China blocks U.S. from cyber warfare

Eugen Leitl eugen at leitl.org
Tue May 12 09:02:01 PDT 2009


http://www.washingtontimes.com/news/2009/may/12/china-bolsters-for-cyber-arms-race-with-us/print/ 

Tuesday, May 12, 2009

China blocks U.S. from cyber warfare

Bill Gertz (Contact)

China has developed more secure operating software for its tens of millions
of computers and is already installing it on government and military systems,
hoping to make Beijing's networks impenetrable to U.S. military and
intelligence agencies.

The secure operating system, known as Kylin, was disclosed to Congress during
recent hearings that provided new details on how China's government is
preparing to wage cyberwarfare with the United States.

"We are in the early stages of a cyber arms race and need to respond
accordingly," said Kevin G. Coleman, a private security specialist who
advises the government on cybersecurity. He discussed Kylin during a hearing
of the U.S. China Economic and Security Review Commission on April 30.

The deployment of Kylin is significant, Mr. Coleman said, because the system
has "hardened" key Chinese servers. U.S. offensive cyberwar capabilities have
been focused on getting into Chinese government and military computers
outfitted with less secure operating systems like those made by Microsoft
Corp.

"This action also made our offensive cybercapabilities ineffective against
them, given the cyberweapons were designed to be used against Linux, UNIX and
Windows," he said.

The secure operating system was disclosed as computer hackers in China - some
of them sponsored by the communist government and military - are engaged in
aggressive attacks against the United States, said officials and experts who
disclosed new details of what was described as a growing war in cyberspace.

These experts say Beijing's military is recruiting computer hackers for its
forces, including one specialist identified in congressional testimony who
set up a company that was traced to attacks that penetrated Pentagon
computers.

Chinese Embassy spokesman Wang Baodong declined immediate comment. But Jiang
Yu, a Chinese Foreign Ministry spokesman, said April 23 that the reports of
Chinese hacking into Pentagon computers were false.

"Relevant authorities of the Chinese government attach great importance to
cracking down on cybercrimes," Ms. Jiang said. "We believe it is extremely
irresponsible to accuse China of being the source of attacks prior to any
serious investigation."

Mr. Coleman, a computer security specialist at Technolytics and a consultant
to the director of national intelligence and U.S. Strategic Command, said
Chinese state or state-affiliated entities are on a wartime footing in
seeking electronic information from the U.S. government, contractors and
industrial computer networks.

Mr. Coleman said in an interview that China's Kylin system was under
development since 2001 and the first computers to use it are government and
military servers that were converted beginning in 2007.

Additionally, Mr. Coleman said, the Chinese have developed a secure
microprocessor that, unlike U.S.-made chips, is known to be hardened against
external access by a hacker or automated malicious software.

"If you add a hardened microchip and a hardened operating system, that makes
a really good solid platform for defending infrastructure [from external
attack]," Mr. Coleman said.

U.S. operating system software, including Microsoft, used open-source and
offshore code that makes it less secure and vulnerable to software "trap
doors" that could allow access in wartime, he explained.

"What's so interesting from a strategic standpoint is that in the cyberarena,
China is playing chess while we're playing checkers," he said.

Asked whether the United States would win a cyberwar with China, Mr. Coleman
said it would be a draw because China, the United States and Russia are
matched equally in the new type of warfare.

Rafal A. Rohozinski, a Canadian computer security specialist who also
testified at the commission hearing, explained how he took part in a two-year
investigation that uncovered a sophisticated worldwide computer attack
network that appeared to be a Chinese-government-sponsored program called
GhostNet, whose electronic strikes were traced to e-mails from Hainan island
in the South China Sea.

GhostNet was able to completely take over targeted computers and then
download documents and information. Some of the data stolen were sensitive
financial and visa information on foreign government networks at overseas
embassies, Mr. Rohozinski said.

The China-based computer network used sophisticated break-in techniques that
are generally beyond the capabilities of nongovernment hackers, Mr.
Rohozinski said.

Using surveillance techniques, the investigators observed GhostNet hackers
stealing sensitive computer documents from embassy computers and
nongovernmental organizations.

"It was a do-it-yourself signals intelligence operation," Mr. Rohozinski said
of the network, which took over about 1,200 computers in 103 nations,
targeted specifically at overseas Tibetans linked to the exiled Dalai Lama.

Mr. Rohozinski, chief executive officer of the SecDev Group and an advisory
board member at the Citizen Lab at the Munk Center for International Studies
at the University of Toronto in Ontario, said the GhostNet operation was
likely part of a much bigger cyberintelligence effort by China to silence or
thwart its perceived opponents.

A third computer specialist, Alan Paller, told the Senate Committee on
Homeland Security and Governmental Affairs on April 29 that China's military
in 2005 recruited Tan Dailin, a graduate student at Sichuan University, after
he showed off his hacker skills at an annual contest.

Mr. Paller, a computer security specialist with the SANS Institute, said the
Chinese military put the hacker through a 30-day, 16-hour-a-day workshop
"where he learned to develop really high-end attacks and honed his skills."

A hacker team headed by Mr. Tan then won other computer warfare contests
against Chinese military units in Chengdu, in Sichuan province.

Mr. Paller said that a short time later, Mr. Tan "set up a little company. No
one's exactly sure where all the money came from, but it was in September
2005 when he won it. By December, he was found inside [Defense Department]
computers, well inside DoD computers," Mr. Paller said.

A Pentagon official said at the time that Chinese military hackers were
detected breaking into the unclassified e-mail on a network near the office
of Defense Secretary Robert M. Gates in June 2007.

Additional details of Chinese cyberattacks were disclosed recently by Joel F.
Brenner, the national counterintelligence executive, the nation's most senior
counterintelligence coordinator.

Mr. Brenner stated in a speech in Texas last month that cyberactivities by
China and Russia are widespread and "we know how to deal with these,"
including widely reported "Chinese penetrations of unclassified DoD
networks."

"Those are more sophisticated, though hardly state of the art," he said.
"Frankly, I worry more about attacks we can't even see, which the Russians
are good at. The Chinese are relentless and don't seem to care about getting
caught. And we have seen Chinese network operations inside certain of our
electricity grids."

Mr. Brenner said there are minimal concerns about a Chinese cyberattack to
shut down U.S. banking networks because "they have too much money invested
here.

"Our electricity grid? No, not now. But if there were a dust-up over Taiwan,
these answers might be different," he said.

Aggressive Chinese computer hacking has been known for years, but the U.S.
government in the past was reluctant to detail the activities.

The CIA, for example, sponsored research in the late 1990s that sought to
minimize Chinese cyberwarfare capabilities, under the idea that highlighting
such activities would hype the threat.

Researcher James Mulvenon, for instance, stated during a 1998 conference that
China's People's Liberation Army (PLA) "does not currently have a coherent
[information warfare] doctrine, certainly nothing compared to U.S. doctrinal
writings on the subject."

Mr. Mulvenon stated in one report that "while PLA [information warfare]
capabilities are growing, they do not match even the primitive sophistication
of their underlying strategies."

Mr. Mulvenon has since changed his views and has identified Chinese
computer-based warfare as a major threat to the Pentagon.

Mr. Coleman said China's military is equal to U.S. and Russian military
cyberwarfare.

"This is a three-horse race, and it is a dead heat," Mr. Coleman said.

The National University of China is the strategic adviser to the Chinese
military on cyberwarfare and the Ministry of Science and Technology, he said.

Several computer security specialists recently sounded public alarm about the
growing number of cyberattacks from China and Russia.

China, based on state-approved writings, thinks the United States is "already
is carrying out offensive cyberespionage and exploitation against China," Mr.
Coleman said.

In response, China is taking steps to protect its own computer and
information networks so that it can "go on the offensive," he said.

Mr. Coleman said one indication of the problem was identified by Solutionary,
a computer security company that in March detected 128 "acts of
cyberagression" tied to Internet addresses in China.

"These acts should serve as a warning that clearly indicates just how far
along China's cyberintelligence collection capabilities are," Mr. Coleman
said.

A Pentagon spokesman, Air Force Lt. Col. Eric Butterbaugh, would not comment
on Chinese cyberattacks directly but said "cyberspace is a war-fighting
domain, critical to military operations: We must protect it."

The Pentagon's Global Information Grid is hit with "millions of scans" - not
intrusion attempts - every day, Lt. Butterbaugh said.

"The nature of the threat is large and diverse, and includes recreational
hackers, self-styled cybervigilantes, various groups with nationalistic or
ideological agendas, transnational actors, and nation-states," he said. "We
have seen attempts by a variety of state and nonstate sponsored organizations
to gain unauthorized access to, or otherwise degrade, DoD information
systems."

Air Force Gen. Kevin Chilton, commander of the U.S. Strategic Command, said
May 7 that a joint cybercommand is needed under the Pentagon to better
integrate military and civilian cybercapabilities and defenses. Gen. Chilton
said he favors creating the joint command at Fort Meade, Md., where the
National Security Agency is located. The command should be a subunit of
Strategic Command, located at Offutt Air Force Base, Neb.

Mr. Gates said last month that the National Security Council is heading up a
strategic review of U.S. cybercapabilties and is considering creating a
subunified command within Strategic Command.

Pentagon spokesman Bryan Whitman said Mr. Gates has not decided on the
subunified command to handle cyberwarfare issues and is waiting for the
completion of the White House review of cyberwarfare and security issues,
which is past due from the 60-day deadline imposed by Congress.

Mr. Gates "thought it would be prudent to wait for their work before looking
at potential organization structures," Mr. Whitman said in an interview. 





More information about the cypherpunks-legacy mailing list