by Timothy Chilman
Envision September 2020. Members of the 60,000 strong cyberwarfare division of the Chinese military have comprehensively penetrated U.S. government and corporate networks. China seeks to bring Singapore into its fold, and when its navy attacks a Singaporean guided missile frigate in the South China sea, U.S. military units rapidly discover their communications capability to be heavily degraded. Satellite communications, radio, personal computers and the all-important battlefield communications hardware are close to crippled. Key military networks fall victim to devastating denial of service (DOS) attacks, hindering the effort of the military to mobilize its forces. Misinformation is rampant in the field.
This scenario was detailed in the Spring 2011 issue of the U.S. Air Force’s Strategic Studies Quarterly by Christopher Bronk, formerly a State Department diplomat and fellow of I.T. Policy at Rice University’s Baker Institute.
On May 17, 2011, the government of China admitted to devoting a considerable sum of money to a 30-strong team of cyberwarriors. While China claims the unit is for defensive purposes, it confirms the blackest fears of governments worldwide who already believe their systems have been subject to regular and co-ordinated cyberattack by China. Chinese involvement was suspected in a spate of recent cyberattacks on Du Pont, Epsilon, NASDAQ, Johnson & Johnson, Morgan Stanley, General Electric, RSA, Google, and others. Google is viewed by China as an arm of the United States, and the company announced in January 2010 that Gmail accounts of human rights activists were compromised and Google’s source code was accessed. One intelligence official told Reuters that thousands of companies had been targeted. Security firm McAfee dubbed the malware employed in this episode, “Aurora.”
A former People’s Liberation Army general said that when it came to cyberwarriors, China was able to draw from an incredibly deep talent pool: “It is just like ping pong. We have more people playing it, so we are very good at it.” China’s Telecommunications Administration Bureau put the Chinese online population at 477 million at the end of March, 2011. During the period of the Eighth Five-Year Plan (1992-97), 58.99 million telephone lines were installed, bringing China’s total to 71 million and giving the country one of the largest telephone networks in the world. The Chinese were eager to discover more of U.S. practices when the Tiananmen Square fuss had died down and restrictions on military contacts were eased. Almost 80 percent of officers in the Second Artillery have a bachelor degree or higher.
Termed the Blue Army, the unit is comprised of the best talents available in China: current PLA officers and enlisted men, college students and other “members of society,” said to include state employees, retirees and housewives. The Blue Army’s existence was revealed in a briefing by Chinese Defense Ministry spokesman Geng Yansheng. He said the unit aimed to improve the security of the country’s computer networks. The Blue Army is attached to the Guangdong Military Command and while it has existed for only two years, it has been discussed for over a decade. The PLA Daily, a military-run newspaper, reported that “tens of millions” of yuan had been spent on the project. 10 million yuan is equivalent to $1.54 million.
When asked if the unit was established with the express purpose of mounting cyberattacks on foreign countries, Mr. Geng replied that internet security was an international issue which affected the field of battle. He said that China itself was a victim of cyberattack, and its ability to protect itself in this regard was very weak. An online army would be effective for training against cyberattack.
Rear Admiral Yin Zhuo said that although the Blue Army was defensive in nature, it would retaliate against cyberattacks in time of war. He said, “It’s unfriendly and illegal to launch cyber attacks against other countries in peaceful times. The Chinese government will never do that.”
Xu Guangyu, a senior researcher for the government-sponsored China Arms Control and Disarmament Association, said the Blue Army was necessary as China could not afford to have “blank spaces” in government security. He said, “The internet has no boundaries, so we can’t say which country or organization will be our enemy and who will attack us. The Blue Army’s main target is self-defense. We won’t initiate an attack on anyone.”
Less nicely, he added: “I don’t think our Blue Army’s skills are too backward compared to those of other countries.”
The PLA Daily said that in an exercise late in April, 2011, the Blue Army took part in a simulation where the attacking force was four times its size and undertook massive barrages of junk mail and virus attacks to paralyze systems, and attempts to penetrate security and obtain sensitive military information. Unsurprisingly, the Blue Army was victorious.
The Chinese newspaper The Global Times criticized “some foreign media” for attributing aggressive intentions to the Blue Army. It said that China’s capability for cyberattacks was often exaggerated, and that it was frequently accused of being the culprit for cyberattacks on the US and Europe even though there is no “substantiated evidence”
Substantiation came in the form of U.S. government cables published by Wikileaks which showed that the United States believed China directed hacking campaigns against Western governments and companies, code-named “Byzantine Hades” and evidently the work of more than 30 people. One cable said that “a Chinese contact” had divulged that the Chinese government had for years hacked the computers of the United States, its allies, and the exiled Tibetan spiritual leader, the Dalai Lama. The servers which attacked the Dalai Lama’s office had previously been used against Tibetan targets during the Olympics in Beijing in 2008. It is often the transmission of data to servers which indicates that cyberintrusion has occurred.
U.S. investigators say that China has purloined terabytes of sensitive data, enough to fill the Library of Congress many times over. Data obtained ranges from usernames and passwords for State Department computers to the designs of multi-billion dollar defense systems. $50bn of corporate secrets are stolen yearly. Alan Paller, director of research at the information security training body SANS Institute in Washington, says, “The attacks coming out of China are not only continuing, they are accelerating.”
A Wikileaks cable dated April 2009 attributes Byzantine Hades to a particular unit of the PLA. Several websites involved with the attacks were registered in Chengdu, capital of Sichuan Province in Central China at the zip code of the Chengdu Province First Technical Reconnaissance Bureau. At least six of these bureaus are believed to concentrate on exploitation of foreign networks.
Within the last five years, cyberattacks reported to the U.S. Department of Homeland Security’s Computer Emergency Response Team have risen by over 650 percent, from 5,503 in 2006 to 41,776 in 2010, per the March 16 report of the Government Accountablity office.
In March 2011, U.S. Director of National Intelligence, James Clapper, claimed that China had put down “a substantial investment” in cyberwarfare and that China’s behavior is “pretty aggressive.” Last year, a report on cyberespionage by the U.S. company Symantec, maker of the Norton anti-virus product, found that almost 30 percent of all attempts to dishonestly obtain corporate data emanated from China. The eastern city of Shaoxing was the single, largest source of attacks, accounting for 21.3 percent of the total.
Rick Fisher, spokesman for the U.S.-based International Assessment and Strategy Center said in a newspaper interview that “Various Chinese intelligence, criminal and corporate bodies are truly the scourge of the global internet.” He said that China employed the internet to “wage unrestricted warfare against the world.” He elaborated: “China has long ago figured out how to turn off your country’s power grid, manipulate your financial markets, steal from your bank accounts, and of course, read your email.”
Nigel Inkster, speaking for the U.K.-based International Institute for Strategic Studies said that most attacks were by “privateers” and not government-controlled entities. He likened the Blue Army to the issuing of letters of marque – a government license to attack enemy vessels in the days of fighting sail.
Inkster said that China posed less of a challenge to U.S. dominance of the internet than many, especially in the United States, think. He pointed out that the United States enjoyed a commanding lead in the technology of the internet, with the actual wiring and a great deal of the software being of Western origin. He said China felt threatened by the “soft power” of U.S. culture online and had “a marked tendency” to proclaim the existence of capacities not yet completely operational in order to deter aggression.
China wishes to reduce its dependence on foreign technology. Its leaders are unhappy with being the factory of the world, as this is energy intensive. Chinese leaders do not want the country to produce low-value components while American, European, and Japanese companies perform high return, intellectual property-intensive work. In January 2006, the Chinese minister of science, Xu Guanhua said, “China still lacks capability in innovation, particularly in those strategically important areas. We would never buy or borrow the key technologies from the global leading economies.”
In Gulf War I in 1991, the United States blinded and spoofed the high command of Iraq and systematically neutralized the country’s air defense system through informationalized war, which the watching Chinese called xinxi hua. In the late 1990s, the United States did it all again against Serbia. This demonstrated to the Chinese that there was afoot a revolution in military affairs – xin junshi geming, or new military revolution in Chinese – a major change in the nature of warfare caused by the application of new technologies and doctrines.
Viruses could attack command and control systems, radar and other sensors, and such computer operated platforms as the navigation and fire systems of tanks, ships, aircraft, and missiles. The Central Intelligence Agency (CIA), National Security Agency (NSA), and Defense Advanced Research Projects Agency are all widely believed to have demonstrated an interest in viruses for these purposes. The Stuxnet virus which caused centrifuges at the Iranian nuclear facility at Bushehr to spin out of control is thought to have been U.S. and Israeli in origin.
Most attacks are spear-phishing, where the invader poses as a trustworthy entity. Commonly, hackers dredge the internet for details of U.S. government or commercial employees’ job descriptions, affiliated associates and even manner of signing emails, as with the U.S. military use of “V/R,” meaning “Virtual Regards” or “Very respectfully” for the less online-aware. If conducted from a compromised email account, spear-phishing is more likely to succeed. A common trick is to then install malware such as keystroke-logging software to extract huge amounts of data. Stewart Baker, formerly a cybersecurity official of Homeland Security and the NSA, said, “We have given up on the idea we can keep our networks pristine.”
One example was when an email from an address on an unofficial U.S. Armed Forces family welfare network named AFGIMail was sent to Andrew Schwartz of the Center for Strategic and International Studies which contained an Excel spreadsheet entitled “Titan Global Invitation List.” If opened, the spreadsheet installed malware which searched for documents on the host computer. Data was transmitted to a website hosting company in Orange Country, California, which has sites in China.
In Christopher Bronk’s Strategic Studies Quarterly article, Chinese cyberspies penetrated unclassified networks used by the government for low-level internal communications dealing with such things as routing supply information. While unclassified, the sum of information obtained from these networks gleaned highly useful intelligence on U.S. strategy and dispositions from demand for supplies, cargo operations, and troop movement.
Websites commonly verify a user’s identity with questions such as “What is your mother’s maiden name?” but this information is now available through Facebook and other social sites.
Another key weapon of informationalized war is the botnet, where infected computers “gang up” on unclassified government or private systems and bring them to an abrupt halt through DOS attacks without requiring input from the hackers.
Although cybersecurity was a pillar of President Barack Obama’s election campaign, initial developments in this realm of endeavor were underwhelming. In December 2009, after a year of dithering, Howard Schmidt was appointed White House cybersecurity czar. All the qualified candidates had turned the job down, so Schmidt returned to the post he held under Dubya, where he was shunned by both political appointees and bureaucrats for his ineffectuality. After the termination of his first stint, he headed cybersecurity at eBay, but lasted only a short while. He is regarded as a sergeant attempting the job of a general.
Some of the $500 million spent by the U.S. government on cybertechnology is bearing fruit. A system, the National Cyber Range, will simulate the internet and allow for training of personnel. DARPA, the Defense Advanced Research Projects Agency, is leading the effort, and Lockheed Martin and Johns Hopkins University are involved. DARPA took part in the research which led to Arpanet, a predecessor of the internet. Lockheed was itself hit by “a significant and tenacious” cyberattack in May. The system will allow tests to take place within days rather than weeks as at present and will be operational by next year. Unlike the real internet, the simulation could be reset.
Cyberattacks on Estonia in 2007 and Georgia in 2008, attributed to the Russian state, show the potential for xinxi hua. With nuclear weapons nigh-on unusable, cyberattack allows the infliction of acute pain in a plausibly deniable manner. Even non-state actors can play, as when South Korean hackers protested the publication of a history textbook in Japan which allegedly played down Japanese atrocities in the Second World War: a DOS attack was staged against the website of Japan’s Ministry of Education. Chinese and Taiwanese activists partook of similar behavior when cross-straits relations went cold. North Korea is said to have launched DOS attacks against U.S. and South Korean government agencies.
At least the financial system of the United States is safe. As China owns over $1.1 trillion of U.S. government debt, the destabilization of U.S. markets would be an attack on the Chinese economy.
“China ‘setting up military cyber-warfare team.’” Yahoo News. 27 May 2011. 28 May 2011. <http://news.yahoo.com/s/afp/20110527/wl_afp/chinadefencemilitaryinternet_20110527095809.>
“China dispatches online army.” Tehran Times. 28 May 2011. 28 May 2011. <http://www.tehrantimes.com/index_View.asp?code=241477.>
“China says its Online Blue Army is built for the defensive.” China Military Mashup. 26 May 2011. 28 May 2011.<http://www.china-defense-mashup.com/china-says-its-online-blue-army-is-built-for-the-defensive.html.>
Beech, Hannah. “Meet China’s Newest Soldiers: An Online Blue Army.” Time Magazine. 17 May 2011. 28 May 2011. <http://globalspin.blogs.time.com/2011/05/27/meet-chinas-newest-soldiers-an-online-blue-army/.>
Bronk, Christopher. “Blown to Bits: China’s War in Cyberspace,August–September 2020.” Strategic Studies Quarterly. 1 May 2010. 28 May 2011. <http://www.au.af.mil/au/ssq/2011/spring/bronk.pdf.>.
Cairns, David. “What is China’s online Blue Army – and is it a threat?” The First Post. 27 May 2011. 28 May 2011. <http://www.thefirstpost.co.uk/79552,news-comment,news-politics,what-is-chinas-online-blue-army-and-is-it-a-threat.>
Grow, Brian and Hosenball, Mark. “Special report: In cyberspy vs. cyberspy, China has the edge.” Reuters. 14 April 2011. 28 May 2011. <http://www.reuters.com/article/2011/04/14/us-china-usa-cyberespionage-idUSTRE73D24220110414.>
Lemos, Robert. “’Byzantine Hades’ shows China’s cyber chops.” CSO Online. 21 April 2011. 28 May 2011. <http://www.csoonline.com/article/680203/-byzantine-hades-shows-china-s-cyber-chops.>
Lewis, Leo. “China’s Blue Army of 30 computer experts could deploy cyber warfare on foreign powers.” The Australian. 27 May 2011. 28 May 2011. <http://www.theaustralian.com.au/australian-it/chinas-blue-army-could-conduct-cyber-warfare-on-foreign-powers/story-e6frgakx-1226064132826.>
Liebowitz, Matt. “China military admits cyberwarfare unit exists.” MSNBC. 26 May 2011. 28 May 2011. <http://www.msnbc.msn.com/id/43189050/ns/technology_and_science-security/t/china-military-admits-cyberwarfare-unit-exists/.>
Newmyer, Jaqueline. “The Revolution in Military Affairs with Chinese Characteristics.” Informaworld. 1 August 2010. 28 May 2011. <http://www.informaworld.com/smpp/section?content=a926059415&fulltext=713240928.>
Stokes, John. “Google poses Obama a problem.” The Spectator Magazine. 14 January 2010. 28 May 2011. <http://www.spectator.co.uk/coffeehouse/5706898/google-poses-obama-a-problem.thtml.>
Vijayan, Jaikumar. “What a cyberwar with China might look like.” CSO Online. 31 March 2011. 28 May 2011. <http://www.csoonline.com/article/678631/what-a-cyberwar-with-china-might-look-like.>