Sunday, February 15, 2015

• China's 'Code War' attacks on US internet titans By Kevin Holden


Beijing has launched major cyber strikes against American IT giants eyeing its market. 


The latest hacker invasions of Google, Apple, Microsoft and Yahoo are being masterminded by Lu Wei, with the Politburo's approval.


Apple is under tremendous pressure to tolerate these "organized network attacks" as part of the price of remaining in the Chinese market By Kevin Holden

 
Beijing, China -- As China creates one of the globe's leading cyber armies, it is stepping up hacking attacks on American internet leaders Google, Apple, Yahoo and Microsoft, online security analysts say. 


These massive attacks are part of Beijing's campaign to fortify the "Great Firewall" that encircles the country's 649 million netizens and strengthen the ability to spy on all web-based communications.


Google has headed Beijing's blacklist of cyber enemies since it halted censorship of internet searches conducted via its Google China site, and China's virtual army recently completed a total blockade on access to Google's search engine and Gmail across the People's Republic.


Now, Chinese hackers are intensifying assaults on e-mail systems operated by Microsoft, Yahoo and Apple, which have all been allies of China's rise into the planet's biggest platform of internet users, according to online monitoring group GreatFire.org. 


The founders of GreatFire, which has been at the forefront of investigating Chinese government blocks on websites worldwide and its ever-expanding hacking operations, say in Apple's case, advanced encryption technology introduced in the new iPhone 6 impelled Beijing to preemptively hack into the devices of new users to tap their online communications.
Teams of hackers staged "man-in-the-middle" attacks on Chinese iPhone users, deploying servers disguised as Apple's iCloud system to intercept passwords and messages, said GreatFire co-founder Percy Alpha. 


Apple leader Tim Cook was so alarmed by the attack that he jetted into Beijing to ask the Chinese leadership to help halt the hacking operation, said Alpha.

High level involvement?
Erik Hjelmvik, a researcher at the Swedish internet security firm Netresec, said an intricate analysis of the iCloud attack conducted by Netresec revealed,"The attacks are being performed on backbone networks belonging to China Telecom as well as China Unicom." 


The leaders of both of these Chinese government-run telecom giants "were most likely either directly involved with assisting the attack or at least aware of the attack since critical changes would have to be made to their network routing infrastructure", he said. 


"The fact that identical attacks were carried out simultaneously on the China Telecom and China Unicom networks indicates that this was a coordinated operation, carried out by an organisation or agency with authority to interfere with network traffic."


GreatFire's founders said the battle plan for the iCloud intercept operation was drafted by Lu Wei, China's new internet czar.


Lu was appointed to head the new Cyberspace Administration of China by Xi Jinping, and is likewise on the inner party's new internet security commission headed by Xi.
Lu's third crown comes from his leading position in the CCP's Central Propaganda Department, said GreatFire co-founder Charlie Smith.

Attacking America's search engines
While secret cables sent from the US Embassy in Beijing, published by WikiLeaks, revealed the initial round of Chinese attacks on Google was orchestrated by the CCP's ruling Politburo, Smith said the latest hacker invasions of Google, Apple, Microsoft and Yahoo are being masterminded by Lu, with the Politburo's approval.


Alpha added that highly organised hacking attacks originating from the well-guarded backbone of the Chinese internet have been staged six times over the past two years against targets, including the leading American search engines.


These digital strikes, GreatFire's co-founders said, are aimed at establishing Beijing's absolute authority, or "Cyber Sovereignty," over all Internet operations within Chinese borders.


Cyber czar Lu, they added, has the power to determine everything from which websites to block to which IT systems need to be stealthily invaded to strengthen the surveillance state. 


China's blacklist of websites, which includes The New York Times and the BBC, Dropbox and Instagram, Facebook and YouTube, currently bars at least 48,000 sites operated around the world, Alpha said.


Following the intricate Chinese hacking operation against iCloud, Apple issued a worldwide security warning acknowledging it had discovered "organized network attacks" on iPhone users, but curiously did not identify China as the source of those attacks.


"Tim Cook has said China will soon be the largest market for Apple products," said Alpha.

Paying the price
Apple, like other Western internet titans that aim to ride China's rise as an economic superpower, is under tremendous pressure to tolerate these "organized network attacks" as part of the price of remaining in the Chinese market, he added.


Foreign IT players who want to operate in China are forced to sign agreements that require compliance with Beijing's internet censorship regime, said Hosuk Lee-Makiyama, a legal scholar who co-heads the Brussels-based European Centre for International Political Economy.


The only American internet giant to publicly renounce cooperating with China's censors so far has been Google, which also identified "the Chinese government or its agents" as being the masterminds of a sophisticated attack on Google's central servers.


Google has since issued a position paper calling on American and European government leaders to launch an action with the World Trade Organization to enforce the group's rules on the free flow of information globally.


"We would strongly encourage US legislators to consider implementing censorship-related legislation that would be similar to the Foreign Corrupt Practices Act but for censorship controls," said Smith.


This prohibition on cooperating in Beijing's censorship system could protect US-listed corporations operating in China by mapping out clear boundaries on permissible practices, he added.


Meanwhile, apparently irate over GreatFire's ongoing exposure of Beijing's cyber surveillance and hacking activities, the Cyberspace Administration of China recently branded the group's founders as "overseas anti-China forces" engaged in "groundless slander".


The leaders of the tiny but defiant GreatFire replied with an online "Open Letter to Lu Wei and the Cyberspace Administration of China" that underscored the group has published solid evidence on all of the Chinese hacking manoeuvres it reported.


"We are not anti-China but we are anti-censorship in China," GreatFire said.


"We are here to watch what you are doing … and we are encouraging netizens and companies alike to fight against the Great Firewall and Chinese internet censorship in general."
Smith said in an interview with Al Jazeera:
"We take issue with being labeled anti-China. All three co-founders [of GreatFire] have very close relationships with China.


"We just don't love these overbearing censorship restrictions, we have a plan for getting rid of them, and we are putting our plan into action," he added.

Plausible deniability
Franz-Stefan Gady, a global cybersecurity expert at the EastWest Institute, said when confronted over mounting cyber assaults on Western IT outfits, "China often hides behind a veil of plausible deniability by accusing domestic hackers of having gone rogue."


Yet he noted that Beijing has never arrested a single hacker accused of joining these escalating assaults.


Five members of a secret People's Liberation Army hacking base in Shanghai were charged with attacking American corporations in a US Department of Justice criminal indictment issued last May, but Beijing balked at extraditing them.


Senator Charles Schumer has since called on Washington to launch a parallel WTO action against China.
Earlier this month, China was accused of hacking into US health insurer Anthem Inc's network and stealing personal data on as many as 80 million of its clients. 


On Friday, President Barack Obama said private industry and the government must cooperate to tackle the threat of Chinese cyber attacks.


"The cyber world is the Wild Wild West -- to some degree we're asked to be the sheriff," Obama said.
Last week, while unveiling the new Cyber Threat Intelligence Integration Center, one White House aide said cyber strikes against US targets are being launched worldwide.
"At the state level, threats come from nations with highly sophisticated cyber programmes, including China."




By Franz-Stefan Gady

Operetta cyber warriors: More theatricality than efficiency

The U.S.-China Economic and Security Review Commission’s (USCC) assessment of the weaknesses of China’s People’s Liberation Army (PLA) offered little new analysis on the PLA’s cyberwarfare capabilities. 


This is largely due to the impossibility of finding a comprehensive assessment of China’s military cyber capabilities — in comparison to Chinese cyber espionage capabilities — on the public record. Considering the alleged importance and centrality of cyberwar and informatization in the PLA’s thinking, this is analytical gap is worth looking into in some detail.


The report, entitled “China’s Incomplete Military Transformation,” notes that “The PLA sees space, cyber, and EW [electronic warfare] capabilities as increasingly vital aspects of its ability to deter or, if necessary, defeat a technologically advanced adversary in a future informatized local war, whether over Taiwan or the Senkaku Islands, maritime territorial disputes in the South China Sea, or elsewhere.” 


The white paper further points out the PLA’s perception of Chinese cybersecurity weaknesses (including in cyber reconnaissance, cyberattack and defense, and cyber deterrence capabilities) as well as the view in China that the country’s critical information infrastructure is extremely vulnerable to enemy cyber attacks.


The report also quotes a Chinese analyst deliberating on how cyber, while being its own domain, also permeates all other aspects of modern war: “If a country pays attention to building up its kinetic strike capabilities, but neglects computer network attack and EW capabilities, it will be unable to build a modern strategic air force.” 


Another interesting facet is added toward the end of the section when the authors note that “China sees offense as much easier than defense in the network domain, as is the case in space.” 


The report also emphasized the absence of discussion within PLA circles on the possible unintended consequences of launching offensive cyberattacks and the danger of inadvertent escalation.


However, the white paper, compiled by the RAND National Security Research Division (NSRD) fails to point out that most Chinese cyber capabilities are principally used for domestic control and regime survival and not for strategic strikes on the critical information infrastructure of an opponent. 


This domestic focus obviously impacts budget allocations for PLA activities in cyberspace. 


Second, there is no discussion on the PLA’s cyber espionage capabilities, which is also problematic, since targeted and sustained intelligence collection is an absolute precondition for advanced cyber offensive operations.


Third, the report fails to mention the all-important human factor in developing cyberwar capabilities. As a 2014 U.S. Army War College publication on the PLA and information warfare
points out: “The PLA also lacks a deep reservoir of personnel who can manage or operate such systems.”
The paper adds that “Chinese military leaders, however, recognize this weakness and intend to develop a talent pool of troops who can conduct or plan joint military operations, manage information systems and cyber technology, and use or maintain advanced weapon systems.”


In addition, the USCC assessment does not discuss the crucial role that the private sector plays in developing cyberwar capabilities. 


Here the PLA is fundamentally at a disadvantage vis-à-vis the United States. 


Last, the crucial connection between nuclear deterrence and the cyber domain is also not elaborated upon.

Already back in 1996, in an article in Foreign Affairs, Professor Joseph Nye and AdmiralWilliam Owens observed that “the information technologies driving America’s emerging military capabilities may change classic deterrence theory.” 


Since the paper deals with the weaknesses of the PLA, it would be have been noteworthy to point out that the PLA sense of vulnerability to cyberattacks impacts and amplifies their sense of insecurity in the nuclear deterrence realm.


The PLA’s Push for Cyber Capability
Back in 2007, at the 17th Party Congress, then Chinese President Hu Jintao called for the development of stronger cyber capabilities:


“To attain the strategic objective of building computerized armed forces and winning IT-based warfare, we will accelerate composite development of mechanization and computerization, carry out military training under IT-based conditions, modernize every aspect of logistics, intensify our efforts to train a new type of high-caliber military personnel in large numbers and change the mode of generating combat capabilities.”


China’s most recent defense white paper from 2013
points out the rationale for the rapid development of cyberwarfare capabilities:


“Aiming to win local wars under the conditions of informationization and expanding and intensifying military preparedness. China’s armed forces firmly base their military preparedness on winning local wars under the conditions of informationization, make overall and coordinated plans to promote military preparedness in all strategic directions, intensify the joint employment of different services and arms, and enhance warfighting capabilities based on information systems.”


However, so far the PLA has had a poor track record when it comes to interoperability. 


As of 2014, the Army War College paper underlines that few ground formations are networked below the regimental level, although the majority of PLA Navy, PLA Air Force units and some missile-firing battalions
have “communications and data-sharing capabilities to be networked.”


The simple truth is that much of the debate surrounding the PLA’s cyber war capabilities is mere speculation based on evidence of its undoubted success in cyber espionage.

Some people doubt that the PLA’s capabilities amount to much. 


In a 2011 paper Desmond Ball, professor at the Australian National University,
concludes: “China’s cyber-warfare authorities must despair at the breadth and depth of modern digital information and communications systems and technical expertise available to their adversaries. China is condemned to inferiority in IW [information war] capabilities for probably several decades.”


Although this statement is in all likelihood too strongly worded, the assessment points to the difficulty of publicly assessing the cyber war capabilities of the People’s Liberation Army. 


After studying the USCC report one thing is clear: There is an ever-present danger that we fall into a
“cyber weapons gap” exaggerating the capabilities of the Chinese People’s Liberation Army when it comes to waging cyber war.


No comments:

Post a Comment