HACKERS, THE CHINESE MILITARY AND ATTACKS ON U.S. TARGETS

CHINESE HACKERS AND COMPUTER SPYING AND ATTACKS

As the attack on Google in January 2010 showed the victims of cyber attacks are just as likely to be private companies as military or government targets with the aims being to steal computer source codes, company secrets and strategies, and intellectual property or to implant spyware or disruptive malware or otherwise disrupt the target company .

Tools used by hackers include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data so it can be transferred back to the attacker's computer. The malware can then delete itself or disappear until needed again. According to experts, the malicious software or high-tech tools used by the Chinese haven't gotten much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years. The hackers often use a “1,000 grains of sand” approach, meaning they collect every bit of information they can and sift through it for intelligence. Many companies that are victims of such attacks regard them as an embarrassment and keep quiet about them. [Source: Lolita Baldor, Associated Press, December 12, 2011]

A report by the Munk Center of International Studies at Toronto University revealed that a vast Chinese spying operation had infiltrated computers and stolen documents from at least 1,295 computers in government and private offices in 103 countries. Among the targets have been embassies, foreign ministries and offices associated with the Dalai Lama.

The spying operation invades and monitors computers by not just “phishing” for random, information by “whaling” for particularly important targets with capabilities of turning on cameras and microphones and recording sound and images in the room where the target computers are located. Using these methods spies gained control of the e-mail server for the Dalai Lama’s organization and used information gathered from this source to put pressure on diplomats and Chinese citizens who had contact with the Dalai Lama. Most of the computers behind the operation were China but there was no evidence that the Chinese government was behind it.

The targeted computers were usually infected with an e-mail that once clicked implants software deep in the targeted computer or lead directly to a “poisoned” web site.

A report by the congressional U.S.-China commission noted Chinese espionage is sometimes “straining the U.S. capacity to respond.” The report focused on one attack and concluded that it was supported and possibly orchestrated by the Chinese government.

Chinese Military and Hackers

Chinese military planners have determined the greatest weakness the United States military has is its reliance on computer and satellite systems. It has developed strategies to take advantage of these systems. Hackers in the PLA have worked out plan aimed disabling an aircraft carrier battle group. A “virtual guidebook for electronic warfare and jamming" was developed by the PLA after carefully studying American and NATO military manuals.

There are two primary kinds of cyber attacks: 1) “fishing trips” for sensitive information; and 2) outright attacks that are aimed at destroying data or disrupting computer systems. Even a relatively unsophisticated hacker can download ready-to-use software from a Chinese site and use it to enter a victim’s computer and use the webcam to spy on the victim. The red light can deactivated, with the attacker often waiting until the victim gets up to go to the bathroom and get something to eat to steal information or attack the system. Cyber warfare expert Mike McConnell said, “Every nation with advanced technology is exploring options... to use this new capability to wage war. Everyone. All the time.”

The aim of military hackers is to attain “electronic dominance over each if its global rivals by 2050.” There are plans to cripple satellite communications system and bring financial markets to their knees. A massive cyberattack could leave the United States without electrical power for six months and cause a shut down of many of it military operations systems.

Chinese hackers began launching cyber attacks on U.S. government and military targets in 2003, including a coordinates series of attacks code-named Titan rain. . In 2007 the Chinese military successfully hacked into the Pentagon’s computer network, raising alarms that China could disrupt American military operations. The attack took place in June 2007 after several months of planning and shut down the computer system serving 1,500 Pentagon computers including the one used by of the Secretary of Defense.

After the Pentagon attack hundreds of computers had to be taken offline for months. Hackers also disrupted the U.S. Naval War College network. Chinese military hackers have also penetrated computers in the British military, the German government, including the offices of German Chancellor Angela Merkel, and top U.S. military contractors.Most of the attacks appear to have been aimed at collected information and probing defenses, possible to prepare for a real cyber-war in the future. In 2010, the PLA announced that it was setting up a special command to handle cyberwar threats , but added that the department was for defensive purposes. The US created a similar centre in 2009. The US and Israel are also widely believed to have been responsible for the Stuxnet virus, which reportedly disrupted Iran's nuclear program.

Cybernationalists

Cybernationalists seize on anything seen as anti-Chinese and attack those who are perceived of instigating it. There is little hard evidence that the elite hackers have ties with the Beijing government although it is widely believed they are.

Nationalism today is largely driven through exchanges on the Internet and e-mail. Cybernationalists see Chinese history as a series of conspiracies, schemes and betrayals at the hands of foreigners who are also blamed for almost every bad thing that happens to China today. Declining Chinese stocks are blamed on foreign speculators who “wildly manipulate” Chinese stock markets and lure investors to take their money out of China. These nationalists talk of a global “currency war” to “make Chinese people foot the bill” for America’s financial woes.

The cybernationalists are known for being particularly nasty to anyone who defies their agenda. Among the responses to criticism of their positions have been “someone give me a gun! Don’t show mercy to the enemy!” And “People who fart through the mouth will get shit stuffed down their throats by me!”

Book: “Chinese Cyber Nationalism” by Xu Wu, a former journalist in China now at Arizona State University.

Early History of Chinese Government Hacker Activity

The Chinese government created a proxy hacking system precisely so that it could deny state involvement in the matter. There is evidence of hackers at Shanghai Jiaotong University working with state security agents.

Ethan Gutmann wrote in World Affairs, “The Chinese government set up an obscure entity known as the State Encryption Management Commission. Its directive was that all Western encryption products in China — i.e., software, DVDs, laptops — must be registered, inspected, scrutinized, possibly downloaded, and, if necessary, confiscated. The target was Microsoft’s source code, suspected to contain a Trojan horse for U.S. intelligence. Microsoft didn’t comply and the State Encryption Management Commission disappeared. Microsoft ultimately revealed its source code to Chinese officials, under what the company claims were controlled conditions.[Source: Ethan Gutmann, World Affairs, May-June 2010]

The Chinese government later set up a well-equipped, secretive government entity known as 6-10 Office to monitor the cyber activities of Falun Gong. Hao Feng jun, a Chinese intelligence official who defected in 2005 to Australia, told Gutmann: “Practitioners of Falun Gong thought of themselves as protected by the amorphous floating world in which they traveled — a world without membership lists, central authority, or hierarchy. Yet they were being watched, infiltrated, and studied. After the 1999 crackdown, hardcore practitioners were relentlessly persuaded, drugged, starved, or tortured and discovered that they knew more names, connections, address- es, and distinguishing characteristics of their fellow congregants than they had ever realized.”

“Practitioners of Falun Gong thought of themselves as protected by the amorphous floating world in which they traveled — a world without membership lists, central authority, or hierarchy. Yet they were being watched, infiltrated, and studied. After the 1999 crackdown, hardcore practitioners were relentlessly persuaded, drugged, starved, or tortured and discovered that they knew more names, connections, address- es, and distinguishing characteristics of their fellow congregants than they had ever realized.”

“Before 1999, Falun Gong practitioners hadn’t systematically used the Internet as an organizing tool. But now that they were isolated, fragmented, and searching for a way to organize and change government policy, they jumped online, employing code words, avoiding specifics, communicating in short bursts. But like a cat listening to mice squeak in a pitch-black house, the Internet Spying section of the 6-10 Office could find their exact location, having developed the ability to search and spy as a result of what Hao describes as a joint venture between the Shandong Province public security bureau and Cisco Systems. What emerged was a comprehensive database of people’s personal information — including 6-10's Falun Gong lists — and a wraparound surveillance system that was quickly distributed to other provinces.

“The Chinese authorities called it the Golden Shield, and Hao used it on a daily basis. As far as following practitioners, he said, “The Golden Shield includes the ability to monitor online chatting services and mail, identifying IPs and all of the person’s previous communication, and then being able to lock in on the person’s location — because a person will usually use the computer at home or at work. And then the arrest is carried out.”

China's Domestic Internet Attacks

Internet espionage on the mainland, is used to attack people perceived to be a threat to the state, including ordinary Chinese citizens, scholars, human-rights workers, journalists, diplomats and businesspeople. [Source: Paul Mooeney, South China Morning Post, September 26, 2010]

Because computerization has occurred more quickly than computer savviness, China is particularly vulnerable to computer cyberattacks. In 2003, according to a survey by the Evans Data Corp., a staggering 84 percent of firms in China reported at least one cyber attack, up from 59 percent in 2002. Internet attacks thrive because Internet security is lax or nonexistent, intellectual property theft and corporate spying are widespread, and enforcement and punishment of Internet crimes is light.

Hackers attacked the Chinese search engine Baidu by installing rogue programs on computers used by its trading partners. That programs launched a wave of calls to the Baidu websites at a rate of more than 1000 a second, effectively blocking everyone else from using it for site fo 60 hours.

Ethan Gutmann wrote in World Affairs, “By 2007, traditional fears over Internet social networking inside China (combined with a fear of color revolutions) were stirred anew by a series of incidents: a strong uptick in nationwide mass disturbances — i.e., riots, followed by the Tibet upris- ing and then revelations of shoddy schoolhouse construction in the wake of the Sichuan earth- quake. In preparation for the Olympics, officials shut down social networking sites, and rounded up dissidents of all stripes. Most Chinese citizens assumed these measures would be temporary. But many have turned out to be permanent... According to Google, the Gmail break-ins (which may indeed have been facilitated by employees) were not aimed at individuals with military or business connections, but at Chinese journalists and Western human rights activists. [Source: Ethan Gutmann, World Affairs, May-June 2010]

In 2008, Norzin Wangmo, a 30-year-old Tibetan government worker and writer used her computer and mobile phone ago to communicate with friends about protests in Tibet. She was detained soon after sending the messages and was accused by officials of using the technology to inform the outside world about civil unrest in Tibet. After months in detention, during which her friends said she was tortured, she was given a five-year prison term, leaving behind a young son...No one is sure how Chinese intelligence obtained the details of her communications. [Mooeney, Op. Cit]

Many think that the Chinese government is ultimately behind these attacks but such assertions are difficult to prove. Security experts are careful to explain that no smoking gun has yet been found linking the hacking and the use of malware - malicious software designed to secretly access a computer system - to Beijing. [Mooeney, Op. Cit]

Experts say that if Beijing is not responsible for the attacks, it has a responsibility to shut down hackers working within its borders. “I have never and still don't make the claim that it was the government,” the victim of one attack said. “But if China insists on internet sovereignty and sovereignty over its territory, it has to take responsibility for these kinds of cyber attacks. It has to show the international community that it has taken steps to investigate, track down and end these attacks.” [Mooeney, Op. Cit]

Chinese Government Expands Hacker Activity Overseas

“At that time, Hao could read e-mails within China and intercept e-mails to and from overseas, but he couldn’t read overseas to overseas messages, Ethan Gutmann wrote in World Affairs. “When the patriotic hacking movement — the Green Army followed by the Red Hacker Alliance — began its spontaneous growth, the Chinese leadership chose not to crush but to channel it. Notwithstanding the hackers’ swashbuckling self-portrayals on their Web sites, the state kept them on a leash that was slackened only for largely symbolic skirmishes with Taiwan, Indonesia, Japan, and a few high-profile defacements of American Web sites after China’s Belgrade embassy was bombed. When State Security became aware that the hacktivists planned a major assault on American networks in 2002, the movement was temporarily shut down by the Chinese leadership, which was not ready for a potential confrontation.[Source: Ethan Gutmann, World Affairs, May-June 2010]

“However, as the internal war with Falun Gong dragged on, and as its overseas practitioners kept bringing graphic results of torture to the attention of the international legal system, the party felt that it had no choice but to widen the campaign. According to Hao, this explains why the first examples of hacking leading to widespread, sustained network disruption outside China were not aimed at the Pentagon or Wall Street. China’s first prolonged denial of service attack — essentially exhausting the bandwidth capability of a Web site until it becomes unavailable — was carried out from servers in Beijing and Shenzhen against Clearwisdom.net, the main Falun Gong practitioner site, hosted by servers in North America. The technical signature suggested a primitive, neophyte army; on the American side, not long after the attacks took place, the origin was traced directly back to the address of the Public Security Bureau in Beijing.”

“This picture was confirmed in my conversations with Han Guangsheng, a former chief of the Justice Bureau in the city of Shenyang who had spent most of his time working in a labor camp overcrowded with Falun Gong practitioners. When I interviewed him in Toronto in 2007, he confirmed that State Security had shifted its attention toward the over- seas Falun Gong threat. Yet he also felt that the shift was not just about defeating Falun Gong, but about widening China’s internal wars into the Chinese diaspora and generating a campaign to turn anyone of Chinese blood into a de facto supporter of the Chinese Communist Party.”

“Judging from the witnesses I interviewed in the United States, Canada, Australia, and the United Kingdom, these sorts of Chinese infiltration activities never met with any particular governmental or intelligence- operational resistance in the West. It was as if the battle for the Chinese diaspora had already been ceded. In the United States in particular, the intelligence community was clearly distracted by terrorism, and pacified by occasional Chinese military and intelligence cooperation on terrorist networks, even if the information given was sketchy and unclassifiable.”

Chinese Government Steps Up Cyber Attacks on U.S. Targets

“With no one blocking them, Chinese hackers began carrying out successful denial-of-service attacks in Taiwan in 2004,” Ethan Gutmann wrote in World Affairs. “When, in 2005, the so-called Titan Rain attacks began on military contractors, the U.S. Departments of Defense and State, and NASA, the subject of Chinese hackers finally began to receive wide press attention, but no explicit U.S. action or sanctions appeared to follow. The rest of the world began to pay attention following the revelations of the Ghostnet attacks (from 2007 to early 2009), which featured impressive break-ins of government centers around the world, including the Dalai Lama’s government in exile. But no international sanctions or penalties appeared. In the analytical aftermath, the attacks were subtly downplayed. The Chinese hackers’ methods were understood; U.S. intelligence officials shrugged.”

“The State Department doesn’t even bother tracking these sorts of inci- dents, but it is a positive development that they are showing concern over Chinese military and commercial opportunism, and Chinese spying and network intrusions. Perhaps Aurora did not threaten the best-kept secrets of the Pentagon, but some people in intelligence recognize that it puts the United States back in the World War II convoy position, essentially buying ten ships of network protection for every hacker U-boat. But while the party has discovered that the best defense against China’s internal problems is a good offense — and therefore has little interest in the deal offered by Clinton for an arms control agreement on Internet intrusions — there is another, final reason for the explosion in Chinese hacking, and it contains the key to a successful American counter-strategy.

Hacker Attacks from China

Hackers from China have attacked dozens of websites in Japan, Taiwan and the United States, often seeking out military, government or conservative political sites. A series of attack on Japan’said to have been prompted by Japanese nationalism and Japan’s position on some disputed islands temporally shut down the sites of the Japanese Foreign Ministry Defense Agency and National Police Agency.

In the United States, hackers from China have successfully beached hundreds of unclassified networks in the U.S. Defense Department and other U.S. agencies. It is not clear whether the breaches were the work of a concerted attack supported by the government or the work of individual hackers acting on their own. Secret copying of data from an unattended laptop computer belonging to U.S. Commerce Secretary Carlos Gutierrez occurred during his visit to Beijing in December 2007 and the data was use to hack into Commerce Department computers.

Hackers from China and Taiwan often invade and alter websites in each other’s countries. The Taiwanese national anthem, complete with music, for example, was placed on a web page for the Chinese Ministry of Railways. Chinese hackers responded by placing a mainland flag in the site for the Taiwan National Assembly.

Cyber attacks originating in China have become very common in recent years, said Bruce Schneier, chief security technology officer at telecommunications company BT. "It's not just the Chinese government. It's independent actors within China who are working with the tacit approval of the government," he said. Beijing's response has been that it is unfairly accused by countries unhappy with its economic rise and that it has also been a victim of cyber attacks.

Chinese Military Suspected in Hacker Attacks on the U.S.

According to a 2009 U.S. Congressional report “individuals participating in ongoing penetrations of U.S. networks have Chinese language skills and have well established ties with the Chinese underground hacker community, although it acknowledges that “these relationships do not prove any government affiliation.”

According to a 2011 U.S. Congressional report China “conducted and supported a range of malicious cyber activities.” It said that evidence has emerged that tied the Chinese military to a decade-old cyber attack on a U.S.-based website of the Falun Gong spiritual group.

Chinese officials long have denied any role in computer attacks. The commission has “been collecting unproved stories to serve its purpose of vilifying China’s international image over the years,” said Wang Baodong, a spokesman for the Chinese Embassy in Washington, in a statement. China “never does anything that endangers other countries’ security interests.”

Defense Department reports of malicious cyber activity, including incidents in which the Chinese weren’t the main suspect, rose to a high of 71,661 in 2009 from 3,651 in 2001, according to the draft. This year, attacks are expected to reach 55,110, compared with 55,812 in 2010. Relying on the Internet

The Chinese military also has been focused on its U.S. counterpart, which it considers too reliant on computers. In a conflict, the Chinese would try to “compromise, disrupt, deny, degrade, deceive or destroy” U.S. space and computer systems, the draft says. “This could critically disrupt the U.S. military’s ability to deploy and operate during a military contingency,” according to the draft.

Other cyber intrusions with possible Chinese involvement included the so-called Night Dragon attacks on energy and petrochemical companies and an effort to compromise the Gmail accounts of U.S. government officials, journalists and Chinese political activists, according to the draft.

Often the attacks are found to have come from Chinese Internet-protocol, or IP, addresses. Businesses based in other countries and operating in China think that computer network intrusions are among the “most serious threats to their intellectual property,” the draft says.The threat extends to companies not located in China. On March 22, U.S. Internet traffic was “improperly” redirected through a network controlled by Beijing-based China Telecom Corp. Ltd., the state-owned largest provider of broadband Internet connections in the country, the draft said. In its draft of last year’s report, the commission highlighted China’s ability to direct Internet traffic and exploit “hijacked” data.

U.S. Congress Report: "Foreign Spies Stealing US Economic Secrets in Cyberspace

In 2010, computer security firm Mandiant reported that data was stolen from a Fortune 500 manufacturing company during business negotiations when the company was trying to buy a Chinese company. In 2011, McAfee traced an intrusion to an Internet protocol address in China and said intruders took data from global oil, energy and petrochemical companies. Two sophisticated attacks against Google's systems stole some of the Internet giant's intellectual property and broke into the Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists. [Source: Lolita Baldor, Associated Press, December 12, 2011]

A November 2011 report by the U.S. Congress titled "Foreign Spies Stealing US Economic Secrets in Cyberspace" said China and Russia are using cyber espionage to steal U.S. trade and technology secrets to bolster their own economic development, which poses a threat to U.S. prosperity and security. So much sensitive information and research is on computer networks that foreign intruders can collect massive amounts of data quickly and with little risk because they are difficult to detect, the report said.[Source: Tabassum Zakaria, Reuters, November 3, 2011]

Foreign intelligence services, corporations and individuals increased their efforts to steal U.S. technologies which cost millions of dollars to develop, according to the report by the Office of the National Counterintelligence Executive, a U.S. government agency, which covers 2009-2011. "The nations of China and Russia, through their intelligence services and through their corporations, are attacking our research and development," National Counterintelligence Executive Robert Bryant said. "That's a serious issue because if we fuel their economies on our information, I don't think that's right," he said at a news conference.

Intelligence services, private companies, academic institutions and citizens of dozens of countries target the United States, the report said. But it only named China and Russia."Chinese actors are the world's most active and persistent perpetrators of economic espionage," the report said.Russia was also singled out. "Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets," the report said. It acknowledged the difficulty of determining who exactly is behind a cyber attack.

Information and communications technology, military technologies such as unmanned aerial vehicles, and civilian technologies such as clean energy, and healthcare and pharmaceuticals are areas that may be of interest as foreign cyber espionage targets, the report said. Intelligence officials say it is part of the national policy of China and Russia to try to acquire sensitive technology which they need for their own economic development, while the United States does not do economic espionage as part of its national policy.

The National Science Foundation said research and development spending by U.S. government, industry and universities was $398 billion in 2008. But there are no reliable gauges for how much is stolen through cyber spying. "This is a quiet menace to our economy with notably big results," Bryant said. "Trade secrets developed over thousands of working hours by our brightest minds are stolen in a split second and transferred to our competitors."

The pace of foreign economic and industrial espionage against the United States is accelerating, the report said."We judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace." China and Russia are "motivated by the desire to achieve economic, strategic, and military parity with the United States," the report said.

China Cyber Capability Endangers U.S. Forces: Report

In March 2012 Reuters reported: Chinese cyberwarfare would pose a genuine risk to the U.S. military in a conflict, for instance over Taiwan or disputes in the South China Sea, according to report for the U.S. Congress. Operations against computer networks have become fundamental to Beijing's military and national development strategies over the past decade, said the 136-page analysis by Northrop Grumman Corp. It was released on Thursday by the congressionally created U.S.-China Economic and Security Review Commission. [Source: Jim Wolf, Reuters, March 8, 2012]

The report, based on publicly available information, said Chinese commercial firms, bolstered by foreign partners, are giving the military access to cutting-edge research and technology. The military's close ties to large Chinese telecommunications firms create a path for state-sponsored penetrations of supply networks for electronics used by the U.S. military, government and private industry, the report added. That has the potential to cause a "catastrophic failure of systems and networks supporting critical infrastructure for national security or public safety," according to the study.

On the military side, "Chinese capabilities in computer network operations have advanced sufficiently to pose genuine risk to U.S. military operations in the event of a conflict," it said. Deputy Defense Secretary Ashton Carter, without referring to the report, said that he was not even "remotely satisfied" with U.S. ability to deal with cyberwarfare. Pentagon spending on cyber capabilities was not really constrained by scarce funds, Carter told an industry conference hosted by Credit Suisse and consultancy McAleese and Associates. "I'd dare say we'd spend a lot more if we could figure out productive ways of doing it."

China is "fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace," and computer network operations are being broadly applied to assist with long-term national development, the report said.Such operations, as defined by the report, include attack and defense as well as network "exploitation," for instance for intelligence collection. The analysis did not go into reciprocal U.S. military efforts to gain an edge in cyberspace, which the Pentagon in recent years has defined as a potential battle zone like air, sea, space and land.

Keyboard-launched tools that China could use in a crisis over Taiwan or in the South China Sea could delay or degrade a potential U.S. military response, partly because of "the vagaries of international law and policy surrounding nation-state responses to apparent network attack," the report said. The analysis was a follow-up to one that Northrop Grumman, one of the Pentagon's top five suppliers by sales, did for the commission in 2009. That study said Beijing appeared to be conducting "a long-term, sophisticated, computer network exploitation campaign" against the U.S. government and its military contractors. Since then, official U.S. concern has grown over alleged Chinese espionage via computer penetrations. In October, the Office of the National Counterintelligence Executive, a U.S. intelligence arm, said in a declassified report to Congress that "Chinese actors are the world's most active and persistent perpetrators of economic espionage."

Beijing in the past has complained about what it called unfair vilification by the 12-member bipartisan commission set up by Congress in 2000. The body investigates national-security implications of U.S. trade with China, the world's second-largest economy.

NASA Says Was Hacked 13 Times in 2011

In March 2012, Reuters reported: NASA said hackers stole employee credentials and gained access to mission-critical projects last year in 13 major network breaches that could compromise U.S. national security. National Aeronautics and Space Administration Inspector General Paul Martin testified before Congress this week on the breaches, which appear to be among the more significant in a string of security problems for federal agencies. [Source: Reuters, March 2, 2012]

The space agency discovered in November 2011 that hackers working through an Internet Protocol address in China broke into the -network of NASA's Jet Propulsion Laboratory, Martin said in testimony released on Wednesday. One of NASA's key labs, JPL manages 23 spacecraft conducting active space missions, including missions to Jupiter, Mars and Saturn.

He said the hackers gained full system access, which allowed them to modify, copy, or delete sensitive files, create new user accounts and upload hacking tools to steal user credentials and compromise other NASA systems. They were also able to modify system logs to conceal their actions. "Our review disclosed that the intruders had compromised the accounts of the most privileged JPL users, giving the intruders access to most of JPL's networks," he said. (bit.ly/yQFSB8)

In another attack last year, intruders stole credentials for accessing NASA systems from more than 150 employees. Martin said the his office identified thousands of computer security lapses at the agency in 2010 and 2011. He also said NASA has moved too slowly to encrypt or scramble the data on its laptop computers to protect information from falling into the wrong hands. Unencrypted notebook computers that have been lost or stolen include ones containing codes for controlling the International Space Station, as well as sensitive data on NASA's Constellation and Orion programs, Martin said.

Chinese Military Suspected in Hacker Attacks on U.S. Satellites

Computer hackers, possibly from the Chinese military, interfered with two U.S. government satellites four times in 2007 and 2008 through a ground station in Norway, according to a congressional commission, Bloomberg reported in October 2011. The intrusions on the satellites, used for earth climate and terrain observation, underscore the potential danger posed by hackers, according to excerpts from the final draft of the annual report by the U.S.-China Economic and Security Review Commission. The report is scheduled to be released next month. [Source: Tony Capaccio and Jeff Bliss, Bloomberg, October 26, 2011]

“Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions,” according to the draft. “Access to a satellite’s controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite’s transmission.”

A Landsat-7 earth observation satellite system experienced 12 or more minutes of interference in October 2007 and July 2008, according to the report. Hackers interfered with a Terra AM-1 earth observation satellite twice, for two minutes in June 2008 and nine minutes in October that year, the draft says, citing a closed-door U.S. Air Force briefing. The draft report doesn’t elaborate on the nature of the hackers’ interference with the satellites.

U.S. military and intelligence agencies use satellites to communicate, collect intelligence and conduct reconnaissance. The draft doesn’t accuse the Chinese government of conducting or sponsoring the four attacks. It says the breaches are consistent with Chinese military writings that advocate disabling an enemy’s space systems, and particularly “ground-based infrastructure, such as satellite control facilities.”

In the October 2008 incident with the Terra AM-1, which is managed by the National Aeronautics and Space Administration, “the responsible party achieved all steps required to command the satellite,” although the hackers never exercised that control, according to the draft. The U.S. discovered the 2007 cyber attack on the Landsat-7, which is jointly managed by NASA and the U.S. Geological Survey, only after tracking the 2008 breach.

The Landsat-7 and Terra AM-1 satellites utilize the commercially operated Svalbard Satellite Station in Spitsbergen, Norway that “routinely relies on the Internet for data access and file transfers,” says the commission, quoting a NASA report. The hackers may have used that Internet connection to get into the ground station’s information systems, according to the draft.

While the perpetrators of the satellite breaches aren’t known for sure, other evidence uncovered this year showed the Chinese government’s involvement in another cyber attack, according to the draft. TV Report A brief July segment on China Central Television 7, the government’s military and agricultural channel, indicated that China’s People’s Liberation Army engineered an attack on the Falun Gong website, the draft said.

The website, which was hosted on a University of Alabama at Birmingham computer network, was attacked in 2001 or earlier, the draft says. The CCTV-7 segment said the People’s Liberation Army’s Electrical Engineering University wrote the software to carry out the attack against the Falun Gong website, according to the draft. The Falun Gong movement is banned by the Chinese government, which considers it a cult.

After initially posting the segment on its website, CCTV-7 removed the footage after media from other countries began to report the story, the congressional draft says.

Attack on Google

In January 2010, Google threatened to pull out of China and said t would stop filtering Internet searches on its site in China after it was revealed that hackers in China attacked it and stole valuable corporate secrets from its computer systems.

There was a systematic attack on Google and 33 other firms including Juniper Networks, Adobe, Yahoo, Symantec, and Northrop Grumman. One of the aims on the attack on Google it seemed was to gain information on human rights activists. Afterwards international journalists with Google accounts complained their e-mail had been hacked.

The Internet security firm McAfee later announced it had isolated the malicious software used in the attack, saying it exploited a previously unknown vulnerability in Microsoft Internet Explorer that allowed attackers to secretly commandeer the victim’s system. McAfee analyst George Kurtz told the Washington Post, “The current bumper crop of malware is very sophisticated, highly targeted and designed to infect, conceal access, siphon data or, even worse, modify data without detection.” The programs “were primarily seen by governments, and the mere mention of them strikes fear in any cyberwarrior.”

The attack on Google and the threat posed to the Internet and the American government was viewed as serious enough it become a diplomatic issue between the United States and China. U.S. Secretary of State Hillary Clinton urged China to investigate the cyber intrusions of Google. Beijing responded by saying that it was not involved in the cyber attacks and that Washington’s demand implied that it was and said China was the biggest victim of cyber attacks, not the main source of them, with many of attacks on China originating in the United States.

McAfee Reports on Chinese Hackers Attacks

In February 2011, the Internet security company McAfee released a report that hackers operating from China stole sensitive information from Western oil companies through a “coordinated, covert and targeted” attack that began in February 2011. McAfee did not identify the companies but said hackers stole information in operations, bidding for oil fields and financing. The hackers worked through servers in the United States and the Netherlands and exploited vulnerabilities in the Windows operation system.

In August 2011, McAfee claimed it had uncovered the biggest series of cyber-attacks to date and believed a state actor was responsible. The security company said it had discovered a five-year long campaign of cyber attacks on the networks of governments, organisations and businesses. It did not name the "state actor" it believed was behind the attacks but several experts pointed the finger at China. McAfee said the 72 victims in the hacking campaign included the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada. Other targets were the United Nations, the Association of Southeast Asian Nations, the International Olympic Committee; and an array of companies from defence contractors to hi-tech enterprises. [Source: Reuters, The Guardian August 5, 2011]

China's leading state newspaper dismissed as "irresponsible" suggestions that Beijing was the "state actor" behind massive internet hacking of governments and companies. The People's Daily disputed the suggestions. "Linking China to internet hacking attacks is irresponsible," it said. "The McAfee report claims that a “state actor' engaged in hacking for a large-scale internet espionage operation, but its analysis clearly does not stand up to scrutiny."

Top American Electronic Espionage Expert on China

One of the most knowledgeable people about China’s cyber warfare capabilities is Mike McConnell, who was director of the National Intelligence, the supreme authority over U.S. intelligence, from 2007 to 2009, and head National Intelligence Agency (NSA), from 1992 to 1996. He told Nathan Gardels in the Global Viewpoint column, the Chinese “are determined to be the best. Probably the best in the cyber realm are the United States, then the Russians, the British, the Israelis and the French. The next tier is the Chinese.”

“The Chinese,” McConnell said, “are exploiting our systems for information advantage — looking for characteristics of a weapon system by a defense contractor or academic research on plasma physics, for example — not in order to destroy the data and do damage. But, for now, I believe they are deterred from destroying data both by the need to export to the U.S. and by the need to maintain a stable currency and stable global markets.”

Chinese “intelligence collection is coordinated,” McConnell presumes. “But just as in the U.S., there are competing bureaucracies carrying out the cyber-exploitation mission. In China today, there are thousands of people in a sustained efforts to collect intelligence, many of them on an entrepreneurial basis, as it were, within competing bureaucratic structures.”

McConnell said one of the primary motivating forces behind China’s aggressive cyber activities was the shock that Chinese leaders experienced when they saw U.S. smart bombs in action in Iraq in the first Persian Gulf War. By “linking computer technology with weaponry to attain precision...we owned the ability to locate and see targets...We could take a valuable target out with one bomb at the time of our choosing...I believe the Chinese concluded...that their counter approach had to be to challenge America’s control of the battle space by building capabilities to knock out our satellites and invading it’s cyber networks.”

McDonnell said, China’s “cyber war capability is part and parcel of their growing military might. The Chinese have developed the capacity to shoot-down satellites. They have developed over-the-horizon radar capabilities. They have missiles that can be retargeted in flight. In short, they are seeking ways to keep us at bay in the event of a conflict, to not let us approach China. In time, as their power, influence and wealth grows, China likely will develop “power projection” weapons systems...They see the Middle Kingdom as the center of the world. They have gone from what they describe as the “the century of shame” to “our century” going forward, and they want to protect that from the U.S. or anybody else. The Chinese want to dominate this information space. So, they want to develop the capability of attacking our “information advantage” while denying us this capability.”

How the Hacking Attacks from China Are Coordinated

James Glanz and John Markoff wrote in the New York Times, “Precisely how these hacking attacks are coordinated is not clear. Many appear to rely on Chinese freelancers and an irregular army of “patriotic hackers” who operate with the support of civilian or military authorities, but not directly under their day-to-day control, the cables and interviews suggest. [Source: James Glanz and John Markoff, New York Times, December 4, 2010]

Diplomatic cables involving China leaked by Wikileaks in December 2010 revealed “some suppositions by Chinese and Americans passed along by diplomats. For example, the cable dated earlier this year referring to the hacking attack on Google said: “A well-placed contact claims that the Chinese government coordinated the recent intrusions of Google systems. According to our contact, the closely held operations were directed at the Politburo Standing Committee level.”

The cable goes on to quote this person as saying that the hacking of Google “had been coordinated out of the State Council Information Office with the oversight” of Mr. Li and another Politburo member, Zhou Yongkang.” Mr. Zhou is China’s top security official.

But the person cited in the cable gave a divergent account. He detailed a campaign to press Google coordinated by the Propaganda Department’s director, Liu Yunshan. Mr. Li and Mr. Zhou issued approvals in several instances, he said, but he had no direct knowledge linking them to the hacking attack aimed at securing commercial secrets or dissidents’ e-mail accounts — considered the purview of security officials. Still, the cables provide a patchwork of detail about cyberattacks that American officials believe originated in China with either the assistance or knowledge of the Chinese military.

For example, in 2008 Chinese intruders based in Shanghai and linked to the People’s Liberation Army used a computer document labeled “salary increase — survey and forecast” as bait as part of the sophisticated intrusion scheme that yielded more than 50 megabytes of e-mails and a complete list of user names and passwords from a United States government agency that was not identified.

The cables indicate that the American government has been fighting a pitched battle with intruders who have been clearly identified as using Chinese-language keyboards and physically located in China. In most cases the intruders took great pains to conceal their identities, but occasionally they let their guard down. In one case described in the documents, investigators tracked one of the intruders who was surfing the Web in Taiwan “for personal use.”

Wikileaks Revelations About Chinese Hacker Attack on U.S. Government Sites

James Glanz and John Markoff wrote in the New York Times that U.S. diplomatic cables involving China leaked by Wikileaks in December 2010 revealed “at least one previously unreported attack in 2008, code-named Byzantine Candor by American investigators, yielded more than 50 megabytes of e-mails and a complete list of user names and passwords from an American government agency, a Nov. 3, 2008, cable revealed for the first time. [Source:James Glanz and John Markoff, New York Times, December 4, 2010]

In June 2009 during climate change talks between the United States and China, the secretary of state’s office sent a secret cable warning about e-mail “spear phishing” attacks directed at five State Department employees in the Division of Ocean Affairs of the Office of the Special Envoy for Climate Change.

The messages, which purport to come from a National Journal columnist, had the subject line “China and Climate Change.” The e-mail contained a PDF file that was intended to install a malicious software program known as Poison Ivy, which was meant to give an intruder complete control of the victim’s computer. That attack failed.

The cables also reveal that a surveillance system dubbed Ghostnet that stole information from the computers used by the exiled Tibetan spiritual leader, the Dalai Lama, and South Asian governments and was uncovered in 2009 was linked to a second broad series of break-ins into American government computers code-named Byzantine Hades. Government investigators were able to make a “tenuous connection” between those break-ins and the People’s Liberation Army.

The documents also reveal that in 2008 German intelligence briefed American officials on similar attacks beginning in 2006 against the German government, including military, economic, science and technology, commercial, diplomatic, and research and development targets. The Germans described the attacks as preceding events like the German government’s meetings with the Chinese government.

Lockheed Martin Corp, the U.S. government's top information technology provider, said last week it had thwarted "a significant and tenacious attack" on its information systems network, though no signs pointed to a Chinese origin.

TV Program Shows Clip of Chinese Cyber Attack

Tania Branigan wrote in The Guardian, “China's state broadcaster has screened footage that apparently shows army-labelled software for attacking US-based websites, security experts have said. ..The analysts warned that the six-second clip could be a mock-up by the broadcaster, CCTV, and that, if genuine, it was probably around 10 years old. The footage emerged as the Pentagon's annual report to Congress on the Chinese military said the People's Liberation Army (PLA) had closed some key technological gaps and was on track for modernisation, including thorough investment in cyber capabilities, by 2020. The Chinese state news agency, Xinhua, denounced the document as a scaremongering "cock and bull story". [Source: Tania Branigan The Guardian August 25, 2011]

The footage shown by CCTV was part of a cybersecurity documentary screened on its military channel last month and removed from its website after US security analysts wrote about it. The programme includes a detailed discussion of cybersecurity by Senior Colonel Du Wenlong, of the PLA's academy of military sciences. A narrator then talks about methods of attack as the screen shows software being operated by an unseen user. The Chinese characters indicate an option for a distributed denial of service attack — a crude form of attack that disrupts access to a site by bombarding it with requests for data.

Another shot shows the words "attack system" and "PLA Electronic Engineering Institute" on screen. The user chooses a name, minghui.org, from a list of sites belonging to the banned Falun Gong spiritual movement and clicks on a button reading "attack". The security-focused China SignPost site suggested the footage, if genuine, was likely to be more than a decade old because the method was so basic and because there were several such attacks on Falun Gong sites in 1999 and 2000.

Beijing has consistently denied being behind cyber-attacks, insisting it plays no part in hacking and is itself a victim. Dr Andrew Erickson, an associate professor at the US Naval War College's China Maritime Studies Institute, and Gabe Collins, a commodity and security specialist, wrote: "It appeared to show dated computer screenshots of a Chinese military institute conducting a rudimentary type of cyber-attack against a United States-based dissident entity. However modest, ambiguous — and, from China's perspective, defensive — this is possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing's official claims never to engage in overseas hacking of any kind for government purposes."

Asked whether the footage had been mocked up, CCTV 7 said it did not respond to queries from foreign media. CCTV has been caught using misleading footage in the past, memorably in January, when shots from the film Top Gun were inserted into a news report about PLA training exercises.

The Washington Post said Wang Baodong, a spokesman for the Chinese embassy in Washington, had declined to comment on the video, but added: "It's no secret that Falun Gong and its subordinate institutions have been intensifying their subversive efforts against China in cyberspace. And China has every legitimate right to take action against such harmful activities to defend its national security interests." Cyber-attacks are becoming an increasing source of concern for governments around the world. In a strategy document earlier this year, the Pentagon said it would be willing to use conventional military action to retaliate.

Image Sources:

Text Sources: New York Times, Washington Post, Los Angeles Times, Times of London, National Geographic, The New Yorker, Time, Newsweek, Reuters, AP, Lonely Planet Guides, Compton’s Encyclopedia and various books and other publications.

Last updated October 2011