In a routine thats become as regular as the waxing moon, China has once again denounced charges that the Peoples Liberation Army has been engaged in hostile hacking of government sites—in this case, a Pentagon network—calling the charges “wild accusations” that smack of Cold War mentality.
“The Chinese government has all along [been] opposed to and cracked down upon any cyber crimes undermining the computer network including hacking, according to law,” Foreign Ministry Spokesperson Jiang Yu said during a press conference on Sept. 4. “… Some people make wild accusations against China, suggesting that the PLA made cyber-raid against the Pentagon. This is totally groundless and a reflection of Cold War mentality.”
The Financial Times on Sept. 3 reported that the PLA had penetrated a Pentagon network in June in what current and former government officials are calling “the most successful cyber attack on the US [defense] department.”
The Financial Times went on to report that the Pentagon acknowledged shutting down part of a computer system serving the office of Defense Secretary Robert Gates but then declined to point fingers at who might be behind the attack. The Financial Times did cite officials whove said that an internal investigation has traced the attack back to the PLA, however.
Jian Yu on Aug. 27 rejected German media reports that German government computers had been attacked by Chinese operators. Angela Merkel, Germanys chancellor, had earlier in the month brought up the issue in a meeting with Wen Jiabao, Chinas premier of the State Council, during a visit to Beijing.
“The Chinese Government has always [been] opposed to and forbidden any criminal acts undermining computer systems including hacking. We have explicit laws and regulations in this regard,” Jian Yu said at the time. “Hacking is an international issue and China is also a frequent victim. China has established a sound mechanism of cooperation with many countries in jointly countering Internet crimes. China is willing to cooperate with Germany in this regard.”
The Department of Defense has long been tracking the PLA as a potent cyber-threat. According to the DODs annual report to Congress on Chinas military power, the PLA has established tactics to protect its own computer systems and networks and those of friendly states. Since 2005, the PLA has been including offensive network attacks into its exercises, “primarily in first strikes against enemy networks,” according to the report.
The Chinese military is also preparing for electronic warfare by setting up information warfare units that are developing viruses to attack enemy computers and networks, according to the DODs most recent findings.
Chinas military is looking to establish what it calls “electromagnetic dominance” early in a conflict, specifically by launching electronic warfare against an enemys information systems on the battlefield, the DOD says. Beyond computer viruses, the PLA is investing in other electronic countermeasures, including electronic and infrared decoys, angle reflectors and false target generators.
Of course, Chinas cyber espionage dates back even further. Ira Winkler, a former NSA (National Security Agency) analyst and former director of technology with the National Computer Security Association, told eWEEK back when the DOD report came out that China has had cyber security squads for at least a decade. Russia, for its part, has been at it for decades, and North Korea has had this type of behavior attributed to it as well, he said.
Read more here about why Chinas IT development has currency.
China has ample resources to lavish on the effort, both in terms of gathering intelligence against the United States as a whole, as well as in military preparation.
“They have hundreds of people simultaneously working on this,” Winkler said at the time. “Just by sheer numbers of people they have the largest agencies in world: cyber agencies, intelligence agencies, [etc.]”
Titan Rain—the U.S. governments former code name (the current code name is classified) for a set of coordinated attacks against the countrys computer systems that were attributed to China and which were believed to have been first executed in 2003—is one example of Chinas ongoing computer espionage program. (For more on Titan Rain, Time has an in-depth article here.)
Chinese hackers over that time period broke into U.S. computer networks including those of Lockheed Martin, Sandia National Laboratories and NASA. Winkler said that China devoted 10-12 hackers to the project, 24/7, as the PLA attempted to find systems that might have valuable information “in any way, shape or form.”
“They systematically access a system and suck up information as quickly as possible,” he said. “They have it down to a science. In 20 minutes they can get into a system, suck up information and be out of there. Its been going on for years at this time. Theyve probably broken into tens of thousands of systems theyve sucked clean.”
Those hackers didnt get into Sandia Labs, U.S. Army systems and other military contractors systems because theyre brilliant, Winkler said. Rather, cyber espionage such as this is mostly enabled by Chinese hackers practice of being extremely methodical. Their success is also enabled by “incredibly poor security on the part of victims,” Winkler said. “Most computer attack is based on poor security rather than the genius of an attacker,” he said.
But why would the PLA want to take down the Pentagons network? It wouldnt.
Rather, the reason to get into the departments network would more likely be to plant tracking software on systems the PLA has broken into, in order to increase their intelligence-gathering capabilities, Winkler said in an earlier conversation.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.