China flexes muscles of its 'informationised' cyber army
· Pentagon attack part of long-running effort to breach US networks
· Hacking incidents seen as effort to develop computer warfare capability
- The Guardian
- Wednesday September 5 2007
When the presidents of the world's remaining superpower and the nation fast challenging for the title, George Bush of the United States and Hu Jintao of China, meet in Sydney tomorrow they had been scheduled to be talking about matters of mutual interest: trade and global warming.
Now, even if not on the formal agenda, both sides are likely to be considering the prickly issue of cyber warfare, following the revelation that the Pentagon suffered a major breach by hackers reportedly working for the Chinese military earlier this year.
Disclosure by the Financial Times that the People's Liberation Army, or PLA, assaulted part of the Pentagon's system used by policy advisers to the defence secretary, Robert Gates, is the latest and potentially most serious breach and set alarm bells ringing across the US military.
The Pentagon reportedly resisted the PLA onslaught for several months, but was finally penetrated, forcing a shutdown of that part of its network for a week. A spokesman would not comment on the assault or its source, but emphasised that any information obtained would have been unclassified. The timing of the attack, and the apparent involvement of the PLA, points to an escalation of anxiety in governments across the world.
Cyber warfare began with individuals, spread to criminal gangs, and is now reaching the realm of nation states.
The Chinese government denied the allegations but, tomorrow's presidential meeting aside, Beijing is already on the defensive over its cyber activities. Last week Angela Merkel raised the issue of cyber warfare on an official visit to China, exhorting the government to "respect a set of game rules".
The German chancellor's objections followed a report in Der Spiegel magazine that Chinese spying software had been found widely scattered through the networks of Germany's foreign and economic departments, and even in Mrs Merkel's private office.
Internet security experts have been tracking Chinese cyber warfare for several years. In 2005, US officials revealed that sweeps of US intelligence, including flight software and aircraft plans, had been going on since 2003. The hackers, codenamed Titan Rain by US investigators, were believed to be in Guangdong, a province of China with a heavy concentration of PLA which was also identified by Der Spiegel as the origin of the invasion of German government networks.
Last November, the US navy reported a military computer had been attacked, probably by Chinese, though it was unclear whether the hackers were commercial or state-inspired. In July, the state department was reportedly investigating a break-in affecting its work across the world; it was suggested hackers had targeted anything relating to China and North Korea, though it is possible that criminal, as opposed to political or military, hackers were using that as a front to disguise their intentions.
The threat of state-sponsored hacking is dominating the thoughts of security officials around the world. Some suggest as many as 120 countries are actively pursuing cyber warfare. China has spelled out in a white paper that what it calls "informationised armed forces" are one of the three pillars of its military strategy, setting itself the target building a cyber army which could win such a war by 2050.
The extent of cyber warfare was underlined earlier this year when the Guardian revealed that Estonia had been almost overwhelmed by an attack believed to have originated inside Russia which rendered a number of government websites useless and was described by officials as a "very serious disturbance".
The US is particularly vulnerable, both because of the extent of interest in its activities around the world, and because of the sheer size of its systems. The Pentagon operates 3.5m computers across 65 countries, including 35 internal networks.
Its most sensitive network, Siprnet, is for secret information, and is thought never to have been hacked. Non-classified information passes through the less secure Niprnet; it is in one segment of this network the Chinese operation is believed to have pierced.
Though the Pentagon stressed that any emails intercepted would be unclassified, that does not inherently rule out disruption. Sami Saydjari, who worked as a Pentagon cyber expert for 13 years and now runs a private company, Cyber Defence Agency, said: "If someone is able to attack information that is needed by decision makers, or that is crucial to organising logistics and supply lines of an army on the ground, that means they can induce chaos in a nation."
It is not clear exactly how the hackers gained access to the Pentagon. It may be they deployed the principle of "elevating privilege", said Dan Haagman of the computer forensics company 7Safe. That would involve breaking into a single, unsecured computer used for mundane administrative tasks, then using its flaws to step across to other computers higher up the chain of command.
The pattern would be similar to that used by the British hacker Gary McKinnon, currently fighting extradition to the US after allegedly breaking into Pentagon and Nasa computers. In the German case, Der Spiegel said a so-called Trojan program implanted in Microsoft Word documents and PowerPoint files had been used to infect systems .
Other ways include viruses, worms, and "denial of service", where a computer system is bombarded with so much information it becomes inoperable. "We have gone well beyond teenagers who want their egos boosted. We're now into the organised kind of state activity that is truly serious," said Jody Westby, at CyLab based at Carnegie Mellon University.
The US strategic commander, General James Cartwright, this year gave a frank assessment in which he said that the military's defence against cyber warfare was disjointed, passive and "dysfunctional".