Information Warfare: China Denies, Defies And Keeps On Attacking


February 8, 2013: Several major American media outlets (including the NY Times and Wall Street Journal) admitted that their networks were recently under attack by some talented hackers, who were seeking the sources of embarrassing (to Chinese officials) stories. These attacks were discovered before the hackers were done and security experts called in to deal with the situation concluded that the attack probably came from China. This was based on the type of attacks, the tools and techniques used, and the specific information being sought. The media companies involved and the U.S. government complained to China, which denied any responsibility and pointed out that the U.S. was probably making similar attacks on Chinese companies and government networks. China realizes that the way Cyber War currently works these days is as long as no one is getting killed (at least not openly) there is not much risk of conventional (bombs, blockades, or whatever) retaliation.

China has been hacking away at U.S. targets for over a decade now and shows no signs of slowing down, despite growing U.S. efforts to defend itself. Hacks like the recent media ones are nothing new. For example, seven years ago Chinese based hackers attacked several Department of Defense computer networks and, even though discovered, got away with a lot of valuable material. Among the victims was the U.S. Navy War College which, in response, had to shut down its computer network because the Naval War College servers had to be scrutinized to see what was taken, changed, or left behind. Why attack the Navy War College? Mainly because that's where the navy does a lot of its planning for future wars. The strategy for the Pacific war during World War II was worked out at the Navy War College, and that planning tradition continues. Plus, the Chinese may have also found the War College networks to be more vulnerable.

A month earlier Chinese hackers were caught trying to burrow their way into Bureau of Industry and Security (BIS) systems. BIS is a section of the Commerce Department that has been fighting Chinese efforts to illegally obtain U.S. military technology and American trade secrets in general. Some BIS computers were so thoroughly infiltrated that their hard drives had to be wiped clean and reloaded as if they were new machines. More worrisome is that this penetration effort, which went on for several days, may have gotten into places where its presence could not be detected or, at least, not detected yet. Naturally, there was no announcement of details that could give the hackers information on how they were detected, traced, or otherwise deceived.

Several years later these hacking efforts had similar spectacular success in Europe. Despite spending over a billion dollars a year defending their government networks, Britain complained openly of hackers getting into the communications network of the Foreign Office. The government also warned of increasing attacks on British companies. These attacks on government and corporate networks were all targeting specific people and data. While China was not mentioned in these official announcements, British officials have often discussed how investigations of recent hacking efforts tended to lead back to China. There is also a strong suspicion, backed up by hacker chatter, that some governments were offering large bounties for information stolen from other governments. Not information from China but from everyone else.

China manages to muster all this hacker talent by vigorously recruiting patriotic Chinese Internet experts to hack for the motherland. China's one of many nations taking advantage of the Internet to encourage, or even organize, patriotic Internet users to obtain hacking services. This enables the government to use (often informally) these thousands of hackers to attack targets (foreign or domestic). These government organizations arrange training and mentoring to improve the skills of group members. China has helped identify and train over a million potential ace hackers so far. Most turn out to be minor league at best, but the few hundred hotshots identified are put to work plundering foreign networks.

While many of these Cyber Warriors are rank amateurs, even the least skilled can be given simple tasks. And out of their ranks emerge more skilled hackers, who can do some real damage. These hacker militias have also led to the use of mercenary hacker groups, who will go looking for specific secrets, for a price. Chinese companies are apparently major users of such services, judging from the pattern of recent hacking activity, and the fact that Chinese firms don't have to fear prosecution for using such methods.

It was China that really pioneered the militia activity. It all began in the late 1990s, when the Chinese Defense Ministry established the "NET Force." This was initially a research organization, which was to measure China's vulnerability to attacks via the Internet. Soon this led to examining the vulnerability of other countries, especially the United States, Japan, and South Korea (all nations that were heavy Internet users). NET Force has continued to grow. NET Force was soon joined by an irregular civilian militia, the "Red Hackers Union" (RHU). These are over half a million patriotic Chinese programmers, Internet engineers, and users who wished to assist the motherland and put the hurt, via the Internet, on those who threaten or insult China. The RHU began spontaneously in 1999 (after the U.S. accidentally bombed the Chinese embassy in Serbia), but the government has assumed some control, without turning the voluntary organization into another bureaucracy. The literal name of the group is "Red Honkers Union," with Honker meaning "guest" in Chinese. But these were all Internet nerds out to avenge insults to the motherland.

Various ministries have liaison officers who basically keep in touch with what the RHU is up to (mostly the usual geek chatter) and intervene only to "suggest" that certain key RHU members back off from certain subjects or activities. Such "suggestions" carry great weight in China, where people who misbehave on the web are very publicly prosecuted and sent to jail. For those RHU opinion-leaders and ace hackers that cooperate, there are all manner of benefits for their careers, not to mention some leniency if they later get into some trouble with the authorities. Many government officials fear the RHU, believing that it could easily turn into a "counter-revolutionary force." So far, the Defense Ministry and NET Force officials have assured the senior politicians that they have the RHU under control.

All nations with a large Internet user population have these informal groups, but not all nations have government guidance and encouragement to make attacks. When there are tensions between nations with large number of Internet users, it almost always results in the "hacker militias" of both nations going after each other. The U.S. has one of the largest such informal militias but there has been little government involvement. That is changing. The U.S. Department of Defense, increasingly under hacker attack, is now organizing to fight back, sort of.

Taking a page from the corporate playbook, the Pentagon sent off many of its programmers and Internet engineers to take classes in how to hack into the Pentagon. Not just the Pentagon but any corporate, or private, network. It's long been common for Internet security personnel to test their defenses by attacking them. Some "white hat hackers" (as opposed to the evil "black hat hackers") made a very good living selling their attack skills, to reveal flaws or confirm defenses. A decade ago this was standardized with the establishment of the EC (E Commerce Consultants) Council, which certified who were known and qualified white hat hackers. This made it easier for white hats to get work and for companies to find qualified, and trustworthy, hackers to help with network security. Now the Department of Defense is paying to get members of its Internet security staff certified as white hats, or at least trained to be able to do what the black hats do or recognize it. While many in the Department of Defense have been calling for a more attack-minded posture, when it comes to those who are constantly attacking Pentagon networks, the best that can be done right now is to train more insiders to think, and operate, like outsiders.

The U.S. Department of Defense is the largest user of computers, and networks, in the world. This includes 11 million Internet users, over six million PCs, and over 15,000 networks. This has always attracted a lot of hacker attention. For over a decade all the services have been scrambling to get their Cyber War defenses strengthened. But so many networks and PCs make an attractive target and provide many potential weak areas that can be penetrated. The Department of Defense systems suffer thousands of serious attacks a day. This activity is increasing very rapidly with the growing number of smart phones and iPads used by government employees and troops. These devices are powerful computers that happen to be small and very much connected to the web.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close