Defense News
12/08/08
U.S. Report Accuses China of Cyber Warfare
By Wendell Minnick
TAIPEI — China is conducting cyber warfare against the United States, tempted by the dramatically high advantages that may be secured at relatively low cost, according to this year’s annual report to Congress by the U.S.-China Economic and Security Review Commission.
“China’s military strategists view the U.S.’ dependence on space assets and information technology as its ‘soft ribs and strategic weaknesses,’” said the November report, “2008 Report to Congress of the U.S.-China Economic and Security Review Commission.”
“These investments by China’s military potentially could provide it with an asymmetric capability enabling it to prevail in a conflict with U.S. forces,” the report said.
“Some of the penetrations are ‘network reconnaissance’ to find the nodes that are most important to exploit or attack in the event of conflict,’” commission Chairman Larry Wortzel said.
The Pentagon has reported a drastic increase in overall incidents of malicious cyber activity of 31 percent, from 30,215 in 2006 to 43,880 in 2007.
The report said several characteristics of cyber operations appeal to Beijing, including:
■ Lower cost than kinetic military operations and traditional espionage.
■ Difficulty pinpointing the origin of a cyberattack.
■ Ability to help win a war with Taiwan.
■ Lack of international legal frameworks allowing for an appropriate response to a cyber attack — in other words, “there is no clear consensus on when a cyber attack constitutes an act of war.”
■ And Beijing believes that “by cyber attacking U.S. logistics functions in the early buildup stages of a conflict, it can delay or disrupt U.S. forces moving to the theater,” the report said.
The attacks could go beyond the strictly military, it said.
“Since China’s current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts,” the report said. A successful attack could paralyze the United States.
“The Chinese have the most advanced cyber attack capability in the world. This is largely due to their ‘1,000 grains of sand approach,’” said Tom Kellermann, vice president of security awareness at Boston-based Core Security Technologies.
What this means, Kellerman said, is that rather than launching a major central network assault, the Chinese would deploy a huge number of subtle attacks, much like 1,000 sunbathers returning from the beach with a single grain of sand each, to infiltrate as many systems as possible with malicious software while remaining clandestine.
Cyber Thefts
The best example of China’s cyber espionage capabilities is 2002’s Titan Rain, a series of attacks that hit the U.S. Army Information Systems Engineering Command, the Naval Ocean Systems Center, the Missile Defense Agency and Sandia National Laboratories.
The report said the attacks allowed China to download 10 to 20 terabytes of data — up to twice the amount of data collected in the Library of Congress’ print collection.
U.S. officials later found that a “multitude of classified networks and government contractors had been backdoored by the Chinese,” Kellermann said.
The report alleges that China penetrated the computers of 10 prominent U.S. defense contractors in 2007.
In “the past couple of years alone, there have been network attacks and penetrations at the Bureau of Export Controls in the Department of Commerce, the Department of State, and even in Congress, attributed to China,” Wortzel said.
In 2005, Chinese hackers stole files on the NASA Mars Reconnaissance Orbiter, including information about the propulsion system, solar panels and fuel tanks, the report said. In the same year, the aviation mission planning system for Army helicopters and flight planning software used by the Army and Air Force were stolen from the Army Aviation and Missile Command at Redstone Arsenal, Ala., it said.
Hardware Kill Switches
The report also suggested that China’s military could lean on the manufacturers that make much of the U.S. military’s computer components to implant a “malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation.”
The report noted that hundreds of counterfeit routers made in China were discovered in 2007 being used throughout the Department of Defense.
“We suggested that Congress direct a review of the defense supply chain to ensure that we are getting trusted chips and software,” Wortzel said.
Recommendations
The commission made several recommendations to Congress, including the creation of an alliancebased approach to dealing with cyber attacks, and the establishment of a “military dialogue [with China] on its actions and programs in cyber and space warfare, including threat reduction mechanisms, transparency initiatives, and international laws of conflict as they apply to the cyber and space domains.”
The report sees vulnerabilities in the unclassified U.S. military network called the NIPRNet (Non-secure Internet Protocol Router Network).
“China can access the NIPRNet and views it as a significant Achilles’ heel and as an important target of its asymmetric capability,” the report said.
“The NIPRNet is vulnerable because it connects to the World Wide Web. While these connections allow it to access the Internet, they also provide an opportunity for unauthorized intrusions” that could allow China to steal information or plant crippling viruses.
The Pentagon is reducing the number of connections NIPRNet has with the Internet, now 17.
On top of government efforts to penetrate U.S. computers, there are also about 250 hacker groups in China “that are tolerated and may even be encouraged by the government to enter and disrupt computer networks.” Wortzel dismissed suggestions that the hackers are all private, independent groups.
“I do not find it credible that in a nation like China that devotes so much effort to controlling and tracking activities on the Internet, that these are simply individuals,” Wortzel said.
“The information extracted, such as military manuals, export control data, and information about emerging technologies, suggest to me that the intelligence or military intelligence services in the PRC [People’s Republic of China] are involved.”
Kellermann said there “exists a cyber espionage culture in China wherein the youth strive to gain access to sensitive foreign systems, and once achieved, they are subsequently rewarded by the regime.”
