[Infowarrior] - China blocks U.S. from cyber warfare

[Richard Forno]

  Tuesday, May 12, 2009
China blocks U.S. from cyber warfare

Bill Gertz

http://washingtontimes.com/news/2009/may/12/china-bolsters-for-cyber-arms-race-with-us/print/

China has developed more secure operating software for its tens of  
millions of computers and is already installing it on government and  
military systems, hoping to make Beijing's networks impenetrable to  
U.S. military and intelligence agencies.

The secure operating system, known as Kylin, was disclosed to Congress  
during recent hearings that provided new details on how China's  
government is preparing to wage cyberwarfare with the United States.

"We are in the early stages of a cyber arms race and need to respond  
accordingly," said Kevin G. Coleman, a private security specialist who  
advises the government on cybersecurity. He discussed Kylin during a  
hearing of the U.S. China Economic and Security Review Commission on  
April 30.

The deployment of Kylin is significant, Mr. Coleman said, because the  
system has "hardened" key Chinese servers. U.S. offensive cyberwar  
capabilities have been focused on getting into Chinese government and  
military computers outfitted with less secure operating systems like  
those made by Microsoft Corp.

"This action also made our offensive cybercapabilities ineffective  
against them, given the cyberweapons were designed to be used against  
Linux, UNIX and Windows," he said.

The secure operating system was disclosed as computer hackers in China  
- some of them sponsored by the communist government and military -  
are engaged in aggressive attacks against the United States, said  
officials and experts who disclosed new details of what was described  
as a growing war in cyberspace.

These experts say Beijing's military is recruiting computer hackers  
for its forces, including one specialist identified in congressional  
testimony who set up a company that was traced to attacks that  
penetrated Pentagon computers.

Chinese Embassy spokesman Wang Baodong declined immediate comment. But  
Jiang Yu, a Chinese Foreign Ministry spokesman, said April 23 that the  
reports of Chinese hacking into Pentagon computers were false.

"Relevant authorities of the Chinese government attach great  
importance to cracking down on cybercrimes," Ms. Jiang said. "We  
believe it is extremely irresponsible to accuse China of being the  
source of attacks prior to any serious investigation."

Mr. Coleman, a computer security specialist at Technolytics and a  
consultant to the director of national intelligence and U.S. Strategic  
Command, said Chinese state or state-affiliated entities are on a  
wartime footing in seeking electronic information from the U.S.  
government, contractors and industrial computer networks.

Mr. Coleman said in an interview that China's Kylin system was under  
development since 2001 and the first computers to use it are  
government and military servers that were converted beginning in 2007.

Additionally, Mr. Coleman said, the Chinese have developed a secure  
microprocessor that, unlike U.S.-made chips, is known to be hardened  
against external access by a hacker or automated malicious software.

"If you add a hardened microchip and a hardened operating system, that  
makes a really good solid platform for defending infrastructure [from  
external attack]," Mr. Coleman said.

U.S. operating system software, including Microsoft, used open-source  
and offshore code that makes it less secure and vulnerable to software  
"trap doors" that could allow access in wartime, he explained.

"What's so interesting from a strategic standpoint is that in the  
cyberarena, China is playing chess while we're playing checkers," he  
said.

Asked whether the United States would win a cyberwar with China, Mr.  
Coleman said it would be a draw because China, the United States and  
Russia are matched equally in the new type of warfare.

Rafal A. Rohozinski, a Canadian computer security specialist who also  
testified at the commission hearing, explained how he took part in a  
two-year investigation that uncovered a sophisticated worldwide  
computer attack network that appeared to be a Chinese-government- 
sponsored program called GhostNet, whose electronic strikes were  
traced to e-mails from Hainan island in the South China Sea.

GhostNet was able to completely take over targeted computers and then  
download documents and information. Some of the data stolen were  
sensitive financial and visa information on foreign government  
networks at overseas embassies, Mr. Rohozinski said.

The China-based computer network used sophisticated break-in  
techniques that are generally beyond the capabilities of nongovernment  
hackers, Mr. Rohozinski said.

Using surveillance techniques, the investigators observed GhostNet  
hackers stealing sensitive computer documents from embassy computers  
and nongovernmental organizations.

"It was a do-it-yourself signals intelligence operation," Mr.  
Rohozinski said of the network, which took over about 1,200 computers  
in 103 nations, targeted specifically at overseas Tibetans linked to  
the exiled Dalai Lama.

Mr. Rohozinski, chief executive officer of the SecDev Group and an  
advisory board member at the Citizen Lab at the Munk Center for  
International Studies at the University of Toronto in Ontario, said  
the GhostNet operation was likely part of a much bigger  
cyberintelligence effort by China to silence or thwart its perceived  
opponents.

A third computer specialist, Alan Paller, told the Senate Committee on  
Homeland Security and Governmental Affairs on April 29 that China's  
military in 2005 recruited Tan Dailin, a graduate student at Sichuan  
University, after he showed off his hacker skills at an annual contest.

Mr. Paller, a computer security specialist with the SANS Institute,  
said the Chinese military put the hacker through a 30-day, 16-hour-a- 
day workshop "where he learned to develop really high-end attacks and  
honed his skills."

A hacker team headed by Mr. Tan then won other computer warfare  
contests against Chinese military units in Chengdu, in Sichuan province.

Mr. Paller said that a short time later, Mr. Tan "set up a little  
company. No one's exactly sure where all the money came from, but it  
was in September 2005 when he won it. By December, he was found inside  
[Defense Department] computers, well inside DoD computers," Mr. Paller  
said.

A Pentagon official said at the time that Chinese military hackers  
were detected breaking into the unclassified e-mail on a network near  
the office of Defense Secretary Robert M. Gates in June 2007.

Additional details of Chinese cyberattacks were disclosed recently by  
Joel F. Brenner, the national counterintelligence executive, the  
nation's most senior counterintelligence coordinator.

Mr. Brenner stated in a speech in Texas last month that  
cyberactivities by China and Russia are widespread and "we know how to  
deal with these," including widely reported "Chinese penetrations of  
unclassified DoD networks."

"Those are more sophisticated, though hardly state of the art," he  
said. "Frankly, I worry more about attacks we can't even see, which  
the Russians are good at. The Chinese are relentless and don't seem to  
care about getting caught. And we have seen Chinese network operations  
inside certain of our electricity grids."

Mr. Brenner said there are minimal concerns about a Chinese  
cyberattack to shut down U.S. banking networks because "they have too  
much money invested here.

"Our electricity grid? No, not now. But if there were a dust-up over  
Taiwan, these answers might be different," he said.

Aggressive Chinese computer hacking has been known for years, but the  
U.S. government in the past was reluctant to detail the activities.

The CIA, for example, sponsored research in the late 1990s that sought  
to minimize Chinese cyberwarfare capabilities, under the idea that  
highlighting such activities would hype the threat.

Researcher James Mulvenon, for instance, stated during a 1998  
conference that China's People's Liberation Army (PLA) "does not  
currently have a coherent [information warfare] doctrine, certainly  
nothing compared to U.S. doctrinal writings on the subject."

Mr. Mulvenon stated in one report that "while PLA [information  
warfare] capabilities are growing, they do not match even the  
primitive sophistication of their underlying strategies."

Mr. Mulvenon has since changed his views and has identified Chinese  
computer-based warfare as a major threat to the Pentagon.

Mr. Coleman said China's military is equal to U.S. and Russian  
military cyberwarfare.

"This is a three-horse race, and it is a dead heat," Mr. Coleman said.

The National University of China is the strategic adviser to the  
Chinese military on cyberwarfare and the Ministry of Science and  
Technology, he said.

Several computer security specialists recently sounded public alarm  
about the growing number of cyberattacks from China and Russia.

China, based on state-approved writings, thinks the United States is  
"already is carrying out offensive cyberespionage and exploitation  
against China," Mr. Coleman said.

In response, China is taking steps to protect its own computer and  
information networks so that it can "go on the offensive," he said.

Mr. Coleman said one indication of the problem was identified by  
Solutionary, a computer security company that in March detected 128  
"acts of cyberagression" tied to Internet addresses in China.

"These acts should serve as a warning that clearly indicates just how  
far along China's cyberintelligence collection capabilities are," Mr.  
Coleman said.

A Pentagon spokesman, Air Force Lt. Col. Eric Butterbaugh, would not  
comment on Chinese cyberattacks directly but said "cyberspace is a war- 
fighting domain, critical to military operations: We must protect it."

The Pentagon's Global Information Grid is hit with "millions of scans"  
- not intrusion attempts - every day, Lt. Butterbaugh said.

"The nature of the threat is large and diverse, and includes  
recreational hackers, self-styled cybervigilantes, various groups with  
nationalistic or ideological agendas, transnational actors, and nation- 
states," he said. "We have seen attempts by a variety of state and  
nonstate sponsored organizations to gain unauthorized access to, or  
otherwise degrade, DoD information systems."

Air Force Gen. Kevin Chilton, commander of the U.S. Strategic Command,  
said May 7 that a joint cybercommand is needed under the Pentagon to  
better integrate military and civilian cybercapabilities and defenses.  
Gen. Chilton said he favors creating the joint command at Fort Meade,  
Md., where the National Security Agency is located. The command should  
be a subunit of Strategic Command, located at Offutt Air Force Base,  
Neb.

Mr. Gates said last month that the National Security Council is  
heading up a strategic review of U.S. cybercapabilties and is  
considering creating a subunified command within Strategic Command.

Pentagon spokesman Bryan Whitman said Mr. Gates has not decided on the  
subunified command to handle cyberwarfare issues and is waiting for  
the completion of the White House review of cyberwarfare and security  
issues, which is past due from the 60-day deadline imposed by Congress.

Mr. Gates "thought it would be prudent to wait for their work before  
looking at potential organization structures," Mr. Whitman said in an  
interview.