Defense News
11/10/2011
China's PLA
Involved in Cyber Espionage: Report
By WENDELL MINNICK
TAIPEI - For the
first time, a new report details China's signals intelligence (SIGINT)
organization, including what role the People's Liberation Army (PLA) has in
cyber intelligence collection.
The report, "The
Chinese People's Liberation Army Signal Intelligence and Cyber Reconnaissance
Infrastructure," by Mark Stokes and Jenny Lin of the Project 2049
Institute, Arlington, Va., provides the first overview of the PLA General Staff
Department's Third Department, China's premier cryptologic service responsible
for signals and cyber intelligence collection.
The Third Department
is comparable to the U.S. National Security Agency and appears to be
diversifying its traditional SIGINT mission to include cyber surveillance, also
known as computer network exploitation (CNE), the report said.
The Third
Department's Seventh Bureau (61580 Unit) is responsible for CNE. Headquartered
in Beijing, the bureau's engineers specialize in computer network defense and
attack, and have conducted joint studies with the PLA Information Engineering
Academy Computer Network Attack and Defense Section. The bureau has been known
to conduct research outlining U.S. network-centric warfare and dense
wavelength-division multiplexing.
CNE also is conducted
by the Technical Reconnaissance Bureaus (TRB), Stokes said: "A senior
engineer from the Hainan office was granted awards for network-related work,
including possible surveillance of Voice over Internet Protocol."
The Chengdu Military
Region's 1st Technical Reconnaissance Bureau also may be involved in cyber
surveillance.
The degree of control
that the Third Department exercises over the Technical Reconnaissance Bureau
bureaucracies of the country's seven military regions is unknown, but Third
Department's resources dedicated to high-performance computing and its large
arsenal of skilled linguists could comprise China's cryptologic
"A-Team."
"The combination
of SIGINT and CNE, for example, fusing transcripts of phone conversations with
intercepted email exchanges, would enable a powerful understanding of plans,
capabilities, and activities of an organization or individual in near real
time," Stokes said.
China could be
cracking down on its own cyber warfare activities. Lt. Gen. Wu Guohua, who
directed the Third Department from 2005 to 2010, allegedly was transferred out
due to unauthorized cyber attacks.
"If true, it
appears that senior civilian leaders could have some understanding of the political
damage caused by overt, hostile network penetration," Stokes said.
Another possible
reason for the dismissal could be that the Third Department overstepped its
area of responsibility. It is possible the PLA has consolidated computer and
network attack missions with electronic warfare into an "integrated
Network electronic warfare" activity under the Fourth Department,
responsible for electronic countermeasures, said Desmond Ball, a SIGINT and
cyber warfare specialist at the Australian National University's Strategic and
Defence Studies Centre.
"Use of the
doctrinal concept of 'integrated network and electronic warfare' implies an
attempt to link computer network attack and jamming," Stokes said.
Both the Third and
Fourth Departments are said to jointly manage a network attack and defense
training system.
Though the U.S.
continues to blame China for alleged intrusions into U.S. government and
defense industry computer networks, the Chinese believe the U.S. is the
attacker.
"Chinese
analysts believe that the United States is already carrying out extensive CNE
activities against Chinese servers," Stokes said. "Therefore, from
the Chinese perspective, defending computer networks must be the highest
priority in peacetime."
Ball points to
massive internal problems with malicious hackers and possible intrusions from
foreign governments. Chinese officials have said that China is the biggest
victim of network hacking.
The Beijing-based
National Computer Network Emergency Response Technical Coordination Center
released a report in March claiming that more than 4,600 Chinese government
websites had their content modified by hackers in 2010, an increase of 68
percent over the previous year, Ball said. An incident in 2000 involving a
series of high-technology combat exercises by the PLA was suspended when a
computer hacker attacked the military's network.
No comments:
Post a Comment