"President Obie, sir, we've got an all-out cyberattack from the Chinese in progress. I need your okay for a counter-attack."
WASHINGTON—U.S. intelligence agencies have pinpointed many of the Chinese groups responsible for cyberspying in the U.S., and most are sponsored by the Chinese military, according to people who have been briefed on the investigation.
Armed with this information, the U.S. has begun to lay the groundwork to confront China more directly about cyberspying. Two weeks ago, U.S. officials met with Chinese counterparts and warned China about the diplomatic consequences of economic spying, according to one person familiar with the meeting.
U.S. Air Force personnel work in the Air Force Space Command Network Operations & Security Center at Peterson Air Force Base in Colorado Springs, Colorado in a July 2010 file photo.
The Chinese cyberspying campaign stems largely from a dozen groups connected to China's People's Liberation Army and a half-dozen nonmilitary groups connected to organizations like universities, said those who were briefed on the investigation. Two other groups play a significant role, though investigators haven't determined whether they are connected to the military.
In many cases, the National Security Agency (See my blog post dated April 28, 2011) has determined the identities of individuals working in these groups, which is a critical development that provides the U.S. the option of confronting the Chinese government more directly about the activity or responding with a counterattack, according to former officials briefed on the effort.
James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who frequently advises the Obama administration said.
"It's actually a small number of groups that do most of the PLA's dirty work. NSA is pretty confident of their ability to attribute [cyberespionage] to this set of actors."
In early November, the U.S. chief of counterintelligence issued a report that was unusually blunt in accusing China of being the world's "most active and persistent" perpetrator of economic spying. Lawmakers have also become more vocal in calling out China for its widening campaign of cyberespionage.
Still, diplomatic considerations may limit the U.S. interest in taking a more confrontational approach because some U.S. officials are wary of angering China, the largest holder of U.S. debt.
Chinese Foreign Ministry spokesman Liu Weimin said.
"Chinese law clearly prohibits hacking and that the Chinese government cracks down on such behavior and actively participates in international cooperation."
He said.
"Accusations that China participates in such hacking, or that the Chinese government is behind it, are totally ungrounded."
Chinese officials regularly dispute U.S. allegations of cyberspying, saying they are the victims, not the perpetrators, of cybercrime and cyberespionage. An NSA spokeswoman declined to comment.
Identifying adversaries has been difficult because it is easy to fake identities and locations in cyberspace. An inability to tie cyberspying activities with precision to a certain actor has in the past limited the U.S.'s ability to respond because it's hard to retaliate or confront an unidentified adversary.
The U.S. government, led by the National Security Agency, has tracked the growing Chinese cyberspying campaign against the U.S. for decades. Past government efforts have had exotic names like "Titan Rain," and "Byzantine Hades."
More recently, NSA and other intelligence agencies have made significant advances in attributing cyberattacks to specific sources—mostly in China's People's Liberation Army—by combining cyberforensics with ongoing intelligence collection through electronic and human spying, Mr. Lewis said.
The U.S. investigation of China's activities is the latest round of spy-versus-spy in cyberspace.
On April 29, 2001, a Chinese jet fighter accidentally collided with a U.S. Navy EP-3 reconnaissance (spy) plane patrolling off the Chinese coast near Hainan Island. The incident setoff a dangerous confrontation between the U.S. and China. Luckily, 'cooler heads prevailed' and the U.S. plane and its crew were released finally released.
The activity breaks down into cyberspying efforts by 20 groups with different attack styles that are responsible for most of the cybertheft of U.S. secrets, said the people briefed on the investigation. U.S. intelligence officials have given different classified code names to each group.
U.S. intelligence officials can identify different groups based on a variety of indicators. Those characteristics include the type of cyberattack software they use, different Internet addresses they employ when stealing data, and how attacks are carried out against different targets. In addition to U.S. government agencies, major targets of these groups include U.S. defense contractors, according to former officials.
A Chinese state TV report alludes to attacks on websites in the U.S.
Collectively, these groups employ hundreds of people, according to former officials briefed on the effort. That number is believed to be small compared to the estimated 30,000 to 40,000 censors the Chinese government is believed to employ to patrol the Internet.
The Chinese government is believed to have been behind a number of recent major cyberbreak-ins, including multiple hacks of Google Inc. and the EMC Corp.'s RSA unit, which makes the numerical tokens used by millions of corporate employees to access their network.
A cyberattack revealed this year on Lockheed Martin Corp. is also believed to have been traced to China, and the Chinese are believed to have been responsible for an infiltration a few years ago of the Pentagon's Joint Strike Fighter weapons program, which is also managed by Lockheed.
The counterintelligence report released last month predicted that China's espionage efforts will continue to grow.
COMMENTARY: In a blog post dated November 6, 2011, I described to you in great detail the "undeclared" cyberwar that exists between China and the U.S.
There are no jet fighter attacks, intercontinental ballistic missles, special forces on the ground, or shots fired, but in every sense of the word, there is a real war between the U.S. and China.
This is a different kind of war, a clandestine electronic war, between the world's two greatest economic and military powers. Most Americans and Chinese citizens are not even aware that this war exists until they read about it in the newspapers or see it on the evening television news.
Neither side will ever openly admit that their secure sytems networks were ever compromised or broken into, or secrets stolen.
This new form of warfare does use military missles, great naval armadas or air fleets, but uses powerful computers, sophisticated spy and viral software, and some of the brightest hackers in the world.
Let's look at the American and Chinese Cyber Forces.
USCYBERCOM - THE U.S. FIRST LINE OF DEFENSE
In a blog post dated February 7, 2011, I profiled America's cyberwar first line of defense: USCYBERCOM or CYBERCOM.
The federal government department entrusted with the job of protecting America against cyber attacks is the United States Cyber Command (USCYBERCOM or CYBERCOM).
On June 23, 2009, the Secretary of Defense directed the Commander of U.S. Strategic Command (USSTRATCOM) to establish USCYBERCOM. Initial Operational Capability (IOC) was achieved on May 21, 2010.
Secretary of Defense, Robert Gates, and Joint Chiefs of Staff of the the four branches of the U.S. Military salute the establishment of USSTRATCOM and USCYBERCOMMAND on May 21, 2010
U.S. Army General Keith B. Alexander is in charge of CYBERCOM. General Alexander is also the present Director of the National Security Agency (NSA) and Central Security Service.
The mission of USCYBERCOM is to plan, coordinate, integrate, synchronize, and conduct activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.
USCYBERCOM combines the Department’s full spectrum of cyberspace operations and plans, coordinates, integrates, synchronizes, and conducts activities to:
- Lead day-to-day defense and protection of Department of Defense (DoD) information networks,
- Coordinate DoD operations providing support to military missions;.
- Direct the operations and defense of specified DoD information networks.
- Prepare to, and when directed, conduct full spectrum military cyberspace operations.
The command is charged with pulling together existing cyberspace resources, creating synergy that does not currently exist and synchronizing war-fighting effects to defend the information security environment.
USCYBERCOM centralizes command of cyberspace operations, strengthen DoD cyberspace capabilities, and integrate and bolster DoD’s cyber expertise. Consequently, USCYBERCOM improves DoD’s capabilities to ensure resilient, reliable information and communication networks, counter cyberspace threats, and assure access to cyberspace. USCYBERCOM’s efforts also support the Armed Services’ ability to confidently conduct high-tempo, effective operations as well as protect command and control systems and the cyberspace infrastructure supporting weapons system platforms from disruptions, intrusions and attacks.
USCYBERCOM is a sub-unified command subordinate to USSTRATCOM. Service Elements include the four key branches of the U.S. military:
- U.S. Army – Army Cyber Command (ARCYBER)
- U.S. Air Force – 24th USAF
- U.S. Navy – Fleet Cyber Command (FLTCYBERCOM)
- U.S. Marine Corp – Marine Forces Cyber Command (MARFORCYBER)
CYBER BLUE TEAM - CHINA'S FIRST LINE OF DEFENSE
In a blog post dated July 16, 2011, I profiled China's cyberwar first line of defense: CYBER BLUE TEAM.
China's Blue Cyber Team busy hacking somebody's network
China's military has set up an elite Internet security task force tasked with fending off cyber attacks, state media reported May 27, denying that the initiative is intended to create a "hacker army."
China's Defense Ministry revealed for the first time in May that it had formed a 30-strong cyber defense unit, called the "Blue Army," but insisted that it was for defensive purposes only.
On May 27, 2011, China's Defense Ministry spokesman Geng Yansheng announces the formation of China's Cyber Blue Team
The People's Liberation Army has reportedly invested tens of millions of dollars in the project, which is sure to ring alarm bells around the world among governments and businesses wary of Beijing's intentions.
The Global Times quoted China's defense ministry spokesman Geng Yansheng as telling a rare briefing this week.
"Cyber attacks have become an international problem affecting both civilian and military areas. China is relatively weak in cyber-security and has often been targeted. This temporary program is aimed at improving our defenses against such attacks."
The 30-member "Cyber Blue Team" - the core of the PLA's cyber force - has been organized under the Guangdong military command in the country's south and will carry out "cyber-warfare drills", the newspaper said.
China's Cyber Capabilities (Click Image To Enlarge)
The Cyber Blue Team is based in Jinan, China where there are 12 Universities and a high tech zone and boast 6 million people. It’s also the headquarter of the PLA. The squad is aimed at carrying out attacks on other countries Internet.
Li Li, a military expert at the National Defense University said,
“China’s Online Blue Army is currently at its fledging period."
Zhang Shaozhong, a military expert from the PLA adds.
“Just like the army and air forces, the ‘online blue army' is a historical necessity."
The reason is very simple. Teng Jianqun, a research fellow at the China Institute of International Studies, said.
“We must adapt to the new types of warfare in the information era. The ‘online blue army’ is of great strategic significance to China’s economic development and social stability.”
The United States, Australia, Germany and other Western nations have long alleged that hackers inside China are carrying out a wide-range of cyberattacks on government and corporate computer systems worldwide.
But in a commentary, the Global Times hit out at "some foreign media" for interpreting the program as a breeding ground for a "hacker army" said.
"China's capability is often exaggerated. Without substantiated evidence, it is often depicted by overseas media as the culprit for cyberattacks on the US and Europe. China needs to develop its strong cyber defense strength. Otherwise, it would remain at the mercy of others."
China's military has received annual double-digit increases in its budget over much of the last two decades as it tries to develop a more modern force capable of winning increasingly high-tech wars.
In 2007, the Pentagon raised concerns about a successful Chinese ballistic missile test strike on a satellite. That weapon could be used to knock out the high-tech communications of its enemies.
U.S. computer firm McAfee said in February that hackers from China have also infiltrated the computer networks of global oil companies and stole financial documents on bidding plans and other confidential information.
According to US diplomatic cables obtained and published by WikiLeaks, the United States believes that China's leadership has directed hacking campaigns against U.S. Internet giant Google and Western governments.
In one cable, the U.S. Embassy in Beijing said it learned from "a Chinese contact" that the Politburo had led years of hacking into computers of the United States, its allies and Tibet's exiled spiritual leader, the Dalai Lama.
WHO's WINNING THE CYBERWAR?
USCYBERCOM and China's Blue Cyber Team are very new cyber organizations. Both organizations carry out and defend against cyber attacks. Both were established with the goal of defending their their military organizations against cyber attacks, from each other, rogue nations, cyber terrorist groups bent on compromising their defense systems. It's very difficult to ascertain which country is winning the cyber wars since neither the U.S. or China military will publicly acknowledge every single cyber attack and what was compromised. The following lists major cyber attacks committed by the Chinese against the U.S. and its allies against the U.S. military, government agencies and embassies between 1999 and 2009.
Click Image To Enlarge
US Deputy Defence Secretary William Lynn said that in a March 2011 attack and other breaches, hackers had taken information on "our most sensitive systems". The admission came as the Pentagon rolled out a strategy for strengthening US cyber capabilities and addressing threats and attacks in cyberspace.
In a speech at National Defense University in Washington, Mr Lynn said about 24,000 files containing Pentagon data were stolen from a defence industry computer network in March, marking one of the largest cyber attacks in US history.
CYBER ATTACKS RULES OF ENGAGEMENT
At the end of October 2011, there was a Wall Street Journal story reporting that the US government had decided that certain types of cyber attacks originating from another country can constitute an act of war, and therefore could trigger a "traditional" military response from the US. from the US.
As one military official in the WSJ article stated it:
"If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
Well, today there is a long AP story that says that Preident Barack Obama signed executive orders about a month ago outlining when and how US military commanders can employ cyber capabilities to mount cyber attacks or conduct espionage against other countries.
Defense officials and security experts told the AP that:
"The orders detail when the military must seek presidential approval for a specific cyber assault on an enemy and weave cyber capabilities into U.S. war fighting strategy."
The executive orders act in a similar fashion as operational theater rules of engagement. The AP story states, for example, that:
"Under the new Pentagon guidelines, it would be unacceptable to deliberately route a cyberattack through another country if that nation has not given permission - much like U.S. fighter jets need permission to fly through another nation's airspace."
The full set of cyberwar guidelines have not been announced, but the US Department of Defense is expected to do so soon.
CIVILIAN ORGANIZATION CYBERATTACKS
Cyber attacks against both US and Chinese civilian organizations occur almost on a daily basis.
China reported that in 2010 year its government websites experienced a 68 percent increase in cyber attacks.
The Chinese government has been accused of sponsoring cyber attacks against major companies like Google and Yahoo as well as governments around the world.
A report released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) found that a total of 35,000 Chinese websites, including 4,635 government sites, were hit by hackers in 2010.
Attacks on China's non-government websites actually decreased 22 percent in 2010, while attacks on government websites had increased nearly 70 percent.
The report also found that roughly 60 percent of ministerial-level websites have potential security risks.
McAfee, a cybersecurity company owned by Intel, announced on August 4, 2011, that it uncovered a wide-ranging, global cyber attack that impacted 72 organizations.
The U.S. cannot afford to let its guard down for a single second. We are fighting a very devious and invisible enemy, who can strike at any moment. We don't know where they will strike. It could be a miltiary installation, our power grid system, national air traffic control system, the Federal Reserve Bank or Facebook's data center in Washington state.
We do know that China's Cyber Blue Team and individual Chinese cyber criminals mean business and we have to be on the alert at all times. If this is the way tomorrow's wars will be fought we must be ready, and prepared to pay whatever it takes to insure our national security.
I am happy to hear that USCYBERCOM has identified China's cyber culprits including the individual PLA units, names of the individuals or groups involved. We need to lower the hammer, and just let them have it with an all-out, bent for leather, cyberattack of our own, and let them know "whose their daddy".
Courtesy of an articvle dated December 13, 2011 appearing in The Wall Street Journal
Comments