Quote :

"China syndrome China bolsters its information warfare capabilities Published 24 October 2009 One of the chief strategies driving the process of modernization (known in China as "informatization") in the PLA is the coordinated use of CNO, electronic warfare (EW), and kinetic strikes designed to strike an enemy’s networked information systems, creating “blind spots” that PLA forces could exploit at predetermined times or as the tactical situation warranted The U.S.-China Economic and Security Review Commission has just come out with a new report, titled "Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation." The report offers details about the way China is integrating computer network operations (CNO) into its military operations. Of special interest to us would be the way China is using its CNSs for spying in the West. Here is the relevant section from the report's executive summary: China is likely using its maturing computer network exploitation capability to support intelligence collection against the U.S. Government and industry by conducting a long term, sophisticated, computer network exploitation campaign. The problem is characterized by disciplined, standardized operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks, and an ability to sustain activities inside targeted networks, sometimes over a period of months. Analysis of these intrusions is yielding increasing evidence that the intruders are turning to Chinese "black hat" programmers (i.e. individuals who support illegal hacking activities) for customized tools that exploit vulnerabilities in software that vendors have not yet discovered. This type of attack is known as a "zero day exploit" (or "0-day") as the defenders haven't yet started counting the days since the release of vulnerability information. Although these relationships do not prove any government affiliation, it suggests that the individuals participating in ongoing penetrations of U.S. networks have Chinese language skills and have well established ties with the Chinese underground hacker community. Alternately, it may imply that the individuals targeting US networks have access to a well resourced infrastructure that is able to broker these relationships with the Chinese blackhat hacker community and provide tool development support often while an operation is underway. The depth of resources necessary to sustain the scope of computer network exploitation targeting the U.S. and many countries around the world coupled with the extremely focused targeting of defense engineering data, U.S. military operational information, and China-related policy information is beyond the capabilities or profile of virtually all organized cybercriminal enterprises and is difficult at best without some type of state-sponsorship. The type of information often targeted for exfiltration has no inherent monetary value to cybercriminals like credit card numbers or bank account information. If the stolen information is being brokered to interested countries by a third party, the activity can still technically be considered "state-sponsored," regardless of the affiliation of the actual operators at the keyboard. The U.S. information targeted to date could potentially benefit a nation-state defense industry, space program, selected civilian high technology industries, foreign policymakers interested in US leadership thinking on key China issues, and foreign military planners building an intelligence picture of U.S. defense networks, logistics, and related military capabilities that could be exploited during a crisis. The breadth of targets and range of potential "customers" of this data suggests the existence of a collection management infrastructure or other oversight to effectively control the range of activities underway, sometimes nearly simultaneously. In a conflict with the U.S., China will likely use its CNO capabilities to attack select nodes on the military's Non-classified Internet Protocol Router Network (NIPRNET) and unclassified DoD and civilian contractor logistics networks in the continental U.S. (CONUS) and allied countries in the Asia-Pacific region. The stated goal in targeting these systems is to delay U.S. deployments and impact combat effectiveness of troops already in theater. No authoritative PLA open source document identifies the specific criteria for employing computer network attack against an adversary or what types of CNO actions PRC leaders believe constitutes an act of war. Ultimately, the only distinction between computer network exploitation and attack is the intent of the operator at the keyboard: The skill sets needed to penetrate a network for intelligence gathering purposes in peacetime are the same skills necessary to penetrate that network for offensive action during wartime. The difference is what the operator at that keyboard does with (or to) the information once inside the targeted network. If Chinese operators are, indeed, responsible for even some of the current exploitation efforts targeting U.S. Government and commercial networks, then they may have already demonstrated that they possess a mature and operationally proficient CNO capability."

Summary: http://homelandsecuritynewswire.com/single.php?id=8988

10/25/2009 11:08:20 AM

I'm on a streak of reply-less threads

10/27/2009 4:54:36 PM

You need to bold certain phrases that are inflammatory but out of context, declare that liberals are idiots, and post a roll-eyes at the end to get responses.

10/27/2009 5:00:22 PM

The Chinese are watching this thread.

And they will soon hack this site if anything really bad is sad about them here

10/27/2009 5:00:45 PM

And it would seem to me that the Ghost in a Shell has already elaborated on the very numerous ways technology can be used against someone.

This is really just a fact of life. Of course as we get more technology advanced, and other countries get more technologically advanced, they are going to probe us on those levels, because it's fairly cheap to do (compared to conventional spying and weapons) once you have the expertise.

The only thing we can really do is make sure our security is up to snuff.

We might flip out when the CIA installs spying centers in the major telecoms buildings, but the Chinese gov. has no such internal resistance.

Unless our goal is to keep the rest of the world so economically and socially subjugated that they would never possible be able to challenge us technologically, vigilance is going to be our primary defence.

10/27/2009 5:24:25 PM

If I were you guys, I'd be more worried about the US spying on you than the Chinese.

10/27/2009 7:47:18 PM

I'm sure the US has excellent information warfare capabilities from wherever we're outsourcing it.

10/27/2009 7:51:01 PM

CNO - cheap. Real military - expensive

QED

10/27/2009 9:35:15 PM

Quote :

"Unless our goal is to keep the rest of the world so economically and socially subjugated that they would never possible be able to challenge us technologically"

I'm cool with that.

10/27/2009 10:57:05 PM

I think it's a pretty interesting article highlighting some of the challenges facing the US military in the 21st century. Of course, I study this stuff as a graduate student, so I'm a bit of a nerd on this.

Nevertheless, I think this is just the gradual evolution of electronic warfare. We've already seen alleged examples of this by the Russians against Estonians and the Georgians. I wouldn't be surprised too if the United States doesn't have a few things up its sleeves as well...

10/27/2009 11:25:54 PM

fo' real... we got enough black hats in this nation that if we were REALLY attacked by some mofos... they would independently defend the USA... no need for government defense. Its like they say, "I can beat up my brother but you better not!" these hackers might act all badass but when their country is threatened, they'll step up and show those chinese hackers the door.

10/27/2009 11:37:58 PM

60 minutes report about how we are getting raped. hackers took down power grids in brazil, got all up in centcom, etc

11/8/2009 7:32:11 PM