In the last few days, there have been several articles covering China’s domestic hackers and their schools.   In the past, this type of recruiting activity was confined to the online world and kept out of view of the general public.  Now it is popping up all over the street.

Internet user questions if Academy’s purpose is to stop hacking or train hackers

An internet user, going by the name “Levi”,  posted a rant on the IPTV website complaining about the enrollment and advertising practices of the Yinhe Info and Tech Academy.  The rant generated thousands of views in just one day.

Levi’s Rant

Levi raised questions about the true nature of the Yinhe Academy and wondered if they were a true tech academy or a hacker training school.   Levi stated that Yinhe’s advertisements were hung all over Wuhan City; a reporter following up on the posting discovered that this was indeed the truth.

The reporter contacted Levi who told him that he had called the number on the advertisement a few days ago to talk with Yinhe personnel about the training.  Levi even took the school entrance exam but felt that the hacker courses were not good enough.  Most of it involved hacker software that attacked servers or stole passwords.  It didn’t hold much interest for someone like Levi, who had a solid tech background and so he refused to pay the school’s fee.

Levi said that Yinhe was trying to enroll junior high and high school graduates between the ages of 17-25.  Levi was already 26 but was still able to successfully enroll in the school and pass their entrance exam.  Following up on Levi’s accusations of questionable advertising, the reporter  located a magazine that contained an article on a Yinhe graduate named Liu Chen, who was able to break into the Fudan University website by scanning the server and finding a loophole.

Yinhe article on intrusion of Fudan University website

Levi said that this was not sufficient and he felt hackers who only learned to operate a few pieces of hacker software were childish.  If you wanted to be a network security expert, you needed to understand computer theory, operating systems and program languages.

In this regard, Director Wang of the Hubei Provincial People’s Government Web Portal Editor Department, agreed.  He said, that it didn’t matter how you took control of another network or stole passwords, it was all illegal.  Secondly, using simple tools to damage other networks would not allow you to learn genuine network  security.

Soon after, the reporter interviewed the Vice-President Zhou Eryun of the Yinhe Hacker Training Academy.  President Zhou said that the teachers at the Yinhe Academy demonstrated hacker software in the classroom so that the students would understand it and then be able to play a role in preventing hacking.

In regards to Levi’s assertions that hackers should not merely be able to operate hacker software but needed to understand computer theory, operating systems and program languages, President Zhou felt that the courses selected needed to take into account the skill level of the junior and high school graduate.

During the course of the investigation, the reporter learned that it is often hard to distinguish between computer attack and defense.  Another IT training organization, Beida Qingniao, in their advertisement openly proclaimed, “Do you want to experience the taste of being a hacker for yourself? Remotely enter another system, remotely control another computer, remotely shut it down, steal passwords…in fact, you can do all of this!”  Furthermore, those in the class will be able to experience what it is like to be a hacker under the guidance of the teacher.

It is understood that some teachers and students, in order to demonstrate their skills, will teach people how to deface a website or steal a qq number.  Levi stated that if a person isn’t just showing off and has a clear economic objective, they will disseminate commercial viruses like the Panda Burning Incense culprit Li Jun and move toward the criminal abyss.

CCTV excerpt from Defense Review Week interview with network specialists Major General Hu Xiaofeng (Deputy Director for the National Defense University Department of Information Warfare and Training Command) and Professor Meng Xiangqing (National Defense University Institute for Strategic Studies):

Program introduction:  Hackers suddenly break into the US Atlantic Fleet’s command system, they instantaneously take control of the US fleet and fighter aircraft, turning missiles fired moments ago 180 degrees back at itself.  The entire country is thrown into chaos.  Is this description of a US military cyber warfare exercise truly capable of producing such formidable power?

Washington D.C., traffic lights completely fail, cars moving in opposite directions inside the tunnels collide, the stock market collapses, communications are cut off, all television stations are broadcasting the same thing – fragments of the US president’s televised speech patched together to produce a terrorist’s “hacker manifesto”.   This is a scene from the movie “Die Hard 4,” in which several hackers repeatedly turn the United States upside down.  Could this type of scenario actually happen in real life?

Well then, what is cyber warfare really? How does it enhance combat capability? In high-profile speeches, the US and South Korea announced the establishment of cyber warfare command centers, what is being hidden behind them?  Will this cause an arms race in the cyber domain or become the new contest between nations for strategic control?   Why does the United States equate the threat from cyberspace to nuclear, chemical and biological weapons?  Is future cyber warfare a weak defense and strong offense, or a strong defense and weak offense?   How should we respond?

This month, “Defense New Review” has invited top-level network specialists, Major General Hu Xiaofeng and Professor Meng Xiangqing to decipher it for you.

Host:  Cyber warfare takes place in virtual space but I feel that it seems to strike at the enemy’s morale.  Can these types of virtual encounters cause casualties to the enemy’s effective strength?

MG Hu Xiaofeng:  As an example, I take control of your high-speed railroad network and after I seize control of your system, I send you a message.  Will you agree to my blackmail or not?  If you agree, then there isn’t a problem.  If you don’t agree, then I crash two of your trains together.  Is it your decision to let people die?  I’ll give you another example.  For instance, I launch a missile and you call it back on itself.  It is all possible.

Host:  Are these types of things all covered under the scope of cyber warfare?

Prof Meng Xingqing:  Yes, however the goal is not to destroy the enemy’s effective strength, or to say I’ve destroyed this number of enemy troops or specific military targets.  It’s not like that, the goal is to achieve a strategic objective.  What is the stragetic objective?  It is what Professor Hu just mentioned, you have to meet my political conditions or your government will be toppled, or you promise to meet some of my political conditions.  In this type of conflict, killing a certain number of people is a secondary consideration.  In general, there are only a few major differences in the considerations between cyber and traditional warfare.   One is in tangible space and the other intangible space.  One is in virtual space and the other on the battlefield.  Overall, it is bloodless.

Host: Then is it possible that with cyber wafare we won’t have to rely on traditional methods of warfare, can we attain military victory purely through the means of cyber warfare, is that possible?

MG Hu Xiaofeng: … …

Prof Meng Xingqing: … …

End excerpt from broadcast.

I woud really like to have the rest of this if any one runs across it.  The transcript just ends right there, bastards.

According to Yangtze River News, the author of the virus “Panda Burning Incense,” is due to be released from prison at year’s end and plans on working in computer security.  Li Jun, also known as the “Virus King,” designed the “Panda Burning Incense” virus that wreaked havoc across the Chinese internet from December of 2006 to January of 2007.  The virus infected between 300-500,000 computers daily; with at least 10 million infected in total.  The virus earned Li between 3-5,000 yuan each day and the highest day’s income was 10,000 yuan.

After his arrest and trial, Li was sentenced to four years in prison of which he has currently served 2 1/2.   Li’s sentence has been reduced and he thinks he will be released at the end of the year.  His three accomplices have already been released.

When he gets out, Li plans to go to Shenzhen and look for a job with a large computer security company and pay back his parents.

What could go wrong?

The poster in the background above reads, “recruiting hackers” and was  meant to be humorous in order to attract the top IT applicants at the 2009 Spring Jobs Fair.  There were more than 300 companies offering 4,000 positions.

The same graphic also accompanied a different article but this was an interview with Chinese Air Force Colonel Dai speaking on cyber warfare research (the link is a Google English xlation, I’m working on another article right now).

Make of that what you will.

DEFCON 17 is right around the corner. Let me know (email jumper@) if you are interested in coming to a meet-up. Last year around 15-20 people met up and we had a great time socializing and talking shop.

-jumper

UPDATE#2:  As usual, our readers are better informed than I am.  More great comments on the status of Milw0rm in the comments section from Steve C and dblackshell.

Chinese hackers love the Milw0rm portal, so I follow it every now and then.  Found out today that the site has been closed down by the owner Str0ke:

Str0ke does not explain whether this is simply due to a lack of time, to an increasing number of exploits or perhaps to both. It also remains unclear whether the page and its current database will remain available or whether it will soon be taken off line. It is possible that other members of the community will come forward to support str0ke or offer to take over the portal’s operation.

Originally, milw0rm was a worldwide group of hackers whose members communicated via IRC. The group became known internationally after it hacked into the Indian Bhabha Atomic Research Centre (BARC) in June 1998 and downloaded emails and classified documents about nuclear tests. The members’ true identities reportedly still remain unknown to the investigating authorities. Speculations that milw0rm was closed due to pressure from the FBI have so far not been substantiated.

China has openly announced that they are moving toward an “informationized” force and it is one of their top priorities.  While we do not have to agree with their rational, it is imperative that we understand it.

The following article from tech.qq.com outlines many of those reasons.  It is a rather long piece so this will be a gist of the major points mentioned:

Unmasking the true intentions behind the repeated US “Chinese hacker threat” hype

The US media has always portrayed the Chinese hacker as omnipotent, capable of easily breaking through the White House and Pentagon network security systems to steal classified information.  On 23 June,  after US Secretary of Defense Gates announced the creation of a Cyber Warfare Operations Center, the true intentions behind the constant US “Chinese hacker threat” hype became immediately obvious to the outside world.   In fact, there are even more unknown plans underneath this, exaggerating the “Chinese hackers threat” is only one plot in a series of ploys by the  US to strengthen its network capabilities.  In truth, the establishment of the Cyber Warfare Operations Center is not the  first US attempt to expand its network capabilities.   Even before the worldwide  popularity of the internet, the US had already created a “cyber army” and carried out the practice of “cyber war.”   (US) Experts stated, they wanted the same unrivaled domination in “freedom of movement”  as the US military enjoyed on the land, sea, air and space.  The US would reject any restriction in the cyber domain in order to ensure their dominant position.

“Chinese hackers” used as the customary US pretext

Follow US media reports and you will discover that “China’s hackers” have hacked into almost all of the most important governmental websites to include the White House, Pentagon, Federal Bureau of Investigation, the Central Intelligence Agency and the United States Congress.   Chinese hackers not only engage in such low-level network attacks as website defacements, they are also capable of carrying out such operations as  paralyzing the US power grid and stealing top-secret information on the F-35 Joint Strike Force Fighter.  It appears that in US public opinion, Chinese hackers have everything in the bag, they can penetrate US networks as if no one is manning the borders.

In regards to the US media’s “Chinese hackers threat” hype, certain US politicians and officials have also chosen to echo this position.  On April 21st of this year, the US “Wall Street Journal” reported that Chinese hackers had stolen data on the F-35 fighter aircraft, in spite of the fact that Lockheed Martin, the prime defense contractor, denied that the information had been leaked.  However,  US Defense Department spokesman Brian Whitman said, “that the specific details were unclear,” leaving it to the world’s imagination.  Subsequently, US Secretary of Defense Robert Gates, in an exclusive interview with CBS, expressed concerns over the daily attacks on US networks and said that the Pentagon had no choice but to carry out a four-fold increase in the national cyber defense mission.

As another aspect of this, from time to time, the US military will take the initiative and make releases to the press in order to further their next policy campaign.  On 15 May, US Deputy Defense Secretary Lynn said to the press that over 100 foreign intelligence organizations had tried to infiltrate the US network and that China and Russia had the ability to attack through the network and damage US infrastructure.  In addition, two weeks later, US President Obama would appoint a “Cyber Czar” to head the cyber security office and command national cyber security forces.

In a recent interview with a Global Times reporter, Chinese military expert Song Xiaojun said that for many years the US has exaggerated the  foreign network threat and that this was actually a methodical means to  establish a Cyber Warfare Operations Center.  Fang Binxing, a scholar at the Chinese Academy of Engineering and president of the Beijing University of Posts and Telecommunications, also said that the US was basically using “Chinese hacker” attacks as an excuse to create a Cyber Warfare Operations Center. According to Fang Binxing’s explanation, with regard to offensive and defensive network warfare capabilities, the US has absolute superiority from traditional space, to outer space and cyber space.

Seizing the commanding heights of cyber warfare in order to strengthen cyber attack capability

Just as the experts said, exaggerating the so-called “Chinese hacker threat” is the US “justification” for strengthening their cyber attack capability.  In fact, the historical development of the US’ cyber attack capability would far surpass the world’s imagination.  Even before the term”Chinese hacker” appeared, the US had used cyber attack in actual combat.  During the 1991 Gulf War, the US used the intelligence system to place a computer virus in the Iraqi air-defense system that Iraq had purchased from France.  Prior to the start of US air raids, remote-control means were used to activate the virus, that led to the paralysis of the Iraqi air-defense system at the time the US Air Force flew over Baghdad.

In regards to “cyber warfare”, the US military has clearly passed the stage of theoretical study.  For the first time in 1993, two scholars from the US RAND Corporation put forward the concept of “cyber warfare.”  These two scholars defined in theory what constitutes “cyber war” and also systematically described how to use cyber warfare to disrupt and destroy the enemy’s  information and communication  systems while at the same time preventing the enemy from obtaining yours.

The theoretical conclusions of US scholars have also promoted the advance and development of US cyber attack capability.  During the Kosovo War in 1999, as well as the 2003 war in Iraq, people could clearly witness the shadow of cyber warfare.  According to US military defense expert Harding’s long-term tracking evaluation of U.S. military hacker projects, the US currently has a total of 3-5000 cyber wafare specialist and 50-70,000 soldiers involved in cyber warfare.  If you add in former electronic-warfare personnel, the total number of US cyber forces comes to around 88,700.   Moreover, Commander Chilton of the US Strategic Command Center recently revealed that the US is in the process of recruiting 2-4,000 soldiers in order to form a “cyber special forces.”

It is especially worth noting the drastic reduction in the Obama administration’s missile defense system and F-22 aircraft procurement costs while at the same time increasing cyber security investment and pushing the acceleration of cyber warfare construction.  The establishment of the Cyber Warfare Command, is merely a method for the US military to integrate relevant departments and units involved in cyber attack capabilities, thereby raising it as a force multiplier.  An analyst from the UK ” Guardian” said that this was a way for the US  to integrate high-tech military units scattered all around the country, in order to launch a cyber warfare against hostile nations if it becomes necessary.

In the view of military experts, there is an even greater significance to the US creation of a cyber command, that it signals humans are entering into a historically new form of war.  A Chinese military expert, speaking on the condition of anonymity,  told a “Global Times” reporter that the US establishment of the Cyber Warfare Command signified an inevitably increase in funds and personnel that will be thrown into the domain of cyber warfare.  From a larger perspective, the US establishment of a Cyber Warfare Command signified that from now on, it was possible cyber warfare was a new type of national-warfare that had entered human history.  From here on out, if the US comes under cyber attack, it could delcare it an act of war and carry out a counterattack.

Reject any restrictions to ensure superiority

(Two paragraphs not translated: The first repeats the US freedom of movement with a blurb on SecDef Roberts Gates’ memo that Cyber Command will help ensure US freedom of movement in cyber space.  The second paragraph talks about US unwillingness to have restrictions placed on its freedom of movement and a statement by a US State Dept person claiming the US could not sign an international agreement on cyber security.)

A Chinese military expert told the “Global Times” that in terms of traditional military and nuclear strike capability, the US, the world’s top-ranked military power, had almost complete control over the four domains of land, sea, air, and space.  Creating a “cyber army” was the US military’s strategic initiative to extend its superiority into the 5th realm of the virtual world.  As the birthplace of the internet, the US clearly has a real-world advantage.   One can imagine that the US will not have much interest in cyber arms control and that it will continue to use the feeling of insecurity from other countries to ensure their “freedom of movement.”

]]> http://www.thedarkvisitor.com/2009/07/understanding-chinas-cyber-threat-perception/feed/ 11 http://www.thedarkvisitor.com/2009/07/china-has-cyber-worries-too/ http://www.thedarkvisitor.com/2009/07/china-has-cyber-worries-too/#comments Wed, 01 Jul 2009 22:21:19 +0000 Heike http://www.thedarkvisitor.com/?p=1652 H/T: Mark

Received an interesting e-mail from one of our readers named Mark who suggested I take a look at an article dealing with Chinese fears of US hackers and the possible threat to its cyber sovereignty:

In that context, the article I came across in the English-language China Daily was an eye-opener. The title was “China at the mercy of global hackers.”

Early in the article, a Chinese academic expert on cyber warfare said: “In a worst-case scenario, a security breach could result in the breakdown of the energy supply and collapse of the financial system, not to mention a collapse of the national defense capability.… The capability to defend China’s information and cybersecurity is extremely weak, and many of its online applications remain vulnerable to assault.”

We cherish too, the Poppy red
That grows on fields where valor led,
It seems to signal to the skies
That blood of heroes never dies.