Lessons from Paracels XXII: China cyber warfare scare

China has been reported to have deployed its sophisticated cyber warfare teams to hack US intelligence privy for clandestine information extraction.

Los Angeles times story:

China and Russia are using hacked data to target U.S. spies, officials say

 

Defense Secretary Ashton Carter, shown in Moutain View, Calif., says the military needs to boost its cyberdefenses. “We’re not doing as well as we need to do in job one in cyber, which is defending our own networks,” he said. (Justin Sullivan / Getty Images)
By BRIAN BENNETT AND W.J. HENNIGAN contact the reporters Asia Europe Russia China Cyber Crime Theft Blackmail and Extortion
Foreign spy services, especially in China and Russia, are aggressively aggregating and cross-indexing hacked U.S. computer databases — including security clearance applications, airline records and medical insurance forms — to identify U.S. intelligence officers and agents, U.S. officials said.

At least one clandestine network of American engineers and scientists who provide technical assistance to U.S. undercover operatives and agents overseas has been compromised as a result, according to two U.S. officials.

The Obama administration has scrambled to boost cyberdefenses for federal agencies and crucial infrastructure as foreign-based attacks have penetrated government websites and email systems, social media accounts and, most important, vast data troves containing Social Security numbers, financial information, medical records and other personal data on millions of Americans.

 

Counterintelligence officials say their adversaries combine those immense data files and then employ sophisticated software to try to isolate disparate clues that can be used to identify and track — or worse, blackmail and recruit — U.S. intelligence operatives.

Digital analysis can reveal “who is an intelligence officer, who travels where, when, who’s got financial difficulties, who’s got medical issues, [to] put together a common picture,” William Evanina, the top counterintelligence official for the U.S. intelligence community, said in an interview.

Asked whether adversaries had used this information against U.S. operatives, Evanina said, “Absolutely.”
Evanina declined to say which nations are involved. Other U.S. officials, speaking on condition of anonymity to discuss internal assessments, say China and Russia are collecting and scrutinizing sensitive U.S. computer files for counterintelligence purposes.

U.S. cyberspying is also extensive, but authorities in Moscow and Beijing frequently work in tandem with criminal hackers and private companies to find and extract sensitive data from U.S. systems, rather than steal it themselves. That limits clear targets for U.S. retaliation.

The Obama administration marked a notable exception last week when a U.S. military drone strike near Raqqah, Syria, killed the British-born leader of the CyberCaliphate, an Islamic State hacking group that has aggressively sought to persuade sympathizers to launch “lone wolf” attacks in the United States and elsewhere.
Junaid Hussain had posted names, addresses and photos of about 1,300 U.S. military and other officials on Twitter and the Internet, and urged his followers to find and kill them, according to U.S. officials. They said he also had been in contact with one of the two heavily armed attackers killed in May outside a prophet Muhammad cartoon contest in Garland, Texas. Hussain is the first known hacker targeted by a U.S. drone.

The Pentagon also is scouring the leaked list of clients and their sexual preferences from the Ashley Madison cheating website to identify service members who may have violated military rules against infidelity and be vulnerable to extortion by foreign intelligence agencies.

 

Far more worrisome was last year’s cyberlooting — allegedly by China — of U.S. Office of Personnel Management databases holding detailed personnel records and security clearance application files for about 22 million people, including not only current and former federal employees and contractors but also their families and friends.

“A foreign spy agency now has the ability to cross-check who has a security clearance, via the OPM breach, with who was cheating on their wife via the Ashley Madison breach, and thus identify someone to target for blackmail,” said Peter W. Singer, a fellow at the nonprofit New America Foundation in Washington and coauthor of the book “Cybersecurity and Cyberwar.”

The immense data troves can reveal marital problems, health issues and financial distress that foreign intelligence services can use to try to pry secrets from U.S. officials, according to Rep. Adam B. Schiff of Burbank, the top Democrat on the House Intelligence Committee.

“It’s very much a 21st century challenge,” Schiff said. “The whole cyberlandscape has changed.”
U.S. intelligence officials have seen evidence that China’s Ministry of State Security has combined medical data snatched in January from health insurance giant Anthem, passenger records stripped from United Airlines servers in May and the OPM security clearance files.

The Anthem breach, which involved personal data on 80 million current and former customers and employees, used malicious software that U.S. officials say is linked to the Chinese government. The information has not appeared for sale on black market websites, indicating that a foreign government controls it.

U.S. officials have not publicly blamed Beijing for the theft of the OPM and the Anthem files, but privately say both hacks were traced to the Chinese government.

The officials say China’s state security officials tapped criminal hackers to steal the files, and then gave them to private Chinese software companies to help analyze and link the information together. That kept the government’s direct fingerprints off the heist and the data aggregation that followed.
In a similar fashion, officials say, Russia’s powerful Federal Security Service, or FSB, has close connections to programmers and criminal hacking rings in Russia and has used them in a relentless series of cyberattacks.

According to U.S. officials, Russian hackers linked to the Kremlin infiltrated the State Department’s unclassified email system for several months last fall. Russian hackers also stole gigabytes of customer data from several U.S. banks and financial companies, including JPMorgan Chase & Co., last year.

A Chinese Embassy spokesman, Zhu Haiquan, said Friday that his government “firmly opposes and combats all forms of cyberattacks in accordance with the law.” The Russian Embassy did not respond to multiple requests for comment. U.S. intelligence officials want President Obama to press their concerns about Chinese hacking when Chinese President Xi Jinping visits the White House on Sept. 25.

After the recent breaches, U.S. cybersecurity officials saw a dramatic increase in the number of targeted emails sent to U.S. government employees that contain links to malicious software.
In late July, for example, an unclassified email system used by the Joint Chiefs and their staff — 4,000 people in all — was taken down for 12 days after they received sophisticated “spear-phishing” emails that U.S. officials suspect was a Russian hack.

The emails appeared to be from USAA, a bank that serves military members, and each sought to persuade the recipient to click a link that would implant spyware into the system.

 

Defense Secretary Ashton Carter said the hack shows the military needs to boost its cyberdefenses.

“We’re not doing as well as we need to do in job one in cyber, which is defending our own networks,” Carter said Wednesday. “Our military is dependent upon and empowered by networks for its effective operations…. We have to be better at network defense than we are now.”
Carter spent Friday in Silicon Valley in an effort to expand a partnership between the Pentagon, academia and the private sector that aims to improve the nation’s digital defenses. Carter opened an outreach office in Mountain View this year to try to draw on local expertise.

U.S. intelligence officers are supposed to cover their digital tracks and are trained to look for surveillance. Counterintelligence officials say they worry more about the scientists, engineers and other technical experts who travel abroad to support the career spies, who mostly work in U.S. embassies.

The contractors are more vulnerable to having their covers blown now, and two U.S. officials said some already have been compromised. They refused to say whether any were subject to blackmail or other overtures from foreign intelligence services.

But Evanina’s office, the National Counterintelligence and Security Center, based in Bethesda, Md., has recently updated pamphlets, training videos and desk calendars for government workers to warn them of the increased risk from foreign spy services.
“Travel vulnerabilities are greater than usual,” reads one handout. Take “extra precaution” if people “approach you in a friendly manner and seem to have a lot in common with you.”

************

This is very serious because China has been intensifying its intelligence and clandestine information operations through its cyber warfare units.

Six months ago, Pentagon admitted deploying its counter cyber warfare mechanisms to ward off these cyber attacks by the China’s crack cyber warfare teams.

Skynews story:

Pentagon Admits Cyberwarfare Plan For First Time

America’s Department of Defense intends to establish a full-time unit of computer experts in the San Francisco Bay area.
11:10, UK,
Thursday 23 April 2015
Pentagon in Washington DC
The US Department of Defense is taking on recruits to conduct cyberwarfare
The Pentagon has admitted for the first time it plans to use cyberwarfare in its battle to keep up with its enemies.

In a 33-page ‘cybersecurity strategy’ the US Department of Defense has publicly laid out the approach plans to take.

The document says the DoD “should be able to use cyber operations to disrupt an adversary’s command and control networks, military-related critical infrastructure and weapons capabilities”.

The previous strategy, published in 2011, made little reference to clandestine warfare using computer networks, although US officials are known to have spoken privately about the issue.

Reports in 2013 claimed that senators had received a closed-door briefing on how the New York City power grid could be taken down by a computer virus.
Play video “2014: China Source Of Most Attacks”

Video: 2014: China Source Of Most Attacks
The television reports said officials had told NBC off the record that the US was already employing cyberwarriors who were capable of shutting down the power system of a smaller country – like Iran.

The new document takes a more open approach because the Pentagon wants more transparency in its cyber mission – and because it could be a deterrent to adversaries.

Defense Secretary Ash Carter said: “I think it will be useful to us for the world to know that, first of all, we’re going to protect ourselves, we’re going to defend ourselves.”

He added that the new strategy is “more clear and more specific about everything, including (US) offence”.

Play video “Cybercrime As Lucrative As Drugs”

Video: Cybercrime As Lucrative As Drugs
The strategy also, for the first time, refers to US concerns over cyber-espionage by China.

China admitted the existence of dedicated cyber warfare units in a document produced by the People’s Liberation Army earlier this year, according to the Daily Beast.

The hacking of Sony’s emails last year, which the US government blamed on North Korea, also showed the dangers to American interests from other unfriendly states.

The document says the US will continue to try to work with Beijing to bring greater understanding and transparency of each nation’s cyber missions to “reduce the risks of misperception and miscalculation”.
Play video “Latest Strategy To Tackle Terror”

Video: Latest Strategy To Tackle Terror
“One of the things we need to do is have that dialogue,” said Mr Carter.

According to officials, Mr Carter is setting up a full-time unit of military, civilian and reservist workers in the San Francisco Bay area in the next month or so.

But he said one of the things holding back progress was that the US military suffers from a lack of “coolness”.

He said some of the bright young recruits the DoD needs to maintain its war are more likely to want to work for Silicon Valley’s top tech firms, rather than with the Pentagon.

**************

The China’s cyber warfare aggression which demonstrated its threatening capabilities has escalated into a very serious defense agenda.

The Diplomat story:

China’s Growing Cyberwar Capabilities

A recent attack on GitHub highlights China’s growing expertise – and aggression – in cyberspace.

By Marcel A. Green
April 13, 2015

With recent news suggesting that the recent massive denial-of-service attacks against online hosting and code-sharing site GitHub was either sponsored or encouraged by Chinese authorities, the spotlight has once again been turned on China’s intentions in cyberspace and whether or not its activities pose a threat to worldwide, and especially U.S. cybersecurity.

China is one of the most active nations in cyberspace. Moreover, China has made no secret that President Xi Jinping’s “new model of great power relations” policy means that it will not be afraid to challenge the U.S. and the rest of the world in areas it considers a core interest, such as cyberspace.

Much like the U.S., China has devoted substantial money, manpower and resources to developing its cyber capabilities. Chinese cyber capabilities include a mix of dedicated personnel, advanced equipment, and cyberattack methodologies. According to the cybersecurity firm Mandiant, since as early as 2006, the People’s Liberation Army (PLA) has been using an elite cyberwarfare unit based in Shanghai to launch hundreds of cyberattacks targeting American interest. The unit, officially known as Unit 61398, operates under the PLA’s Second Bureau of the General Staff Department’s (GSD) Third Department, which is focused on cyber surveillance and monitoring of foreign electronic communications. Unit 61398 has a staff of “hundreds if not thousands” of people, trained in advanced network security, digital signal processing, and covert communications who have access extensive “infrastructure of computer systems around the world.” Recently the Taipei Times reported that Taiwan’s National security Bureau (NSB) has identified another unit of the GSD’s Third Department that is involved in cyber-activities. This unit has been revealed to be Third Department’s Sixth Bureau based out of Wuhan University in Hubei Province. According to the NSB, the Sixth Bureau is “engaged in technical aspects of surveillance and intelligence gathering on the Taiwanese agencies, intercepting telecommunications signals, hacking computers and mobile phone service networks and satellite imagery reconnaissance.”

In addition to its official cyberwarfare units, China is believed to also have “reached out” to people with the necessary cyber skills in the IT sector and academic community to help fill any gaps in state expertise and personnel when needed. As the GitHub attacks illustrate, there is also ample evidence that China uses hackers and other cybercriminals to accomplish operations that it is officially unwilling or unable to commit. To be sure, cybercrime is often intimately tied to state-sponsored threats to cybersecurity. The use of affiliated hackers is based on the idea that cybercriminals can be used to escape the attribution that may otherwise provide the necessary legal, military or diplomatic links that other countries can use to prove China’s official participation in cyberattacks. Consequently, in October 2014, the FBI issued a warning that a Chinese hacking collective known as Axiom has been engaged in a well-resourced, sophisticated campaign to steal valuable data from U.S. government agencies. According to the warning, Axiom, and other state-sponsored Chinese hacking groups like them, are “exceedingly stealthy and agile by comparison” to Unit 61398. Later in 2014, the U.S. Department of Justice indicted five Chinese citizens, affiliated with Unit 61398 on charges of theft of business information and unauthorized access to the computers of a number of U.S. companies.

China’s cyber capabilities are organized by a strategy that calls for the early application of its cyberwarfare units against an adversary “to establish information dominance.” Information dominance refers to: (1) taking and maintaining control of an adversary’s access to its own information, and (2) disrupting the flow of information necessary for “decision-making or combat operations.” Information dominance, moreover, requires that Chinese cyber capabilities are deployed pre-emptively or as early as necessary to support more traditional combat actions. Moreover, establishing information dominance requires China to have a fairly extensive and ongoing knowledge of an adversary’s capabilities.

Lastly, in order to achieve its cyber strategic goals and effectively make use of its cyberwarfare units, China has employed a wide range of advanced cyberattack methodologies. For instance, The PLA’s Unit 61398 is known for its use of zero-day exploits. A zero-day exploit refers to vulnerability in software that the software maker itself does not know exists. Discovering zero-day exploits require broad access to a software developer’s internal routines and procedures. It also requires a better understanding of the software then the developer. This is often achieved by employing a technique known as advanced persistent threat (APT). APT refers to a hacking process that involves a long-term campaign to break into a computer network, avoid detection, and harvest valuable information over days, months and even years. According to Mandiant, Unit 61398’s informal name was APT1 due to their skill at successfully carrying out advanced persistent threats.

Understanding China’s cyber capabilities will play a large role in resolving the challenge of determining the appropriate response that the U.S. and other nations can make to cyberattacks that can be attributed to China. Where the attack can be traced to an official Chinese organ, perhaps a diplomatic or military response will be suitable. Where the attack is traced to non-official organs, non-conventional responses such as economic sanctions or criminal penalties will prove more effective.

Marcel A. Green is an attorney and legal researcher specializing in American and Chinese Criminal Law.

***************

Published in: on September 2, 2015 at 23:45  Comments (6)  

The URI to TrackBack this entry is: https://bigdogdotcom.wordpress.com/2015/09/02/lessons-from-paracels-xxii-china-cyber-warfare-scare/trackback/

RSS feed for comments on this post.

6 CommentsLeave a comment

  1. “sophisticated cyber warfare .. for clandestine information extraction.” The US Defence Secretary says their military needs to boost its cyber defenses.

    I believe Malaysia also has. Hope it’s formidable enough to ensure our ability to fire guided missiles unhindered. I presume we have guided missiles, but don’t know the extent of its capabilities. With China lurking and menacing in the South China Sea, it’d be comforting to know that we can fend them off in the event of armed conflict – at least until help arrives.

    “.. immense data files .. sophisticated software to try to isolate disparate clues that can be used to identify and track — or worse, blackmail and recruit — U.S. intelligence operatives. Digit – theyal analysis can reveal “who is an intelligence officer, who travels where, when, who’s got financial difficulties, who’s got medical issues …”

    Really, these days one has to forget camping and berak-ing out in the open, beside the idyllic stream – all sorts of low-flying unmanned vehicles, and miles-in-the-sky satellites can see you doing it. Or even the slightest indication of digging your nose while waiting for the driver to arrive at the mall etc. And they will use the nose digging bit to say you are not gentlemanly, not well brought up and forget about marrying their daughters! Some will have to go to Kazakhstan!

    But don’t worry about the Bersih people. DAP members and supporters are simply not in the books. “Biadap,” said former DAP Vice Chairman Tengku Aziz of Lim Guan Eng as he bolted out of DAP.

    Have a good day, folks.

  2. Even during the days of Mao Zedong and the tumultuous “Cultural Revolution” he initiated to get rid of his enemies amidst his sagging popularity, the Chinese already had nuclear bombs. By the 1970s they have had guided missiles, rockets, however crude their technology may be.

    Now that they have sent manned rockets to outer space, their technological capabilities must be that high as to be able to see us berak-ing in the open, too. We don’t talk about fighting them, do we? We just hope for India, whose economy is now said to be superseding China, to be in such rivalry like China is with US, Japan and Russia, as to leave us alone.

    But would they? Any more news about the island they have built in the South China Sea? The aircraft landing strip has now been enhanced by a wharf and port facilities for the PLA Navy? Maybe even started drilling oil secretly there? No secret to the Americans, but do we know? Hope so.

    And where are we with building alliances, defence treaties and trade agreements? Such work eclipsed by the warring UMNO tribes, exploited by the anti-national, non-Constitution respecting DAP members and supporters on Bersih street demos, 1MDB, RM2.6 billion, non-appearance at NothingToHide and now at Transparency International anti-corruption conference?

    Excuse me for being cynical this morning, guys.

    • I’d like computer technology and cyber warfare capability for Malaysia that would send back the guided missiles and nuclear bombs shot at us back to them like boomerangs.

      That way, we don’t have to have nuclear weapons etc.

  3. China’s Growing Cyberwar Capabilities – on manpower handling those, they are superior. On technologies, I think they are far behind.

    The Chinese are not known for their mathematical genius, are they? Confucius was a philosopher, Tsun Tzu a military strategist, Mao Zedong a communist anarchist, anything in between were trouble makers, thugs and gangsters that made their 3,500 years of written history lame.

    The US is a nation of pendatang, their rocket science excelled also a lot due to their German import – Hitler’s man, Von Braun, offered a comfortable sanctuary, a lot of funds to try out his theories until they got to send the first man to the moon during Kennedy’s time. Since then, they must have had mathematicians and scientists aplenty to counter Russian, and now, Chinese encroachment on their technological warfare domain. Yes, the Indians, too. Silicon Valley has been quite full of them.

    Malaysia? 99 institutions in Malaysia offering Computer Science and IT …114 Computer Science and IT Courses in Malaysia, Malaysia University Of Science And Technology … Here are the top 25 Lecturer profiles – those are what one gets after clicking “State of Malaysian computer technology and 6 pages of links. No article that explains at what stage we are in now, when we can have our own cyber war capability. Maybe secret, but if any one can throw some light in here, would greatly appreciate it.

  4. This is a much desired kind of cyber warfare capability, as reported by Reuters on Apr 8, 2013 – after U.S. intelligence officials warned that cyber attacks have supplanted terrorism as the top threat to the US:

    Six U.S. Air Force cyber capabilities designated “weapons”

    The U.S. Air Force has designated six cyber tools as weapons .. the Air Force is also working to better integrate cyber capabilities with other weapons in the face of escalating cyber attacks by China, Russia, Iran and others.

    The United States and Israel are widely believed to have developed the Stuxnet computer virus that was used to attack an Iranian uranium enrichment facility, the first publicly known example of a virus being used to attack industrial machinery.

    Some people say developing viruses may be more important as having nuclear weapons.

  5. This illustrates further the importance of hacking in cyber warfare – wasn’t this the sort of things they talked about during Ronald Reagan’s Star Wars programme?

    Hacking Nuclear Command and Control – International …
    icnnd.org/documents/jason_fritz_hacking_nc2.doc

    This research paper has been commissioned by the International Commission on Nuclear Non-proliferation and Disarmament, but reflects the views of the author and should not be construed as necessarily reflecting the views of the Commission.

    Hacking Nuclear Command and Control

    Executive Summary

    This paper will analyse the threat of cyber terrorism in regard to nuclear weapons. Specifically, this research will use open source knowledge to identify the structure of nuclear command and control centres, how those structures might be compromised through computer network operations, and how doing so would fit within established cyber terrorists’ capabilities, strategies, and tactics.

    If access to command and control centres is obtained, terrorists could fake or actually cause one nuclear-armed state to attack another, thus provoking a nuclear response from another nuclear power. This may be an easier alternative for terrorist groups than building or acquiring a nuclear weapon or dirty bomb themselves.

    This would also act as a force equaliser, and provide terrorists with the asymmetric benefits of high speed, removal of geographical distance, and a relatively low cost. Continuing difficulties in developing computer tracking technologies which could trace the identity of intruders, and difficulties in establishing an internationally agreed upon legal framework to guide responses to computer network operations, point towards an inherent weakness in using computer networks to manage nuclear weaponry. This is particularly relevant to reducing the hair trigger posture of existing nuclear arsenals.
    ————-

    Yes, a small country may have a huge power if it excels in the above-stated capability. Indeed, not even a country, a band of terrorists can have that power, as suggested above.

    It gives an eerie feeling, doesn’t it?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: