China’s cyber army is preparing to march on America, says Pentagon
Tim Reid in Washington
Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.
The blueprint for such an assault, drawn up by two hackers working for the People’s Liberation Army (PLA), is part of an aggressive push by Beijing to achieve “electronic dominance” over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.
China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities early in a conflict, according to military documents and generals’ speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that China’s military regards offensive computer operations as “critical to seize the initiative” in the first stage of a war.
The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping. It also emerged this week that the Chinese military hacked into the US Defence Secretary’s computer system in June; have regularly penetrated computers in at least 10 Whitehall departments, including military files, and infiltrated German government systems this year.
China ‘tops list’ of cyber-hackers
Nasty effects of China syndrome
Cyber attacks by China have become so frequent and aggressive that President Bush, without referring directly to Beijing, said this week that “a lot of our systems are vulnerable to attack”. He indicated that he would raise the subject with Hu Jintao, the Chinese President, when they met in Sydney at the Apec summit. Mr Hu denied that China was responsible for the attack on Robert Gates, the US Defence Secretary.
Larry M. Wortzel, the author of the US Army War College report, said: “The thing that should give us pause is that in many Chinese military manuals they identify the US as the country they are most likely to go to war with. They are moving very rapidly to master this new form of warfare.” The two PLA hackers produced a “virtual guidebook for electronic warfare and jamming” after studying dozens of US and Nato manuals on military tactics, according to the document.
The Pentagon logged more than 79,000 attempted intrusions in 2005. About 1,300 were successful, including the penetration of computers linked to the Army’s 101st and 82nd Airborne Divisions and the 4th Infantry Division. In August and September of that year Chinese hackers penetrated US State Department computers in several parts of the world. Hundreds of computers had to be replaced or taken offline for months. Chinese hackers also disrupted the US Naval War College’s network in November, forcing the college to shut down its computer systems for several weeks. The Pentagon uses more than 5 million computers on 100,000 networks in 65 countries.
Jim Melnick, a recently retired Pentagon computer network analyst, told The Times that the Chinese military holds hacking competitions to identify and recruit talented members for its cyber army.
He described a competition held two years ago in Sichuan province, southwest China. The winner now uses a cyber nom de guerre, Wicked Rose. He went on to set up a hacking business that penetrated computers at a defence contractor for US aerospace. Mr Melnick said that the PLA probably outsourced its hacking efforts to such individuals. “These guys are very good,” he said. “We don’t know for sure that Wicked Rose and people like him work for the PLA. But it seems logical. And it also allows the Chinese leadership to have plausible deniability.”
In February a massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation. Pro-Russian hackers attacked numerous sites to protest against the controversial removal in Estonia of a Russian memorial to victims of the Second World War. The attacks brought down government websites, a major bank and telephone networks.
Linton Wells, the chief computer networks official at the Pentagon, said that the Estonia attacks “may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society”.
After the attacks, computer security experts from Nato, the EU, US and Israel arrived in the capital, Tallinn, to study its effects.
Sami Saydjari, who has been working on cyber defence systems for the Pentagon since the 1980s, told Congress in testimony on April 25 that a mass cyber attack could leave 70 per cent of the US without electrical power for six months.
He told The Times that all major nations – including China – were scrambling to defend against, and working out ways to cause, “maximum strategic damage” by taking out banking systems, power grids and communications networks. He said that there were at least a thousand attempted attacks every hour on American computers. “China is aggressive in this,” he said.
Programmed to attack
Malware: a “Trojan horse” programme, which hides a “malicious code” behind an innocent document, can collect usernames and passwords for e-mail accounts. It can download programmes and relay attacks against other computers. An infected computer can be controlled by the attacker and directed to carry out functions normally available only to the system owner.
Hacking: increasingly a method of attack used by countries determined to use electronic means to gain access to secrets. Government computers in Britain have a network intrusion detection system, which monitors traffic and alerts officials to “misuse or anomalous behaviour”.
Botnets: compromised networks that an attacker can exploit. Deliberate programming errors in software can easily pass undetected. Attackers can exploit the errors to take control of a computer. Botnets can be used for stealing information or to collect credit card numbers by “sniffing” or logging the strokes of a victim’s keyboard.
Keystroke loggers: they record the sequence of key strokes that a user types in. Logging devices can be fitted inside the computer itself.
Denial of service attacks: overloading a computer system so that it can no longer function. This is the method allegedly used by the Russians to disrupt the Estonian government computers in May.
Phishing and spoofing: designed to trick an organisation’s customers into imparting confidential information such as passwords, personal data or banking details. Those using this method impersonate a “trusted source” such as a bank or IT helpdesk to persuade the victim to hand over confidential information. (Michael Evans)