China's Cyber-War Software Possibly Leaked in a Documentary

By Fahmida Y. Rashid  |  Posted 2011-08-22

A military documentary broadcast in China appears to have some screenshots of what may be software designed for cyber-warfare attacking a server in the United States.

The Epoch Times, a publication founded by members of the Falun Gong, a religious organization banned in China, first noticed the software in the video clip. The software has a button labeled "Attack" and a menu labeled "Select Attack Destinations" with several Falun Gong Websites as preset targets, the New York-based paper reported.

The documentary initially appears to be fairly standard fare about the risks of cyber warfare, Mikko H. Hypponen, chief research officer at F-Secure, wrote in a blog post. However, the camera footage also showed actual attacks being launched against a United States target, which was "highly unusual," Hypponen said. The documentary shows someone choosing the IP address, associated with the University of Alabama in Birmingham, Ala., to attack.

The University said the address had been inactive for several years and had been associated with a Website run by a university student who was also a member of the Falun Gong.

"The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it," Hypponen said.

What kind of an attack the software is launching remains unclear. The software is reminiscent of the Low Orbit Ion Cannon tool used by Anonymous to launch distributed denial of service attacks against online targets. Many legitimate penetration testing tools also launch certain types of exploits and attacks at IP addresses.

There have been accusations that the Chinese government has endorsed or sponsored cyberattacks against the U.S. and U.S. companies, which the Chinese have steadfastly denied. According to the Epoch Times, the software in the documentary was built by Information Engineering University of China's People's Liberation Army, constituting "direct evidence" that the PLA was engaged in cyber-attacks against a Chinese dissident group.

The documentary, "Military Technology: Internet Storm is Coming," aired on July 17 and is available on YouTube and on the CCTV Website. A number of other sites, including the F-Secure blog, now have the clip. The screenshots appear for six seconds.

Updated with Mikko Hypponen's comments Aug. 23

Rocket Fuel