Intelligence

China’s cyber army is preparing to march on America, says Pentagon

China’s cyber army is preparing to march on America, says Pentagon - Times Online

Tim Reid in Washington Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.

The blueprint for such an assault, drawn up by two hackers working for the
People’s Liberation Army (PLA), is part of an aggressive push by Beijing to
achieve “electronic dominance” over each of its global rivals by 2050,
particularly the US, Britain, Russia and South Korea.

China’s ambitions extend to crippling an enemy’s financial, military and
communications capabilities early in a conflict, according to military
documents and generals’ speeches that are being analysed by US intelligence
officials. Describing what is in effect a new arms race, a Pentagon
assessment states that China’s military regards offensive computer
operations as “critical to seize the initiative” in the first stage of a war.

The plan to cripple the US aircraft carrier battle groups was authored by two
PLA air force officials, Sun Yiming and Yang Liping. It also emerged this
week that the Chinese military hacked into the US Defence Secretary’s
computer system in June; have regularly penetrated computers in at least 10
Whitehall departments, including military files, and infiltrated German
government systems this year.

Cyber attacks by China have become so frequent and aggressive that President
Bush, without referring directly to Beijing, said this week that “a lot of
our systems are vulnerable to attack”. He indicated that he would raise the
subject with Hu Jintao, the Chinese President, when they met in Sydney at
the Apec summit. Mr Hu denied that China was responsible for the attack on
Robert Gates, the US Defence Secretary.

Larry M. Wortzel, the author of the US Army War College report, said: “The
thing that should give us pause is that in many Chinese military manuals
they identify the US as the country they are most likely to go to war with.
They are moving very rapidly to master this new form of warfare.” The two
PLA hackers produced a “virtual guidebook for electronic warfare and
jamming” after studying dozens of US and Nato manuals on military tactics,
according to the document.

The Pentagon logged more than 79,000 attempted intrusions in 2005. About 1,300
were successful, including the penetration of computers linked to the Army’s
101st and 82nd Airborne Divisions and the 4th Infantry Division. In August
and September of that year Chinese hackers penetrated US State Department
computers in several parts of the world. Hundreds of computers had to be
replaced or taken offline for months. Chinese hackers also disrupted the US
Naval War College’s network in November, forcing the college to shut down
its computer systems for several weeks. The Pentagon uses more than 5
million computers on 100,000 networks in 65 countries.

Jim Melnick, a recently retired Pentagon computer network analyst, told The
Times that the Chinese military holds hacking competitions to identify and
recruit talented members for its cyber army.

He described a competition held two years ago in Sichuan province, southwest
China. The winner now uses a cyber nom de guerre, Wicked Rose. He went on
to set up a hacking business that penetrated computers at a defence
contractor for US aerospace. Mr Melnick said that the PLA probably
outsourced its hacking efforts to such individuals. “These guys are very
good,” he said. “We don’t know for sure that Wicked Rose and people like him
work for the PLA. But it seems logical. And it also allows the Chinese
leadership to have plausible deniability.”

In February a massive cyber attack on Estonia by Russian hackers demonstrated
how potentially catastrophic a preemptive strike could be on a developed
nation. Pro-Russian hackers attacked numerous sites to protest against the
controversial removal in Estonia of a Russian memorial to victims of the
Second World War. The attacks brought down government websites, a major bank
and telephone networks.

Linton Wells, the chief computer networks official at the Pentagon, said that
the Estonia attacks “may well turn out to be a watershed in terms of
widespread awareness of the vulnerability of modern society”.

After the attacks, computer security experts from Nato, the EU, US and Israel
arrived in the capital, Tallinn, to study its effects.

Sami Saydjari, who has been working on cyber defence systems for the Pentagon
since the 1980s, told Congress in testimony on April 25 that a mass cyber
attack could leave 70 per cent of the US without electrical power for six
months.

He told The Times that all major nations – including China – were scrambling
to defend against, and working out ways to cause, “maximum strategic damage”
by taking out banking systems, power grids and communications networks. He
said that there were at least a thousand attempted attacks every hour on
American computers. “China is aggressive in this,” he said.

Programmed to attack

Malware: a “Trojan horse” programme, which hides a “malicious code”
behind an innocent document, can collect usernames and passwords for e-mail
accounts. It can download programmes and relay attacks against other
computers. An infected computer can be controlled by the attacker and
directed to carry out functions normally available only to the system owner.

Hacking: increasingly a method of attack used by countries determined
to use electronic means to gain access to secrets. Government computers in
Britain have a network intrusion detection system, which monitors traffic
and alerts officials to “misuse or anomalous behaviour”.

Botnets: compromised networks that an attacker can exploit. Deliberate
programming errors in software can easily pass undetected. Attackers can
exploit the errors to take control of a computer. Botnets can be used for
stealing information or to collect credit card numbers by “sniffing” or
logging the strokes of a victim’s keyboard.

Keystroke loggers: they record the sequence of key strokes that a user
types in. Logging devices can be fitted inside the computer itself.

Denial of service attacks: overloading a computer system so that it can
no longer function. This is the method allegedly used by the Russians to
disrupt the Estonian government computers in May.

Phishing and spoofing: designed to trick an organisation’s customers
into imparting confidential information such as passwords, personal data or
banking details. Those using this method impersonate a “trusted source” such
as a bank or IT helpdesk to persuade the victim to hand over confidential
information. (Michael Evans)

September 8, 2007 at 12:33 PM in China | Permalink | Top of page | Blog Home