25 August 2011

Tania Branigan, The Guardian: “Chinese TV Programme Shows Apparent Cyber-Attack on US Website”

Tania Branigan, Chinese TV Programme Shows Apparent Cyber-Attack on US Website,” The Guardian, 25 August 2011.

Footage that appears to feature army-labelled software raises questions about China’s denials of involvement in hacking

China’s state broadcaster has shown footage apparently featuring army-labelled software for attacking US-based websites, security experts say.

Beijing has consistently denied being behind cyber-attacks, insisting that it plays no part in hacking and is itself a victim.

The analysts cautioned that the six-second clip could be a mock-up by the broadcaster, CCTV, and that, if genuine, it was probably around 10 years old. …

The footage CCTV showed was part of a cybersecurity documentary screened on its military channel last month – and removed from its website after US security analysts wrote about it. …

The security-focused China SignPost site suggested the footage, if genuine, was likely to be more than a decade old because the method was so basic and because there were several such attacks on Falun Gong sites in 1999 and 2000.

Dr Andrew Erickson, an associate professor at the US Naval War College’s China Maritime Studies Institute, and Gabe Collins, a commodity and security specialist, wrote: “It appeared to show dated computer screenshots of a Chinese military institute conducting a rudimentary type of cyber-attack against a United States-based dissident entity. However modest, ambiguous — and, from China’s perspective, defensive — this is possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing’s official claims never to engage in overseas hacking of any kind for government purposes.”

Asked if the footage had been mocked up, CCTV 7 said it did not respond to queries from foreign media. CCTV has been caught using misleading footage in the past – memorably in January, when shots from the movie Top Gun were inserted into a news report about PLA training exercises.

The foreign ministry in Beijing did not reply to queries.

The Washington Post said Wang Baodong, a spokesman for the Chinese embassy in Washington, declined to comment on the video but added: “It’s no secret that Falun Gong and its subordinate institutions have been intensifying their subversive efforts against China in cyberspace. And China has every legitimate right to take action against such harmful activities to defend its national security interests.” …

For full text of the report quoted and referenced here, see Andrew Erickson and Gabe Collins, “A Smoking Cursor? New Window Opens on China’s Potential Cyberwarfare Development: CCTV 7 program raises new questions about Beijing’s support for hacking,” China SignPost™ (洞察中国), No. 46 (24 August 2011).

Also, the U.S. Department of Defense has just released the following content regarding PRC cyberwarfare capabilities:

Military and Security Developments Involving the People’s Republic of China 2011

pp. 5-6

Cyberwarfare Capabilities. In 2010, numerous computer systems around the world, including those owned by the U.S. Government, were the target of intrusions, some of which appear to have originated within the PRC. These intrusions were focused on exfiltrating information. Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks. China’s 2010 Defense White Paper notes China’s own concern over foreign cyberwarfare efforts and highlighted the importance of cyber-security in China’s national defense.

Cyberwarfare capabilities could serve PRC military operations in three key areas. First and foremost, they allow data collection through exfiltration. Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities. Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.

Developing capabilities for cyberwarfare is consistent with authoritative PLA military writings. Two military doctrinal writings, Science of Strategy, and Science of Campaigns identify information warfare (IW) as integral to achieving information superiority and an effective means for countering a stronger foe. Although neither document identifies the specific criteria for employing computer network attack against an adversary, both advocate developing capabilities to compete in this medium.

The Science of Strategy and Science of Campaigns detail the effectiveness of IW and computer network operations in conflicts and advocate targeting adversary command and control and logistics networks to impact their ability to operate during the early stages of conflict. As the Science of Strategy explains, “In the information war, the command and control system is the heart of information collection, control, and application on the battlefield. It is also the nerve center of the entire battlefield.”

In parallel with its military preparations, China has increased diplomatic engagement and advocacy in multilateral and international forums where cyber issues are discussed and debated. Beijing’s agenda is frequently in line with the Russian Federation’s efforts to promote more international control over cyber activities. China has not yet agreed with the U.S. position that existing mechanisms, such as International Humanitarian Law and the Law of Armed Conflict, apply in cyberspace. China’s thinking in this area is evolving as it becomes more engaged.