have designed software to disable it in time of conflict or confrontation.[10] Maj. Gen. William Lord, director of information, services, and integration in the Air Force's Office of Warfighting Integration admits that "China has downloaded 10 to 20 terabytes of data from the NIPRNet already," and added, "There is a nation-state threat by the Chinese."[11]

Richard Lawless, deputy undersecretary of defense for Asia-Pacific affairs, told a congressional panel on June 13, 2007, that the Chinese are "leveraging information technology expertise available in China's booming economy to make significant strides in cyber-warfare." He noted that the Chinese military's "determination to familiarize themselves and dominate to some degree the Internet capabilities--not only of China and that region of the world--provide them with a growing and very impressive capability that we are very mindful of and are spending a lot of time watching."[12]

The Chinese, he said, have developed a very sophisticated, broadly-based capability to . . . attack and degrade our computer systems and our Internet systems. Computer access, warfare and the . . . disruptive things that that allows you to do to an opponent are well appreciated by the Chinese and they spend a lot of time figuring out how to disrupt our networks--how to both penetrate networks, in terms of gleaning or gaining information that is protected, as well as computer network attack programs which would allow them to shut down critical systems at times of emergency. So first of all, the capability is there. They're growing it; they see it as a major component of their asymmetric warfare capability.[13]

PLA cyber warfare units have access to source codes for America's ubiquitous office software, giving them a skeleton key to every networked government, military, business, and private computer in America. General Cartwright has warned, "I think that we should start to consider that 'regret factors' associated with a cyber attack could, in fact, be in the magnitude of a weapon of mass destruction."[14]

What the U.S. Must Do

As the alarming state of cyber security becomes ever clearer, the Administration should build on the statements of General Lord and former Deputy Undersecretary Lawless. China's cyber warriors are the most acute threat not only to America's national security information infrastructure but to commercial, financial, and energy information networks as well.And via their computer network operations,China's clandestine intelligence collection is the top intelligence threat to America's science and technology secrets. If the Administration believes otherwise, it ought to explain to the American people why, in the face of the steady reports of Chinese cyber spying, the concern is misplaced. But it cannot simply refrain from making the judgment and sharing it with the public.

John J. Tkacik, Jr., is Senior Research Fellow in the Asian Studies Center at The Heritage Foundation.

[1]John Markoff, "China Link Suspected in Lab Hacking," The New York Times, December 9, 2007, p. A-03, at www.nytimes.com/2007/12/09/us/nationalspecial3/09hack.html.

[2]Notes from a presentation by Dr. Andrew Palowitch entitled, "Cyber Warfare: Viable Component to the National Cyber Security Initiative?" at Georgetown University, November 27, 2007.

[3]Stephen Fidler, "Steep Rise in Hacking Attacks from China," The Financial Times, December 5, 2007, at www.ft.com/cms/s/0/c93e3ba2-a361-11dc-b229-0000779fd2ac.html. Source cites Yuval Ben-Itzhak, chief technology officer for Finjan, a Web security group based in San Jose, California.

[4]Rhys Blakely, Jonathan Richards, James Rossiter, and Richard Beeston, "MI5 Alert on China's Cyberspace Spy Threat," TimesOnline, December 1, 2007, at http://business.timesonline.co.uk/tol/business/industr y_sectors/technology/article2980250.ece (December 11, 2007).

[5]The August 27, 2007, issue of Der Spiegel bore the cover title "Die Gelben Spione: Wie China deutsche Technologie ausspaht" (The Yellow Spies: How China Steals German Technology). The cover story was entitled "Chinesische Trojaner auf PCs im Kanzleramt" (Chinese Trojans in Chancellor Office PCs), Der Spiegel, posted August 25, 2007, at www.spiegel.de/netzwelt/tech/0,1518,501954,00.html.

[6]"Zai De Huaren; Gao Mingjing Zui Hua" (Chinese in Germany; Spiegel Slanders Chinese), Shijie Ribao, December 7, 2007, at www.worldjournal.com/wj-ch-news.php?nt_seq_id=1635448.

[7](No author cited), "Now France Comes Under Attack from PRC Hackers," Agence France Presse, September 9, 2007, at www.taipeitimes.com/News/front/archives/2007/09/09/2003377917.

[8]John Blau, "German Gov't PCs Hacked, China Offers to Investigate: China Offers to Help Track Down the Chinese Hackers Who Broke into German Computers," PC World, August 27, 2007, at www.washingtonpost.com/wp-dyn/content/article/2007/08/27/AR2007082700595.html.

[9]Mark A Kellner, "China a 'Latent Threat, Potential Enemy': Expert," DefenseNews Weekly, December 4, 2006, at www.defensenews.com/story.php?F=2389588&C=america.

[10]Mulvenon, "Chinese Information Operations Strategies in a Taiwan Contingency."

[11]"Pentagon warns of Internet incursion by Chinese cyber-terrorists," GCN, August 24, 2006.

[12]Hearing of the House Armed Services Committee on "Recent Security Developments In China"; witnesses: Richard P. Lawless, Deputy Undersecretary of Defense For Asia-Pacific Affairs, and Major General Philip M. Breedlove, Vice Director For Strategic Plans and Policy, Joint Chiefs Of Staff; June 13, 2007. Transcript provided by Federal News Service.

[13]Hearing of the House Armed Services Committee on "Recent Security Developments in China," June 13, 2007, transcript prepared by Federal News Service.

[14]USCC Testimony, March 29, 2007, p. 7

[Calpernia]

Why would you throw up an Airport in France?

[Paul Ross]

And via their computer network operations,China's clandestine intelligence collection is the top intelligence threat to America's science and technology secrets. If the Administration believes otherwise, it ought to explain to the American people why, in the face of the steady reports of Chinese cyber spying, the concern is misplaced. But it cannot simply refrain from making the judgment and sharing it with the public.

Oh, it can't, can it? I beg to differ. This Administration has demonstrated a profound disregard for the concerns of the American people. They apear to believe in the maxim that no one ever lost an election discounting the intelligence of the American electorate.

And now into the last half of the 2nd term LameDuck-In-Chief thinks he is especially off the hook.

So they can and they still do "refrain". Witness the whitewash policy already in place for the Navy port call spat over their Hong Kong visit.

I wish I could believe in the cloak-and-dagger hypothesis why we are refraining from Presidential acknowledgment of the issue. Supposedly keeping our counter-measures secret until essential need requires their exposure. But the implicit denial of the threat flies in the face of the very real damage and compromise routinely being inflicted against our cyber security.

Where the hell do they draw the line? And who says we should any longer trust their judgement? As the article says...it is all of our business...literally in the cyber-gun sights of these hacker teams. Our finances, everything. And nothing is done.

The White House is corrupt. It does not represent the America I grew up in. Clearly, on this issue, It does not represent the American People.

And sadly, it is clear the administration intends to further endanger us for a pathetically few scheckels! Apparently it is in the works to override the NSA and DIA's objections at CFIUS to the Bain Capital's / Huaewai Technology's bid to buy up 3Com...our primary cyber security firm the U.S. government relies upon.

[Constantine XIII]

I’m Bruce Banner IRL, and wouldn’t you know it, they lost my luggage.

No, they didn’t like me when I was angry. :)

[Calpernia]

ok. Don’t know what anything you posted said. You have a good one.

[DoughtyOne]

I know this is somewhat of an unpopular opinion, but we got caught with our pants down on 09/11.

Our top domestic civilian, political and military targets were left unprotected by the tens of thousands of "brilliant minds" in our government and national security agencies.  If it weren't for some brave civilians on board Flight 93, Congress or the White House would have likely been destroyed.

I don't say this to wollow in it.  I say this, because it is true, and after watching how carelessly our leaders have allowed tens of thousands of people to enter here from states where vile sects of Islam dominate, it would be impossible to claim we've learned our lesson.  Millions of unknowns later, having crossed our borders plans and destinations also unknown, we are undeniably vulnerable.

Articles like these are intended to sound alarm bells.  They may or may not be spot on, but I sure hope someone at the top is listening.  If I hear some of the same lame-ass excuses next time, that we did last time, I'm going to be one guy (figuratively) looking for ropes and low branches.

[Calpernia]

http://www.freerepublic.com/focus/f-news/1891445/posts
Pentagon: China Gearing Up for High-Tech Warfare

http://www.freerepublic.com/focus/f-news/1906555/posts
GOP urges probe in China firm deal (Hunter, Hoekstra and Sessions)

>>>Senior Pentagon officials, meanwhile, are investigating the security aspects of the announced plan for China’s Huawei Technologies and the investment firm Bain Capital Partners to buy 3Com, which makes equipment used by the Pentagon to block computer hackers, including those from the Chinese military.<<<

Tidbit for all. 3Com is the company responsible for providing the firewalls and security software to the Pentagon. Let’s keep that in mind.

http://www.freerepublic.com/focus/f-news/1890608/posts
Chinese military hacked into Pentagon

[Paul Ross]

Nobody will tell me why we have to accept packets from .cn or why we need to have connectivity with them.

Agreed. BUT. They can still work around that...when there was the major cyber attack from China on our power grid in California, they used attacks not only from China, but North Korea (Birds of a feather) and (?) The Netherlands. Obviously exploiting unsecured computers for bot-attacks.

[Paul Ross]

Ping

[DoughtyOne]

Thank you Calpernia.

[Gorzaloon]

Agreed. BUT. They can still work around that...when there was the major cyber attack from China on our power grid in California, they used attacks not only from China, but North Korea (Birds of a feather) and (?) The Netherlands. Obviously exploiting unsecured computers for bot-attacks.

Yes, and probably thousands of them from our neighbors, thanks to all the malware out there, courtesy of our own "Enterpreneurs", the Russian Mafia, and .cn.

Truly savage enforcement would be a good start. Breaking all links to .cn would be better. Not one harmless byte has come from or gone there in a long time.

Oh, Happy "Rolex Watch" Season to all.

[Constantine XIII]

See, Calpernia, O RLY works like this:

"not only from China, but North Korea (Birds of a feather) "

Because it's obvious to the casual observer that the internet just hasn't really penetrated North Korea to any great extent. What kind of retard would launch an attack from NK when anyone with an ounce of sense would have to know that packets from there were sent by the North Korean government? Not very impressive hax0r skills, in my opinion.

LOL

Our enemies are powerful enough in reality without us blowing them up into invincible boogiemen in our minds.

[Paul Ross]

What kind of retard would launch an attack from NK when anyone with an ounce of sense would have to know that packets from there were sent by the North Korean government? Not very impressive hax0r skills, in my opinion.

Ah, but grasshopper, you miss the point.

That ham-handed approach WAS the message. A political message. It was an irrefutable evidence of the Chicom GOVERNMENT'S displeasure over being called out as a bad guy for its downing, invasion and theft of our EP3 reconaissance plane.

They basically were saying they were ready to go to war over the issue if it didn't go their way.

Last I recall, it did go their way.

And the Netherlands bot attacks were merely an extra "persuader" explaining our "commander in chief" that they were not going to be easily "switched off" if it came down to a slug-fest.

We were seeing only the tip of the iceberg of Chicom capabilities. And we saw how ill-prepared we were for these supposedly "unimpressive" attacks.

For some real laughs at the Administration continuing and deepening disconnect from reality, check out Admrial Keating's testimony for his confirmation.

[Calpernia]

I’ve not heard of O RLY, other than the airport.

And I’ve no desire to post to you. You are too difficult to follow.

Ciao

[Calpernia]

Don’t lose N. Korea in your conversation. They had EPA data and sites up on their servers for a while.

That is home to the sun king you know (GAIA)

[Paul Ross]

Don’t lose N. Korea in your conversation.

You're right.

The use of the North Korean addresses was further illustration of my claim that they are purely and simply a sock-puppet for the Chicoms.

The NK "buffer state" lives purely at the discretion of its Chinese masters...and does as it is told.

It develops nukes, or shelves the project, or sells them to Iran...it was all set up by China itself...with a rather lame degree of plausible deniability.

So China's "value" (in Mitt Romney's and Condi Rice's estimation) at "controlling" a supposedly "rogue" North Korea is misplaced and demonstrates non-comprehension of the real actors and realities of the situation.

[Constantine XIII]

I'm not going to be too upset about being e-insulted by someone with a picture of Sephiroth on their homepage. :p

[Calpernia]

I’ve no idea where I insulted you nor do I know what a Sephiroth is.

[Constantine XIII]

http://www.google.com/search?hl=en&q=sephiroth&btnG=Google+Search

Sigh...

[Calpernia]

Sigh what?