China set up a specialized online "Blue Army" unit that it claims will protect the People's Liberation Army from outside attacks, prompting fears that the crack team was being used to infiltrate foreign governments' systems.

At a rare briefing, China's defense ministry spokesman, Geng Yansheng, announced that the 30-strong team was formed to improve the military's security, the Beijing News reported Thursday.

When a reporter asked if the Blue Army was set up in order to launch cyber attacks on other countries, Geng said that internet security was an international issue that impacted not only society but also the military field, adding that China was also a victim of cyber attacks and that the country's network security was currently relatively weak.

Read more: http://www.foxnews.com/scitech/2011/05/26/china-confirms-existence-blue-army-elite-cyber-warfare-outfit/#ixzz1NYQBORDc

See also
http://council.smallwarsjournal.com/showthread.php?t=5775

and
http://council.smallwarsjournal.com/showthread.php?t=2776

In PLA terminology, "Blue Army" units are typically OPFOR units. There are "Blue Army" Armored Brigades, fighter squadrons, etc.

Neil

SAN FRANCISCO (AP) — Google Inc. is blaming computer hackers in China for a high-tech ruse that broke into the personal Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists.

The breach announced Wednesday marks the second time in 17 months that Google has publicly identified China as the home base for a scheme aimed at hijacking information stored on Google's vast network of computers.


Google traced the origin of the attacks to Jinan, China. That's the home city of a military vocational school whose computers were linked to the assault more than a year ago on Google's computer systems, along with those of more than 20 other U.S. companies.

http://www.nytimes.com/aponline/2011/06/01/technology/AP-US-TEC-Google-Hacking-Attack.html?_r=1&hp

Top military contractor Northrop Grumman Corp. may have been hit by a cyber assault, the latest in a string of alarming attacks against military suppliers, a source within the company told FoxNews.com.

Lockheed Martin said its network had been compromised last week, and defense contractor L-3 Communications was targeted recently, as well. Both intrusions involved the use of remote-access security tokens, experts say.

On May 26, Northrop Grumman shut down remote access to its network without warning -- catching even senior managers by surprise and leading to speculation that a similar breach had occurred.

Read more: http://www.foxnews.com/scitech/2011/05/31/northrop-grumman-hit-cyber-attack-source-says/#ixzz1OA7QbVf1

BEIJING (Reuters) - China must boost its cyber-warfare strength to counter a Pentagon push, the country's top military newspaper said on Thursday after weeks of friction over accusations that Beijing may have launched a string of Internet hacking attacks.

The accusations against China have centered on an intrusion into the security networks of Lockheed Martin Corp and other U.S. military contractors, and deceptions intended to gain access to the Google e-mail accounts of U.S. officials and Chinese human rights advocates.

But the official newspaper of the People's Liberation Army said it was Beijing that was vulnerable to attack, in a news report that surveyed the Pentagon's efforts in cyber security.

http://ca.news.yahoo.com/china-military-paper-urges-steps-against-u-cyber-105425374.html

From 2009

TORONTO — A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded.
In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved.


Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China’s government was involved. The spying could be a nonstate, for-profit operation, for example, or one run by private citizens in China known as “patriotic hackers.”

http://www.nytimes.com/2009/03/29/technology/29spy.html

There is no cyber warfare taking place between China and the United States, a senior Chinese official said on Wednesday, after weeks of friction over accusations that China may have launched a string of Internet hacking attacks.

The two countries might suffer from cyberattacks, but they were in no way directed by either government, Vice Foreign Minister Cui Tiankai told a small group of foreign reporters ahead of a meeting with U.S. officials in Hawaii this weekend.

Read more: http://www.foxnews.com/scitech/2011/06/22/no-cyber-warfare-between-us-and-china-chinese-official-says/#ixzz1Q2EpD58B

Heh.


The Indian government has put Chinese mobile giant Huawei in charge of inspecting imported smartphone equipment for secret spyware. But who's spying on whom?

http://www.fastcompany.com/1763715/india-turns-to-china-to-fight-cyberspies

This ought to be interesting -


The new desktop tools expand on the Google Diggity and Bing Diggity Web tools that they released in 2010. Additionally, Stach and Liu are expanding their search hacking tools to Chinese search engine Baidu.

"Baidu is the largest search engine used by people in China and it's the best indexer of Chinese websites," Brown said. "So if you're a U.S. government employee that is inclined to find vulnerabilities in China, this should be your tool."

Brown noted that in a sample scan he found thousands of MySQL error messages in Chinese government websites. Those MySQL errors could potentially be indicative of SQL Injection vulnerabilities that might be exploitable.

"So we can hack China back," Brown said.

http://www.esecurityplanet.com/features/article.php/3938096/Black-Hat-Google-Hacking-Goes-After-China.htm

China suspected in cyber attacks on U.S. satellites (http://smallwarsjournal.com/blog/china-suspected-in-cyber-attacks-on-us-satellites)

Entry Excerpt:



--------
Read the full post (http://smallwarsjournal.com/blog/china-suspected-in-cyber-attacks-on-us-satellites) and make any comments at the SWJ Blog (http://smallwarsjournal.com/blog).
This forum is a feed only and is closed to user comments.

In the event of hostilities, a marketing apparatus like this can be turned into an instant Agitprop unit.


In China, paid posters are known as the Internet Water Army because they are ready and willing to 'flood' the internet for whoever is willing to pay. The flood can consist of comments, gossip and information (or disinformation) and there seems to be plenty of demand for this army's services.

This is an insidious tide. Positive recommendations can make a huge difference to a product's sales but can equally drive a competitor out of the market. When companies spend millions launching new goods and services, it's easy to understand why they might want to use every tool at their disposal to achieve success.

The loser in all this is the consumer who is conned into making a purchase decision based on false premises. And for the moment, consumers have little legal redress or even ways to spot the practice.

Today, Cheng Chen at the University of Victoria in Canada and a few pals describe how Cheng worked undercover as a paid poster on Chinese websites to understand how the Internet Water Army works. He and his friends then used what he learnt to create software that can spot paid posters automatically.

http://www.technologyreview.com/blog/arxiv/27357/?p1=blogs

The New York Times reported Wednesday that the paper has been the subject of a sophisticated attack by Chinese hackers for the last four months, following its reporting on the private wealth of China’s prime minister Wen Jiabao. The story offers a rare and detailed post-mortem of what appears to be the work of a team of well-trained infiltrators who systematically and stealthily gained access to and collected the news outfit’s private information as the paper dug into a subject perceived as highly sensitive by the Chinese government.

One fact, however, will be of particular concern to the world’s largest antivirus firm, Symantec: Out of the 45 different pieces of malware planted on the Times‘ systems over the course of three months, just one of those programs was spotted by the Symantec antivirus software the Times used, according to Mandiant, the data breach response firm hired by the Times. The other 44 were only found in Mandiant’s post-breach investigation months later, according to the Times‘ report.
http://www.forbes.com/sites/andygreenberg/2013/01/31/symantec-gets-a-black-eye-in-chinese-hack-of-new-york-times/



SAN FRANCISCO — For the last four months, Chinese hackers have persistently attacked The New York Times, infiltrating its computer systems and getting passwords for its reporters and other employees.
http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html?_r=1&

AdamG:

Thank you for posting these.

How do you think this thing between Red China and the US will eventually play out?

Is there a "thing" that is "between China and the US"? What thing is it?

Don't be coy Dayuhan, it's obvious from the context of the thread.

China wants to 'be' the United States (without killing the golden goose element of our economy..yet).

At the current rate, all Beijing has to do is stand back and let us collapse under our own stupidity.

If they can give us a push in the right direction without leaving any fingerprints, they will.

Pax Americana Delende Est

I see nothing in the context of the thread to suggest a situation that's "between China and the US".

China seems to me far more likely to collapse under the weight of internal issues than the US: their internal issues dwarf ours.

China wants to 'be' the United States (without killing the golden goose element of our economy..yet).

At the current rate, all Beijing has to do is stand back and let us collapse under our own stupidity.

If they can give us a push in the right direction without leaving any fingerprints, they will.

Pax Americana Delende Est

A lot said with few words. Good job.

I see nothing in the context of the thread to suggest a situation that's "between China and the US".

China seems to me far more likely to collapse under the weight of internal issues than the US: their internal issues dwarf ours.

Objectively this is true.

But putting countries into boxes labeled BLUFOR and OPFOR is far simpler and more emotionally gratifying, even if it obfuscates the reality of the situation.

Aside from that, we love to be the scrappy underdog. It's individual psychological payoffs that lead people to think about US-Chinese relations in these distorted terms. That kind of calculus can be maddeningly difficult, and sometimes impossible, to alter.

putting countries into boxes labeled BLUFOR and OPFOR is far simpler and more emotionally gratifying, even if it obfuscates the reality of the situation.

Aside from that, we love to be the scrappy underdog. It's individual psychological payoffs that lead people to think about US-Chinese relations in these distorted terms. That kind of calculus can be maddeningly difficult, and sometimes impossible, to alter.

A lot said with few words. Good job. :wry:

A lot said with few words. Good job. :wry:

Never any shame in stealing from the best.

"Nevermind" - Emily Littela

Google Chairman Eric Schmidt uses a new book to call China an Internet menace that backs cyber-crime for economic and political gain, reports say. The New Digital Age - due for release in April - reportedly brands China "the world's most active and enthusiastic filterer of information".

http://www.bbc.co.uk/news/technology-21307212

A detective story, not Sherlock Holmes or CSI, that finally talks to the suspect, who works for the, read on:http://mobile.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked

One of the investigators in the article David linked to hopes that if enough investigations that lead back to the Red Chinese government are made public, they will 'fess up and admit what they have been doing. He doesn't know if they will stop but figures it might make it harder.

Naivete like that isn't going to stop this. Hoods don't care if everybody knows what they do as long as nobody stops them. Public knowledge is taken care of by a sincere outraged denial. Hoods have that down pat.

I think there is a ruthlessness gap here.

Naivete like that isn't going to stop this. Hoods don't care if everybody knows what they do as long as nobody stops them.

Just out of curiosity, how would you propose to stop them?

Just out of curiosity, how would you propose to stop them?
What would Bill Casey do?

Just out of curiosity, how would you propose to stop them?

How do you normally stop hoods?

(comment containing words such as panic, hysteria, unrealistic, nuance, realistically, subtleties, unwarranted fears etc. is sure to follow.)

What would Bill Casey do?

I don't know, why don't you ask him and tell us what he says?


How do you normally stop hoods?

If they're doing something illegal, you call the cops and have them stopped. I'm not sure how applicable that is to China's internet activities. Who you gonna call?

If the hoods are doing something immediately threatening and there are no cops, you could try to stop them yourself, which brings you right back to the original question... how do you propose to stop them?

I don't know, why don't you ask him and tell us what he says?

https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/96unclass/farewell.htm
(https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/96unclass/farewell.htm)

http://www.nytimes.com/2004/02/02/opinion/the-farewell-dossier.html

The technology topping the Soviets' wish list was for computer control systems to automate the operation of the new trans-Siberian gas pipeline. When we turned down their overt purchase order, the K.G.B. sent a covert agent into a Canadian company to steal the software; tipped off by Farewell, we added what geeks call a ''Trojan Horse'' to the pirated product.

''The pipeline software that was to run the pumps, turbines and valves was programmed to go haywire,'' writes Reed, ''to reset pump speeds and valve settings to produce pressures far beyond those acceptable to the pipeline joints and welds. The result was the most monumental non-nuclear explosion and fire ever seen from space.''

If the hoods are doing something immediately threatening and there are no cops, you could try to stop them yourself,...

How do you stop them yourself?

Bourbon:

The CIA doc you linked to was very interesting and contained this passage.


On 17 January 1983, to define his policy for political, military, and economic relations with the USSR, Reagan approved National Security Decision Directive (NSDD) 75, U. S. Relations with the USSR, a document spelling out purposes, themes, and strategy for competing in the Cold War. It specified three policy elements: containment and reversal of Soviet expansionism, promotion of change in the internal system to reduce the power of the ruling elite, and engagement in negotiations and agreements that would enhance US interests.

That strategy seems as if it would be a very appropriate one to apply toward Red China today. Hell, reducing the power of the ruling elite would be downright humanitarian.

How do you stop them yourself?

That's the question I asked you. It seemed relevant, since you were the one discussing stopping them.

For me it would depend entirely on what you want them to stop doing, how badly you want them to stop doing it, and how willing you are to deal with the probable consequences of whatever means are proposed to get them to stop doing it.


The CIA doc you linked to was very interesting and contained this passage.

"On 17 January 1983, to define his policy for political, military, and economic relations with the USSR, Reagan approved National Security Decision Directive (NSDD) 75, U. S. Relations with the USSR, a document spelling out purposes, themes, and strategy for competing in the Cold War. It specified three policy elements: containment and reversal of Soviet expansionism, promotion of change in the internal system to reduce the power of the ruling elite, and engagement in negotiations and agreements that would enhance US interests."

That strategy seems as if it would be a very appropriate one to apply toward Red China today. Hell, reducing the power of the ruling elite would be downright humanitarian.

Again these are very generic prescriptions, and the question would be what exactly could or should be done to advance these prescriptions. It might also be pointed out that some of what was done to contain and reverse Soviet expansionism didn't exactly work out for us, notably sustaining various dictators who claimed to be anti-communist and supporting various insurgents who turned out to be not so much anti-communist as anti-everybody. Any such set of broad goals stands or falls on the specific steps chosen to advance the goals.

Of course the Chinese cyber-espionage project is well known, and we can assume that all of the standard responses are in progress, from analyzing their espionage priorities to determine their perceived weaknesses to trying to set them up to steal things that will backfire on hem. Of course the Chinese also know these moves are in progress and will be taking their own steps to counter them. That's the nature of the game.

As for the aforementioned "water army", described this way:


paid posters are known as the Internet Water Army because they are ready and willing to 'flood' the internet for whoever is willing to pay. The flood can consist of comments, gossip and information (or disinformation)

it would appear to indicate, in simple terms, an unlimited capacity for generating spam. How large a threat this entails remains unclear.

As suggested on another thread, it is useful to determine what specifically we fear.

Of course the Chinese also know these moves are in progress and will be taking their own steps to counter them. That's the nature of the game.
You see thats the beauty of it; they’ll never what we’ve monkey-wrenched and what we haven’t! They’ll have billions of lines of code to pore over if they want to prevent mass industrial disaster.

Tell your Guoanbu pals that I will rejoice their tears, ####bird.

. For me it would depend entirely on what you want them to stop doing, how badly you want them to stop doing it, and how willing you are to deal with the probable consequences of whatever means are proposed to get them to stop doing it.

A try perhaps, but please answer the question. How would you stop a hood yourself?

You see thats the beauty of it; they’ll never what we’ve monkey-wrenched and what we haven’t! They’ll have billions of lines of code to pore over if they want to prevent mass industrial disaster.


I'm sure that's assumed, and has been from the start.


A try perhaps, but please answer the question. How would you stop a hood yourself?

Depends on what he's doing, to whom he's doing it, how badly I want him to stop, etc.

Obviously.

There's an enormous range of possible response, from "none necessary" up to "maximum violence", and a whole lot in between. Different circumstances call for different responses.

Obviously.

Again, I'm not the one who brought up "hoods", nor am I the one who proposed stopping anyone from doing anything, so I'm not sure why the question's being asked.

Depends on what he's doing, to whom he's doing it, how badly I want him to stop, etc.

Obviously.

There's an enormous range of possible response, from "none necessary" up to "maximum violence", and a whole lot in between. Different circumstances call for different responses.

Obviously.

Again, I'm not the one who brought up "hoods", nor am I the one who proposed stopping anyone from doing anything, so I'm not sure why the question's being asked.

Again please, answer the question. What would you do if you had to stop a hood yourself? How would you stop him? I am getting to the relevance but you have to answer the question. What do you do to stop the hood yourself? Think broadly.

Again please, answer the question. What would you do if you had to stop a hood yourself? How would you stop him? I am getting to the relevance but you have to answer the question. What do you do to stop the hood yourself? Think broadly.

The question is too generic to have a relevant answer. You obviously want to elicit something and I don't have a clue what it is, so why don't you just tell us and proceed from there.

The discussion is of China, not of generic "hoods" (I'm not even sure how you define that), so why not bypass the digression and tell us how, if at all, you propose to persuade or compel the Chinese to stop doing the things you would like to see them stop doing. I'm not personally convinced that we can stop them, or that we need to.

PS [edit]: this:


I'm not personally convinced that we can stop them, or that we need to.

was not particularly clear, and was meant to apply to the status quo, the existing level of objectionable behavior.

Dayuhan:

You don't want to answer. Fine. Hard to discuss things that way though.

I can't answer. The question as asked is unanswerable. It also has no visible relevance to the matter under discussion, so why bother?

Cyber attacks on dozens of American companies appear to have originated in an area of Shanghai that houses a Chinese military unit. That's according to a report out Tuesday from a U.S. cybersecurity company which says the group behind the attacks is the most prolific it's ever followed.

http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military



A US company has accused a Chinese military intelligence unit in Shanghai of conducting a huge cyber espionage campaign against western companies, in the most specific allegations that the People’s Liberation Army sponsors hacking.

Mandiant, a Washington-based cyber security group, said APT1 – a group of hackers it observed attacking at least 141 companies in the US and 15 other countries over the past seven years – was in fact a PLA group called Unit 61398.

http://www.ft.com/cms/s/0/6b057948-7a5b-11e2-9c88-00144feabdc0.html#axzz2LLq8he7A

Actual report
http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf

Even the New York Times is covering the report. Now that that bridge has been crossed it may only be 5 or 6 years until the US gov deigns to create a high level commission to study what might be done about the problem.

Adam G: I thought your idea a good one. But the scale and breadth of the Red Chinese effort is so huge, would the type of thing we did to the Russians work on them?

Apparently Unit 61398 doesn't approve of the beeb

http://www.pressgazette.co.uk/bbc-china-crew-detained-military-after-filming-cyber-warfare-headquarters

Adam G: I thought your idea a good one. But the scale and breadth of the Red Chinese effort is so huge, would the type of thing we did to the Russians work on them?

Pax Americana doesn't do offensive operations. :-/

I'd hazard that the biggest threat to the Chinese would be folks they've pissed off; their own dissidents within their walls, Anonymous and/or the more sophisticated Russian mob hackers. Then again, my opinion and $4 gets you a cup of gourmet coffee.

Glad the Kid posted that BBC hasslement. Also came back here to drop this load - Adam Taylor interviews a dissenting opinion.

http://www.businessinsider.com/mandiant-china-report-questioned-2013-2

Pax Americana doesn't do offensive operations. :-/

I'd hazard that the biggest threat to the Chinese would be folks they've pissed off; their own dissidents within their walls, Anonymous and/or the more sophisticated Russian mob hackers. Then again, my opinion and $4 gets you a cup of gourmet coffee.

Glad the Kid posted that BBC hasslement. Also came back here to drop this load - Adam Taylor interviews a dissenting opinion.

http://www.businessinsider.com/mandiant-china-report-questioned-2013-2

Your first line made me laugh.

Do you think there is a possibility that some of the private companies in the US who are victimized by Red China (they are probably ticked off) will get tired of US gov inaction and do some monkey-wrenching on their own?

That article you linked to presents some classic arguments, in this case mixing the poor Red Chinese have been victimized by unknown bad men argument, with the you have to prove a negative before I'll believe it argument.

Do you think there is a possibility that some of the private companies in the US who are victimized by Red China (they are probably ticked off) will get tired of US gov inaction and do some monkey-wrenching on their own?

Sounds like something Sy-Fy might option : the gruff-but-loveable head of a multinational that funds all sorts of do-gooder projects with some of their obscene profits takes it in the pants from those inscrutable perils of the East. His precious snowflake spawn are also scriptkiddies on the sly and they launch a devastating counterattack unbeknownst to daddy and his corporate security.
This of course triggers a PLA SPECOPS/Tong Gang kidnapping, with an epic fireball-filled conclusion.
The hackers can be played by some of those sparkly vampire types, but who takes the CEO's role? Bruce Willis?

Laugh now, but remember : Art imitates life. Life imitates art.

would the type of thing we did to the Russians work on them?

That would depend on what you mean by "work". It won't stop them from spying, obviously. The Russians didn't stop spying either. It will make them take a lot more time and effort to assure that what they got isn't contaminated.


Do you think there is a possibility that some of the private companies in the US who are victimized by Red China (they are probably ticked off) will get tired of US gov inaction and do some monkey-wrenching on their own?

Do you really think the targets of the espionage, public and private, haven't been doing that all along? Why would you assume inaction?

China’s “Great Firewall” blocks Web access to, among other things, Facebook and Twitter. People in China can get around the firewall, and very Web-savvy Chinese often do, by using something called VPNs, or Virtual Private Networks. But Chinese hackers already have access to what is presumably an extremely sophisticated VPN: the very servers they use for their foreign hacking.

This where the hackers may have gotten themselves into trouble. To be totally safe, a Chinese hacker would log out of the servers used for cyber-espionage (and allegedly sponsored by the Chinese military) before logging into a separate, more low-key VPN that he or she could use to access U.S.-based social media sites such as Facebook and Twitter.

http://www.washingtonpost.com/blogs/worldviews/wp/2013/02/19/chinese-hackers-outed-themselves-by-logging-into-their-personal-facebook-accounts/?Post+generic=%3Ftid%3Dsm_twitter_washingtonpost

Adam G:

This is a story attached to the article you cited that tells about how the ChiCom leadership habitually spies upon one another. They even hug each other at meetings so they can check for wires!

http://www.washingtonpost.com/blogs/worldviews/wp/2013/02/19/chinese-government-officials-are-constantly-wiretapping-and-spying-on-one-another/

If they do that I imagine the PLA leaders do the same. With a bit of imagination that might be a good avenue for monkey-wrenching. Drop a hint on facebook or an internal email account here and there.

The extensive corruption in the PLA and throughout the Chinese leadership would also provide abundant opportunity for recruiting intelligence assets... along the lines of "tell us what we'd like to know, and maybe this dossier won't find it's way into the hands of assorted news outlets"... but of course it's reasonable to assume that this is being done as we speak, along with feeding defective information, reinforcing factional suspicions, and all of the other spy vs spy 101 stuff.

Sounds like something Sy-Fy might option : the gruff-but-loveable head of a multinational that funds all sorts of do-gooder projects with some of their obscene profits takes it in the pants from those inscrutable perils of the East. His precious snowflake spawn are also scriptkiddies on the sly and they launch a devastating counterattack unbeknownst to daddy and his corporate security.
.

Sounds like Person of Interest!

Interesting perspective:

http://www.voanews.com/content/china-russia-israel-france-iran-cyber-threat/1608419.html

The Shanghai Army Unit That Hacked 115 U.S. Targets Likely Wasn't Even China's 'A-Team' (http://www.forbes.com/sites/andygreenberg/2013/02/21/the-shanghai-army-unit-that-hacked-115-u-s-targets-likely-wasnt-even-chinas-a-team/), by Andy Greenberg. Forbes.com, 2/21/2013.

But if APT1 is the most prolific team of hackers in the Chinese military, it’s not necessarily the best. In fact, when I spoke with Richard Bejtlich, chief security officer at Mandiant and a well-known author and blogger on network security, he argued that APT1 is actually a relatively sloppy group of hackers, and that its mistakes were what part of what allowed Mandiant to profile the unit in such detail. More than a dozen more elite groups of hackers likely operate within China’s military, says Bejtlich, groups that are both harder to track and harder to defend against.

I talked with Bejtlich about how APT1 measures up against other units in China’s military, how groups like it can be stopped, and about the “special forces” within China’s hacker corps that he says make APT1 look like amateurs. Here’s an edited transcript of our conversation.

Says the guys who did RSA SecurID hack were probably from more elite units.

Here is an article from Foreign Policy that suggests that in order to deal with the Red Chinese cyber threat, we should consider unsheathing the sword in addition to more deftly wielding the shield.

http://www.foreignpolicy.com/articles/2013/02/28/how_to_win_a_cyberwar_with_china

It doesn't come up with anything particularly original but it is interesting because it is published by Foreign Policy, which appears to be an organ of inside the beltway conventional thinking. It is interesting because it is the first time I can remember reading that the genii inside the beltway might be at least cognizant of need to strike back.

This is a step in the right direction.

http://usnews.nbcnews.com/_news/2013/03/11/17273068-cybersecurity-threatens-us-china-relationship-white-house-official-says?lite

A national security adviser actually names Red China as the major cyber threat that it is. I figure that is a big thing for the bunnies inside the beltway, to actually state the obvious. Maybe something will come of it.

When Tim Thomas weighs in, smart people read.

http://online.wsj.com/article/SB10001424127887323419104578376042379430724.html


The clearest sign of change came in a March 11 speech by Tom Donilon, President Obama's national security adviser, who condemned "cyber intrusions emanating from China on an unprecedented scale" and declared that "the international community cannot tolerate such activity from any country." Chinese cyber aggression poses risks "to international trade, to the reputation of Chinese industry and to our overall relations," Mr. Donilon said, and Beijing must stop it.

"Why did we wait so long?" wonders Mr. Thomas as we sit in the U.S. Army's Foreign Military Studies Office, where the 64-year-old retired lieutenant colonel has studied Chinese cyber strategy for two decades. More than enough evidence accumulated long ago, he says, for the U.S. to say to Beijing and its denials of responsibility, "Folks, you don't have a leg to stand on, sorry."

Yes, a true headline from the BBC; clearly John Kerry has been reading and ignoring Carl's advice:http://www.bbc.co.uk/news/world-asia-china-22137950

Yes, a true headline from the BBC; clearly John Kerry has been reading and ignoring Carl's advice:http://www.bbc.co.uk/news/world-asia-china-22137950

I guess whatever change in policy Mr. Thomas (of the article AdamG presented) has discerned has been firmly reversed.

One of the very interesting things Mr. Thomas said in that article was the ChiComs don't go after the Russkis. They go after Luxembourg and Singapore but not the Russkis. Luxembourg and Singapore probably take their lead from us when they are attacked. The Russkis of course tell us to go pound sand. I suspect the reason the Red Chinese don't go after the Russ is because if they do, they know the Russ will go after them; unlike us they won't wring their hands and quietly hyperventilate.

David: I started laughing when I read what you posted above. It was the kind of laugh a character in a movie laughs when he asks another character "You gave them our guns?!" and that second character replies "Yea. They said they wouldn't hurt us. I looked into their eyes and I believed them." Oh no, I am starting to laugh again.

To use another WWII analogy, the story you cited is like reading that Churchill had directed Fighter Command to work closely with the Luftwaffe in order to figure out how to solve the problem of the Blitz.

You know the most incredible fiction is coming to life. In the original Battlestar Galactica, an oh so well educated and refined character gave the keys to the Cylons and they killed everybody, except the doughty crew of the Galactica. The writers probably wrote it that way thinking it was too improbable ever to be true. Unknowing prophets they were.

Future historians will devote many volumes (or electrons...no, volumes, they won't trust computers in the future) in trying to explain how a fundamentally sensible and practical people like the Americans, allowed themselves to be directed by such a feckless, foolish, arrogant and cowardly group as are our inside the beltway elites.

Something Mr. Thomas said in his article got me to thinking. He said a particular Red Chinese target is the company that supplies most of the nat gas and petroleum pipeline remote control software in North American. Now, we ran all kinds of complicated pipeline systems just fine for decades before computers came along. So I have two questions for those of you who know a lot about such things.

First, would the pipeline infrastructure of the 1950s be vulnerable to a cyber attack from Red China or anywhere else? I am guessing it would not be.

Second, do you think we might someday go back to such manual system with land line communications in order to be more secure from lethal cyber attack? I know I am probably getting something wrong but the general thrust of the question is about whether older tech might be better in the long run.

First, would the pipeline infrastructure of the 1950s be vulnerable to a cyber attack from Red China or anywhere else? I am guessing it would not be.

Maybe, I don’t know – doesn’t really matter. Pipelines are only useful if you have something to actually pump through it – they are dependent on other processes in the supply/value chain. Take natural gas as an example – if the processing plant is disrupted, you would have no product to pump through the gas pipeline.

The real point of my question is should we go back to the level of control tech that existed in the 50s or 60s? Are we so vulnerable now that that would be worth the cost? Would a cyber disaster prompt that kind of move?

The real point of my question is should we go back to the level of control tech that existed in the 50s or 60s? Are we so vulnerable now that that would be worth the cost? Would a cyber disaster prompt that kind of move?
I don't think the government could even get a law passed requiring conversion to 1950's era industrial controls. The unpleasant reality is that it would require the private-sector to hire and retrain hundreds-of-thousands to millions of people; which is something large-corporations and Wall Street simply would not stand for.

The alternative is to develop a new more secure internet - which is one idea being considered. I can't say if this is even feasible or not. This is a thread where we could use subject matter expertise of dormant council member selil. But all things infosec and cyber are hot right now, so I imagine he is a busy man.

Something Mr. Thomas said in his article got me to thinking. He said a particular Red Chinese target is the company that supplies most of the nat gas and petroleum pipeline remote control software in North American. Now, we ran all kinds of complicated pipeline systems just fine for decades before computers came along. So I have two questions for those of you who know a lot about such things.

First, would the pipeline infrastructure of the 1950s be vulnerable to a cyber attack from Red China or anywhere else? I am guessing it would not be.

Second, do you think we might someday go back to such manual system with land line communications in order to be more secure from lethal cyber attack? I know I am probably getting something wrong but the general thrust of the question is about whether older tech might be better in the long run.

The Chinese are in the process of building an enormous pipeline network spanning vast distances and extremely hostile terrain. Why would you assume that their interest in pipeline controls is aimed at disrupting US pipelines? Wouldn't Occam's razor suggest that their own control technology is not that good, they know it, and they think stealing upgrades is easier and cheaper than buying or developing them?

Sending American industry back to the dark ages in an effort to insulate it from hypothetical cyber attacks seems a bit over the top to me. These systems may have run "just fine" in the 50s to a casual observer, but I suspect that if you talked to those in the industry they would tell you that the way they do things now is far more effective and far more efficient, and not just in using fewer workers. The technology developed for a reason.

The Chinese are in the process of building an enormous pipeline network spanning vast distances and extremely hostile terrain. Why would you assume that their interest in pipeline controls is aimed at disrupting US pipelines? Wouldn't Occam's razor suggest that their own control technology is not that good, they know it, and they think stealing upgrades is easier and cheaper than buying or developing them?

Sending American industry back to the dark ages in an effort to insulate it from hypothetical cyber attacks seems a bit over the top to me. These systems may have run "just fine" in the 50s to a casual observer, but I suspect that if you talked to those in the industry they would tell you that the way they do things now is far more effective and far more efficient, and not just in using fewer workers. The technology developed for a reason.

Why am I not surprised at the tone this reply?

Why am I not surprised at the tone this reply?

If you don't like the tone, address the substance.

No, I am not talented enough to refute "Why would you...", "Wouldn't..."and "I suspect...".

Do you believe that Chinese interest in pipeline controls is aimed at disrupting American pipelines, rather that simple industrial espionage aimed at improving Chinese pipeline control capacity? If so, why?

Do you think that today's pipeline infrastructure, or electrical distribution infrastructure, or financial infrastructure, or any of the other critical industries that are theoretically vulnerable to cyber attack could function with any vestige of effectiveness on the monumentally obsolete technology that would be immune to such attack? If so, why?

Do you think we should disable critical industries and render them uncompetitive out of fear that the Chinese will disrupt them? How is that different from cutting off our head so the Chinese can't punch us in the nose?

And re this:

Look at the Mandiant report's map of Chinese cyber intrusions (at least those tied to Unit 61398): Russia is untouched. "That's a huge area. . . . I really would wonder why they're after South Africa, the U.A.E. and Singapore but not Russia.

Does that mean that the Chinese are leaving Russia alone, or that Mandant had no data on actions targeting Russia, or that the Chinese have a completely different unit targeting Russia? I certainly wouldn't assume on that basis alone that the Chinese are not targeting the Russians.

Yes. Because.

Yes. Because.

Yes. Because.

And, finally...

Yes. Yes. Maybe and oh.

Not very convincing, but not unexpected either.

Awesome.


A US military contractor was allegedly hacked by those associated with the Chinese military. The company reportedly ignored signs of security breaches, allowing hackers to access military technology and classified documents for three years.

QinetiQ North America was attacked by a Shanghai-based hacker group from 2007 to 2010, Bloomberg reported on Thursday. The hacking collective has been coined the “Comment Crew” by security experts.

The company is known for its contributions to national security – including software used by US forces in Afghanistan and the Middle East.

http://rt.com/usa/us-military-chinese-hackers-792/

Looks like they are upping the ante inside the beltway. Here is an NYT story reporting that the US gov is directly accusing the Red Chinese military of being behind all the attacks. An interesting aspect of the story is that in addition to stealing things, they figure the Red Army is conducting what might be called pre-strike reconnaissance.

http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html?nl=todaysheadlines&emc=edit_th_20130507&_r=0

It would be interesting to see the emails flying back and forth amongst the anointed in DC. It is surprising to me that they are being so direct about this. I wonder if the threat is so great that normal DC timidity is being suppressed.

Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials.

The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies.

It’s unclear how much the hackers were able to discover. But former U.S. officials familiar with the breach said the Chinese stood to gain valuable intelligence. The database included information about court orders authorizing surveillance — orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service.

http://www.washingtonpost.com/world/national-security/chinese-hackers-who-breached-google-gained-access-to-sensitive-data-us-officials-say/2013/05/20/51330428-be34-11e2-89c9-3be8095fe767_print.html

WASHINGTON/CANBERRA (Reuters) - Chinese hackers have gained access to designs of more than two dozen major U.S. weapons systems, a U.S. report said on Monday, as Australian media said Chinese hackers had stolen the blueprints for Australia's new spy headquarters.
Citing a report prepared for the Defense Department by the Defense Science Board, the Washington Post said the compromised U.S. designs included those for combat aircraft and ships, as well as missile defenses vital for Europe, Asia and the Gulf.
Among the weapons listed in the report were the advanced Patriot missile system, the Navy's Aegis ballistic missile defense systems, the F/A-18 fighter jet, the V-22 Osprey, the Black Hawk helicopter and the F-35 Joint Strike Fighter.



In Australia, a news report said hackers linked to China stole the floor plans of a A$630 million headquarters for the Australia Security Intelligence Organization, the country's domestic spy agency.
The attack through the computers of a construction contractor exposed not only building layouts, but also the location of communication and computer networks, it said.

http://news.yahoo.com/blogs/ticket/chinese-hackers-breach-key-u-weapons-designs-133849940.html

Glad someone else has been paying attention.

Meanwhile, happyfuntime soon to commence. Enjoy darkness, Imperial Running Dog Lackies.


(Reuters) - China will next month conduct its first "digital" technology military exercise, state media said on Wednesday, against growing concern in Washington and elsewhere about Chinese hacking attacks.

A brief report by the official Xinhua news agency said the exercise, in north China's remote Inner Mongolia region, will "test new types of combat forces including units using digital technology amid efforts to adjust to informationalized war".

http://www.reuters.com/article/2013/05/29/us-china-defence-idUSBRE94S03O20130529?feedType=RSS&feedName=worldNews

Inside Harvard Business School's McArthur Hall, executive MBA student and CEO Kevin Mandia held a 60-page report in his hands and weighed a risky decision: Should he go public with the document, a detailed expos of Chinese theft of American trade secrets, based on seven years of work for nearly 150 corporate clients? The report's allegations -- that a Chinese military unit was likely engaged in systematic hacking and surveillance of U.S. companies -- not only would make Mandia and his young cybersecurity firm a target for potential retaliation but would also test Washington's already strained relations with Beijing. The 42-year-old former Air Force intelligence officer had a high tolerance for risk, but as he pondered his options that February evening, he wasn't sure that disclosure was a smart move. "We'd have a gigantic bull's-eye on our back," he kept thinking.

http://money.cnn.com/2013/07/08/technology/mandia-china-hackers.pr.fortune/index.html

A Chinese hacking group accused this February of being tied to the Chinese army was caught last December infiltrating a decoy water control system for a U.S. municipality, a researcher revealed on Wednesday.

The group, known as APT1, was caught by a research project that provides the most significant proof yet that people are actively trying to exploit the vulnerabilities in industrial control systems. Many of these systems are connected to the Internet to allow remote access (see “Hacking Industrial Systems Turns Out to Be Easy”). APT1, also known as Comment Crew, was lured by a dummy control system set up by Kyle Wilhoit, a researcher with security company Trend Micro, who gave a talk on his findings at the Black Hat conference in Las Vegas.

http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-over-decoy-water-plant/

WASHINGTON — In the Obama administration’s most direct confrontation with China over its theft of corporate secrets, the Justice Department on Monday unsealed an indictment of five members of the Chinese People’s Liberation Army and charged them with hacking into the networks of Westinghouse Electric, the United States Steel Corporation and other companies.

The indictment named members of Unit 61398, which was publicly identified last year as the Shanghai-based cyberunit of the People’s Liberation Army, including its best-known hackers known online by the noms de guerre “UglyGorilla” and “KandyGoo.”

http://www.nytimes.com/2014/05/20/us/us-to-charge-chinese-workers-with-cyberspying.html?hpw&rref=us&_r=0

SAN FRANCISCO — The email attachment looked like a brochure for a yoga studio in Toulouse, France, the center of the European aerospace industry. But once it was opened, it allowed hackers to sidestep their victim’s network security and steal closely guarded satellite technology.

The fake yoga brochure was one of many clever come-ons used by a stealth Chinese military unit for hacking, said researchers at CrowdStrike, an Irvine, Calif., security company. Their targets were the networks of European, American and Japanese government entities, military contractors and research companies in the space and satellite industry, systematically broken into for seven years.

http://www.nytimes.com/2014/06/10/technology/private-report-further-details-chinese-cyberattacks.html?_r=1

FBI director James Comey talked about Chinese hacking -- and how basically every American company has been targeted -- last night on 60 Minutes. Comey said that it's not the Chinese are so good, it's that they're "prolific." He likened their hacking style to a "drunk burglar."

http://www.weeklystandard.com/blogs/fbi-director-chinese-drunk-burglar_808569.html

Washington (CNN) -- China and "probably one or two other" countries have the capacity to shut down the nation's power grid and other critical infrastructure through a cyber attack, the head of the National Security Agency told a Congressional panel Thursday.

Admiral Michael Rogers, who also serves the dual role as head of U.S. Cyber Command, said the United States has detected malware from China and elsewhere on U.S. computers systems that affect the daily lives of every American.
http://www.cnn.com/2014/11/20/politics/nsa-china-power-grid/index.html

Police in Kenya say they are holding 77 Chinese nationals who are accused of running a cyber crime network and mysterious "command centre" from upmarket houses in the capital Nairobi.

Kenya's foreign ministry also summoned China's top diplomat in Nairobi as it sought to establish if Beijing was in anyway linked to the affair.

Local police said they believed the gang was "preparing to raid the country's communication systems".

The Daily Nation newspaper said a series of raids turned up equipment capable of infiltrating bank accounts, Kenya's M-Pesa mobile banking system and ATMs.

http://www.abc.net.au/news/2014-12-05/dozens-of-chinese-held-in-kenya-in-cyber-bust/5945610

A federal weather service employee charged with stealing sensitive infrastructure data from an Army Corps of Engineers database met a Chinese government official in Beijing, according to court documents that reveal the case to be part of an FBI probe of Chinese economic espionage.

Xiafen “Sherry” Chen, an employee of the National Oceanic and Atmospheric Administration (NOAA) office in Ohio, was arrested in October and charged in a federal grand jury indictment with illegally accessing the Army’s National Inventory of Dams (NID).

The NID is a sensitive database containing information on all U.S. dams. U.S. intelligence officials have said the database was compromised by Chinese hackers in 2013 as part of covert efforts by Beijing to gather sensitive information on critical U.S. infrastructure for possible use in a future conflict.

http://freebeacon.com/national-security/noaa-employee-charged-with-computer-breach-met-senior-chinese-official-in-beijing/

How utterly embarrassing for the Obama administration.


Hackers working for the Chinese state breached the computer system of the Office of Personnel Management in December, U.S. officials said Thursday, and the agency will notify about 4 million current and former federal employees that their personal data may have been compromised.

The hack was the largest breach of federal employee data in recent years. It was the second major intrusion of the same agency by China in less than a year and the second significant foreign breach into U.S. government networks in recent months.Last year, Russia compromised White House and State Department e-mail systems in a campaign of cyber#espionage.

http://www.washingtonpost.com/world/national-security/chinese-hackers-breach-federal-governments-personnel-office/2015/06/04/889c0e52-0af7-11e5-95fd-d580f1c5d44e_story.html

Am I the only one concerned that, looking back in five years' time, we might wish that this is the worst that ever happened?

I have only read the WaPo report, which has very little detail and a good dollop of speculation. So OPM are notifying 4m US citizens / residents of 'potential' problems. Somehow I expect other database losses are just as significant.

This type of reporting IMHO only adds to worry and speculation. I do wonder OPM notification announcement was prompted by the WaPo story.

WASHINGTON — The inspector general at the Office of Personnel Management, which keeps the records and security clearance information for millions of current and retired federal employees, issued a report in November that essentially described the agency’s computer security system as a Chinese hacker’s dream.

But by the time the report was published, Chinese hackers had already cleaned out tens of thousands of files on sensitive security clearances, and were preparing for a much broader attack that ultimately obtained detailed personal information on at least four million current and former government employees. Even today, the agency is struggling to patch numerous vulnerabilities.

A number of administration officials on Friday painted a picture of a government office struggling to catch up, with the Chinese ahead of them at every step.

http://www.nytimes.com/2015/06/06/us/chinese-hackers-may-be-behind-anthem-premera-attacks.html?_r=0

Anyone who is surprised by this has not been paying attention.
http://council.smallwarsjournal.com/showthread.php?t=21600


There's a very specific reason I posted this article in a thread separate from the one I started in 2011.
http://council.smallwarsjournal.com/showthread.php?t=14610

Am I the only one concerned that, looking back in five years' time, we might wish that this is the worst that ever happened?

You mean that if someone where to read through all the threads on SWJ, correlating the implications of everything posted from the lack of competence with the USAF nuclear forces to the conveyor belt relief of senior officers across all branches of the military (combined with the studies on Toxic leadership), to the gradual degradation of our abilities to Force Project running parallel with our land and sea forces now playing catch-up training in conventional warfare, as related to loss of credibility overseas with our Department of State reflected back to the Security Theater practiced in the United States since 2001 (which has been demonstrated to have more holes than a brick of Swiss cheese) along with our massive vulnerabilities to offensive hacking? All of which could lead - even with only a marginally competent OPFORCE orchestrating it - to a combination Pearl Harbor/Task Force Smith/Iron Bottom Sound of epic proportions, or '9-11 times a hundred' if you will?

http://www.wired.com/images_blogs/dangerroom/2010/09/atl_wall_chart.jpg



Haven't given it a second's thought. (https://www.youtube.com/watch?v=zZcZ6eJoxeE)

J. David Cox, president of the American Federation of Government Employees, said in a letter Thursday to OPM director Katherine Archuleta that based on incomplete information OPM provided to the union, "we believe that the Central Personnel Data File was the targeted database, and that the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to 1 million former federal employees."

The OPM data file contains the records of non-military, non-intelligence executive branch employees, which covers most federal civilian employees but not, for example, members of Congress and their staffs.

http://hosted.ap.org/dynamic/stories/U/US_GOVERNMENT_HACKED?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2015-06-11-15-58-33



As officials of the Obama administration announced that millions of sensitive records associated with current and past federal employees and contractors had been exposed by a long-running infiltration of the networks and systems of the Office of Personnel Management on June 4, they claimed the breach had been found during a government effort to correct problems with OPM's security. An OPM statement on the attack said that the agency discovered the breach as it had "undertaken an aggressive effort to update its cybersecurity posture." And a DHS spokesperson told Ars that "interagency partners" were helping the OPM improve its network monitoring "through which OPM detected new malicious activity affecting its information technology systems and data in April 2015."

http://arstechnica.com/security/2015/06/report-hack-of-government-employee-records-discovered-by-product-demo/

Oh sure, Beijing isn't at war with America (http://media.giphy.com/media/dC9DTdqPmRnlS/giphy.gif)


WASHINGTON (AP) — Hackers linked to China have gained access to the sensitive background information submitted by intelligence and military personnel for security clearances, U.S. officials said Friday, describing a cyberbreach of federal records dramatically worse than first acknowledged.

The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant's Social Security number and that of his or her cohabitant is required.

http://bigstory.ap.org/article/d842d757851b4a59aca2aecf2f31995a/union-says-all-federal-workers-fell-victim-hackers

http://20committee.com/2015/06/13/opm-hack-is-serious-breach-of-worker-trust/

OPM Hack Is Serious Breach Of Worker Trust

June 13, 2015


“We cannot undo this damage. What’s done is done, and it will take decades to fix.”

This morning National Public Radio had me on to discuss the impact of the mega-hacks of OPM, which I’ve written about here, here and here this week. I discussed several things, including the grave violation of the trust (and the personal secrets) of millions of Americans that this failure has caused.

I said from the outset that this incident was a very big deal, indeed disastrous, from any security or counterintelligence perspective, and sadly this week’s ever-worse revelations have demonstrated that my pessimism was correct.

You can listen to my interview with NPR’s Scott Simon here.

Link to NPR:http://www.npr.org/2015/06/13/414149626/ex-nsa-officer-opm-hack-is-serious-breach-of-worker-trust

1. Can we get the following thread unlocked?
http://council.smallwarsjournal.com/showthread.php?t=14610

2. Can we get this thread combined with the above, this post inclusive?

Great Firewall rising: How China wages its war on the Internet

Since China began controlling its citizens' Internet access in the mid-1990s, the censors have been engaged in an arms race with activists and developers to block tools that helped people jump over the Firewall and close loopholes that popped up.
http://www.cnn.com/2015/10/25/asia/china-war-internet-great-firewall/index.html

AdamG,

AS requested below I have been at work. I have merged the requested thread plus another and have changed the thread's title. It wasUndercover Researchers Expose Chinese Internet Water Army (http://council.smallwarsjournal.com/showthread.php?t=14610) and now will be 'Chinese Cyber (war)fare (merged thread)'.


1. Can we get the following thread unlocked?
http://council.smallwarsjournal.com/showthread.php?t=14610

2. Can we get this thread combined with the above, this post inclusive?

Awesome.

Have some content.



State-backed hackers in China are still carrying out a string of cyber espionage attacks on many U.S. companies, violating the pact that the two countries' signed just recently. The U.S. technology and pharmaceutical sectors have reportedly been subject to precision attacks aimed at the "theft of intellectual property and trade secrets" in the course of three weeks.

http://www.mondaq.com/unitedstates/x/438280/data+protection/China+Continues+Hacking+US+Companies+Despite+Cyber +Pact



The Woods Hole Oceanographic Institution (WHOI), which is a private and nonprofit facility doing scientific research focused on the world's oceans, revealed that it was the recipient of an aggressive hacking attack that can seemingly be traced back to China.

The hackers were able to access the data and email of Woods Hole, WHOI Director and President Mark Abbott said to the institution's staff earlier this week.

WHOI general counsel and internal investigation head Christopher Land said that so far, there are no signs that the data stolen by the hackers have been used for malicious purposes.

Why would a Chinese hacker attempt to break into Woods Hole's systems? It might have something to do with the fact that the institution also does classified research for the Department of Defense.

http://www.techtimes.com/articles/96575/20151017/ocean-focused-research-center-attacked-by-chinese-hacker-huh-why.htm