BEIJING — Chinese state television has broadcast footage of what two experts on the Chinese military say appears to be a military institute demonstrating software designed to attack websites in the U.S.
A presenter introduces a TV report appearing to contradict assertions China doesn't engage in cyberattacks
Although it could be a decade old or a mock-up, the 10-second segment—part of a longer report on cybersecurity—appears to be a rare example of an official source contradicting China'a repeated assertions that it doesn't engage in cyberattacks, according to Andrew Erickson and Gabe Collins of the China SignPost analytical service, which specializes in military matters.
The slightest suggestion that the Chinese military has attacked U.S. websites is highly sensitive, especially since the Pentagon published a new cyberstrategy in July that laid the ground for the U.S. to potentially respond with traditional military force to crippling cyberattacks from abroad.
That move followed a string of cyberattacks over the past few years on U.S. targets including Google Inc., Lockheed Martin Corp. and the Pentagon itself, which many U.S. officials believe originated in China, though they haven't so far offered evidence publicly to prove this.
The change also reflected mounting concerns in the Pentagon that insufficient resources have been invested in defense against cyberattacks—which were inflicted on Georgia during its brief war with Russia in 2008 but are still unregulated by international law and are likely to be a key element of future wars.
China's Foreign and Defense Ministries didn't respond to requests for comment Wednesday. Nor did China Central Television Channel 7, known as CCTV-7, where the footage was shown. In the past, China's government has repeatedly denied any involvement in cyberattacks and has said that China itself is one of the biggest victims of hacking.
The brief footage—the relevant segment runs no more than 10 seconds—didn't attract much domestic or international attention when it was first screened last month as part of a 20-minute report on cybersecurity broadcast on CCTV-7, which covers military affairs.
But it was highlighted Wednesday in a report published by Dr. Erickson, an associate professor at the U.S. Naval War College's China Maritime Studies Institute, and Mr. Collins, a commodities and security specialist focusing on Russia and China.
The footage, which could still be seen on CCTV's website as of late Wednesday, features Senior Col. Du Wenlong, a researcher at the Chinese army's Academy of Military Sciences, giving a detailed analysis of cybersecurity issues around the world.
At one point, as a narrator discusses various forms of cyberattack, a cursor is shown moving on a computer screen with a software application that is identified in Chinese characters as a "distributed denial-of-service" attack. Also known as DDOS, such attacks are relatively unsophisticated tools of cyberwarfare that involve bombarding websites with data to disable them.
The next screen says at the top, in Chinese, "Attack system..PLA Electronic Engineering Institute." PLA stands for People's Liberation Army.
Below, it asks the user to "Choose the attack target" from a drop-down list of websites related to the Falun Gong spiritual movement, which China's government banned in 1999 and which has been the object of a sustained crackdown ever since.
The cursor highlights one, called Minghui.org, and then clicks on a large button below saying "Attack."
The IP address given for the selected website—which is currently unavailable in China but accessible in the U.S.—is 138.26.72.17 and is registered to the University of Alabama in Birmingham, according to at least two websites that trace IP addresses.
Dr. Erickson and Mr. Collins said that if the footage was real, it was probably a decade old, because of the rudimentary nature of the DDOS attack depicted, and because there was a spate of such attacks on Falun Gong targets 10 year ago.
They also said it was unclear whether the footage—which might also have depicted a civilian hacker—was included to reassure a domestic audience about China's cybercapability, or simply because it suited CCTV-7's need for some relevant imagery.
But they argued that, even if it were a symbolic representation, it was significant all the same because it was shown on CCTV, one of the government's main official mouthpieces, and depicted as an attack on a foreign website wrote.
"It appeared to show dated computer screenshots of a Chinese military institute conducting a rudimentary type of cyberattack against a U.S.-based dissident entity. However modest, ambiguous—and, from China's perspective, defensive—this is possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing's official claims never to engage in overseas hacking of any kind for government purposes."
They added later:
"It certainly looks like a 'smoking cursor,' albeit a relatively modest one. China undoubtedly has far superior capabilities at its disposal today."
China's Defense Ministry revealed for the first time in May that it had formed a 30-strong cyber defense unit, called the "Blue Army," but insisted that it was for defensive purposes only.
However, foreign security officials and Internet-security experts continue to allege that a significant proportion of military and corporate cyberattacks originate from China.
The cybersecurity company McAfee Inc said in February that hackers who appeared to be based in China had conducted a "coordinated, covert and targeted" campaign of cyberespionage against five multinational energy firms since at least since 2009 and possibly since 2007.
McAfee released another report this month suggesting that an unidentified "state actor" was behind a massive years-long cyberattack on organizations including United Nations agencies, the government of Taiwan and the International Olympic Committee.
COMMENTARY: As you know by now, I have been covering the "undeclared" cyberwar that exists between China and the U.S. since 2010. On several occasions the U.S. has accused China of conducting unproked and clanestine cyberattacks on U.S. military facilities and corporations.
CYBERCOM - The U.S. First Line of Defense
In a blog post dated February 7, 2011, I profiled America's cyberwar first line of defense: USCYBERCOM or CYBERCOM.
The federal government department entrusted with the job of protecting America against cyber attacks is the United States Cyber Command (USCYBERCOM or CYBERCOM).
On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command (USSTRATCOM) to establish USCYBERCOM. Initial Operational Capability (IOC) was achieved on May 21, 2010.
U.S. Army General B. Alexander is in charge of CYBERCOM. General Alexander is also the present Director of the National Security Agency (NSA).
The mission of USCYBERCOM is to plan, coordinate, integrate, synchronize, and conduct activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
USCYBERCOM combines the Department’s full spectrum of cyberspace operations and plans, coordinates, integrates, synchronizes, and conducts activities to:
- Lead day-to-day defense and protection of Department of Defense (DoD) information networks,
- Coordinate DoD operations providing support to military missions;.
- Direct the operations and defense of specified DoD information networks.
- Prepare to, and when directed, conduct full spectrum military cyberspace operations.
The command is charged with pulling together existing cyberspace resources, creating synergy that does not currently exist and synchronizing war-fighting effects to defend the information security environment.
USCYBERCOM centralizes command of cyberspace operations, strengthen DoD cyberspace capabilities, and integrate and bolster DoD’s cyber expertise. Consequently, USCYBERCOM improves DoD’s capabilities to ensure resilient, reliable information and communication networks, counter cyberspace threats, and assure access to cyberspace. USCYBERCOM’s efforts also support the Armed Services’ ability to confidently conduct high-tempo, effective operations as well as protect command and control systems and the cyberspace infrastructure supporting weapons system platforms from disruptions, intrusions and attacks.
USCYBERCOM is a sub-unified command subordinate to USSTRATCOM. Service Elements include the four key branches of the U.S. military:
- U.S. Army – Army Cyber Command (ARCYBER)
- U.S. Air Force – 24th USAF
- U.S. Navy – Fleet Cyber Command (FLTCYBERCOM)
- U.S. Marine Corp – Marine Forces Cyber Command (MARFORCYBER)
CYBER BLUE TEAM - China's First Line of Defense
In a blog post dated July 16, 2011, I profiled China's cyberwar first line of defense: CYBER BLUE TEAM.
China's military has set up an elite Internet security task force tasked with fending off cyber attacks, state media reported May 27, denying that the initiative is intended to create a "hacker army."
The People's Liberation Army has reportedly invested tens of millions of dollars in the project, which is sure to ring alarm bells around the world among governments and businesses wary of Beijing's intentions.
The Global Times quoted China's defense ministry spokesman Geng Yansheng as telling a rare briefing this week.
"Cyber attacks have become an international problem affecting both civilian and military areas. China is relatively weak in cyber-security and has often been targeted. This temporary program is aimed at improving our defenses against such attacks."
The 30-member "Cyber Blue Team" - the core of the PLA's cyber force - has been organized under the Guangdong military command in the country's south and will carry out "cyber-warfare drills", the newspaper said.
The Cyber Blue Team is based in Jinan, China where there are 12 Universities and a high tech zone and boast 6 million people. It’s also the headquarter of the PLA. The squad is aimed at carrying out attacks on other countries Internet.
Li Li, a military expert at the National Defense University said,
“China’s Online Blue Army is currently at its fledging period."
Zhang Shaozhong, a military expert from the PLA adds.
“Just like the army and air forces, the ‘online blue army' is a historical necessity."
The reason is very simple. Teng Jianqun, a research fellow at the China Institute of International Studies, said.
“We must adapt to the new types of warfare in the information era. The ‘online blue army’ is of great strategic significance to China’s economic development and social stability.”
The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide-range of cyberattacks on government and corporate computer systems worldwide.
But in a commentary, the Global Times hit out at "some foreign media" for interpreting the program as a breeding ground for a "hacker army" said.
"China's capability is often exaggerated. Without substantiated evidence, it is often depicted by overseas media as the culprit for cyberattacks on the US and Europe. China needs to develop its strong cyber defense strength. Otherwise, it would remain at the mercy of others."
China's military has received annual double-digit increases in its budget over much of the last two decades as it tries to develop a more modern force capable of winning increasingly high-tech wars.
In 2007, the Pentagon raised concerns about a successful Chinese ballistic missile test strike on a satellite. That weapon could be used to knock out the high-tech communications of its enemies.
U.S. computer firm McAfee said in February that hackers from China have also infiltrated the computer networks of global oil companies and stole financial documents on bidding plans and other confidential information.
According to US diplomatic cables obtained and published by WikiLeaks, the United States believes that China's leadership has directed hacking campaigns against U.S. Internet giant Google and Western governments.
In one cable, the U.S. Embassy in Beijing said it learned from "a Chinese contact" that the Politburo had led years of hacking into computers of the United States, its allies and Tibet's exiled spiritual leader, the Dalai Lama.
WHO's WINNING THE CYBERWAR?
USCYBERCOM and China's Blue Cyber Team are very new cyber organizations. Both organizations carry out and defend against cyber attacks. Both were established with the goal of defending their their military organizations against cyber attacks, from each other, rogue nations, cyber terrorist groups bent on compromising their defense systems. It's very difficult to ascertain which country is winning the cyber wars since neither the U.S. or China military will publicly acknowledge every single cyber attack and what was compromised. The following lists major cyber attacks committed by the Chinese against the U.S. and its allies against the U.S. military, government agencies and embassies between 1999 and 2009.
[Click To Enlarge Image]
US Deputy Defence Secretary William Lynn said that in a March 2011 attack and other breaches, hackers had taken information on "our most sensitive systems". The admission came as the Pentagon rolled out a strategy for strengthening US cyber capabilities and addressing threats and attacks in cyberspace.
In a speech at National Defense University in Washington, Mr Lynn said about 24,000 files containing Pentagon data were stolen from a defence industry computer network in March, marking one of the largest cyber attacks in US history.
CYBER ATTACKS RULES OF ENGAGEMENT
At the end of last month, there was a Wall Street Journal story reporting that the US government had decided that certain types of cyber attacks originating from another country can constitute an act of war, and therefore could trigger a "traditional" military response from the US. from the US.
As one military official in the WSJ article stated it:
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
Well, today there is a long AP story that says that Preident Barack Obama signed executive orders about a month ago outlining when and how US military commanders can employ cyber capabilities to mount cyber attacks or conduct espionage against other countries.
Defense officials and security experts told the AP that:
"The orders detail when the military must seek presidential approval for a specific cyber assault on an enemy and weave cyber capabilities into U.S. war fighting strategy."
The executive orders act in a similar fashion as operational theater rules of engagement. The AP story states, for example, that:
"Under the new Pentagon guidelines, it would be unacceptable to deliberately route a cyberattack through another country if that nation has not given permission - much like U.S. fighter jets need permission to fly through another nation's airspace."
The full set of cyberwar guidelines have not been announced, but the US Department of Defense is expected to do so soon.
CIVILIAN ORGANIZATION CYBERATTACKS
Cyber attacks against both US and Chinese civilian organizations occur almost on a daily basis.
China reported that in 2010 year its government websites experienced a 68 percent increase in cyber attacks.
The Chinese government has been accused of sponsoring cyber attacks against major companies like Google and Yahoo as well as governments around the world.
A report released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) found that a total of 35,000 Chinese websites, including 4,635 government sites, were hit by hackers in 2010.
Attacks on China's non-government websites actually decreased 22 percent in 2010, while attacks on government websites had increased nearly 70 percent.
The report also found that roughly 60 percent of ministerial-level websites have potential security risks.
McAfee, a cybersecurity company owned by Intel, announced on August 4, 2011, that it uncovered a wide-ranging, global cyber attack that impacted 72 organizations.
A total of 36 corporations, 12 non-profits and 22 government organizations were affected, including 15 U.S. government agencies and the United Nations.
Courtesy of an article dated August 25, 2011 appearing in The Wall Street Journal Asia an article dated June 22, 2011 appearing in IEEE Spectrum, an article dated August 4, 2011 appearing in CNN Money, and an article dated June 13, 2011 appearing in USCyberLabs
This is such a great topic to talk on.This is very alarming. Successful cyber attacks can cause great damage not only in the virtual world,
Posted by: printing denver | 09/08/2012 at 12:39 AM
Cyber war? I think it is more complicated than a usual disagreement. It should be fix by now, their relation should be stay nice.
Posted by: Private Investigator NYC | 11/23/2011 at 04:54 PM
Successful cyber attacks is becoming a serious issue in today's world..And it costs damage to our real economy too..Thank you for sharing it..
Posted by: Diamond Core Drill | 11/15/2011 at 02:37 AM
This is very alarming. Successful cyber attacks can cause great damage not only in the virtual world, but also in our real economy. Thanks for sharing such nice topic. I actually shared this to some of my social bookmarking websites. My website is http://www.macmassmailer.com/mac-mass-mailer-keygen.
Posted by: Mac Mass Mailer Guy | 11/14/2011 at 02:25 AM
This is such a great topic to talk on..THE CYBER WAR BETWEEN THE U.S. & CHINA..It is very famous and important topic..This post has lots of content which is worth to read..
Posted by: fly fishing tasmania | 09/22/2011 at 06:02 AM