Chinas military is preparing for electronic warfare by setting up information warfare units that are developing viruses to attack enemy computers and networks, according to the Department of Defenses annual report to Congress.
According to the DoD, the PLA (Peoples Liberation Army) has also established tactics to protect its own computer systems and networks and those of friendly states. Since 2005, the PLA has been including offensive network attacks into its exercises, “primarily in first strikes against enemy networks,” according to the report.
Chinas military is looking to establish what it calls “electromagnetic dominance” early in a conflict, specifically by launching electronic warfare against an enemys information systems on the battlefield, the DoD said.
Beyond computer viruses, the PLA is investing in other electronic countermeasures, including electronic and infrared decoys, angle reflectors and false target generators.
Chinas foreign ministry spokesperson Jiang Yu denounced the DoDs report, saying that it exaggerates Chinas military strength and expenses “out of ulterior motives.”
“As a peace-loving country, China steadfastly follows a road of peaceful development, adopting a national defense policy that is defensive in nature,” she said.
“Each sovereign state has the right and obligation to develop necessary national defense strength to safeguard its national security and territorial integrity. It is totally erroneous and invalid for the U.S. Report to play up the so-called China Threat.”
The DoD views Taiwan and the Taiwan Strait as being the likeliest arena for military confrontation and credits Chinas focus on that country for its recent efforts to modernize its military planning.
“Chinas near-term focus on preparing for military contingencies in the Taiwan Strait, including the possibility of U.S. intervention, appears to be an important driver of its modernization plans,” the report states.
In response to that particular view, Yu called Taiwan an “inalienable part of the Chinese territory.”
“China resolutely opposes interference in Chinas internal affairs by any country with whatever manifestation,” she said. “… We will never tolerate the Taiwan Independence or any attempt by anyone to separate Taiwan from China by whatever means.”
At any rate, Chinas cyber-espionage is nothing new. Ira Winkler—author of “Zen and the Art of Information Security,” former NSA (National Security Agency) analyst, former director of technology with the National Computer Security Association and current president of the Internet Security Advisors Group—said in an interview with eWEEK that Russia has had cyber-security squads for decades and that China has been at it for at least a decade. North Korea has had this type of behavior attributed to it as well.
“As far as a potential military adversary goes, China is clearly ranked second behind Russia with regards to capability,” he said. “We have lots of little adversaries all over the place, but nobody offers more of a strategic threat than [Russia].”
What China has, Winkler said, is sheer resources to lavish on the effort, both in terms of gathering intelligence against the United States as a whole, as well as in military preparation.
“They have hundreds of people simultaneously working on this,” he said. “Just by sheer numbers of people they have the largest agencies in the world: cyber agencies, intelligence agencies, [etc.]”
Titan Rain—the U.S. governments former code name (the current code name is classified) for a set of coordinated attacks against the countrys computer systems that were attributed to China and which were believed to have been first executed in 2003—is one example of Chinas ongoing computer espionage program. (For more on Titan Rain, Time has an in-depth article here.)
Chinese hackers over that time period broke into U.S. computer networks including those of Lockheed Martin, Sandia National Laboratories and NASA. Winkler said that China devoted 10-12 hackers to the project, 24×7, as the PLA attempted to find systems that might have valuable information “in any way, shape or form.”
“They systematically access a system and suck up information as quickly as possible,” he said. “They have it down to a science: In 20 minutes they can get into a system, suck up information and be out of there. Its been going on for years at this time. Theyve probably broken into tens of thousands of systems theyve sucked clean.”
Those hackers didnt get into Sandia Labs, U.S. Army systems and other military contractors systems because theyre brilliant, Winkler said. Rather, cyber-espionage such as this is mostly enabled by Chinese hackers practice of being extremely methodical.
Their success also comes from “incredibly poor security on the part of victims,” Winkler said. “Most computer attacks are based on poor security rather than the genius of an attacker,” he said.
As far as spreading malware as a part of electronic warfare goes, it would make sense for the PLA to plant tracking software on systems theyve broken into, in order to increase their intelligence-gathering capabilities. As far as spreading viruses goes, though, Winkler said its nothing hed lose sleep over.
“Generic viruses, thats something that frankly I would say its not something you want to rely on, and it could be dangerous to do that. If you start spreading viruses, they could come back and hurt you,” he said. “Thereve been so many cases of viruses that have backfired. Some have attempted to help people and have had the opposite effect.”
China, which is technologically behind the United States, may not rely on the Internet as much as this country, but taking it down still wouldnt make much sense and likely wouldnt work, given the resiliency its shown.
“Things go wrong on the Internet on a daily basis, but we survive. If Chinas wasting all their efforts on cyber-intelligence or relying on [electronic warfare preparations], it makes me very happy. As opposed to thinking of more damaging [tactics],” Winkler said.
“Frankly, they have ballistics weapons capabilities and a whole bunch of things. Im much more concerned with a single nuclear weapon making it through. [And] wouldnt they get much more value from listening to the critical conversations than destroying [the Internet]? It would have more long-term strategic advantage.”
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.