China IS Hacker Central

Last month, I watched a Chinese hacker try to crack this blog.

Xi’an /wp-login.php?registration=disabled 6

Xi’an / 5

Xi’an/wp-login.php 1

For China, hacking may be all about Sun Tzu and World War III


www.zdnet.com/for-china-hacking-may-be-all-about-sun-tzu-and-world-war-iii-7000015988/

…And neither side, experts said, is ready to discuss military espionage, which means the conversation will necessarily focus on the theft of corporate secrets by China-based hackers. On that subject, they said, Mr. Obama needs to be unyielding.

“Obama has got to say, ‘You’ve got a major hacking operation under way in Beijing, you’ve got a major hacking operation under way in Shanghai. This is going to have repercussions if we don’t see changes very quickly,’” said Kenneth G. Lieberthal, a China adviser in the Clinton administration who is now at the Brookings Institution.


www.nytimes.com/2013/06/02/world/asia/us-and-china-to-hold-talks-on-hacking.html

US-China summit sidesteps cyber-espionage issue
Obama’s meeting with Xi overshadowed by revelations of NSA’s snooping – but deals are made on N Korea and HFCs

Xi Jinping and Barack Oba 010 China IS Hacker Central

Xi Jinping chastised US media for failing to report equally on cyber-attacks made against China. Photograph: Evan Vucci/AP

www.guardian.co.uk/world/2013/jun/09/us-china-summit-barack-obama-xi-jinping

June 10, 2013, 1:00 p.m. ET
China’s Cyber Stonewall
Beijing won’t stop until it pays a price for its Internet thievery.

Chinese President Xi Jinping and President Obama emerged from their “shirt-sleeve summit” on the weekend touting new cooperation on climate change and North Korea. The big exception to this new era of good feeling? China’s cyber attacks against U.S. private and government targets, on which Mr. Xi gave no ground.

U.S. officials say Mr. Xi refused even to acknowledge Beijing’s responsibility and insisted that China is the main victim of cyber spying. In brief public remarks, Mr. Obama responded that the U.S. is going to need better cyber defenses “even as we negotiate with other countries around setting up common rules of the road.”

Rules of the road? Mr. Obama is going to have to do better than that if he wants to stop China’s cyber attacks. The Chinese don’t even concede there’s a road that requires rules. The U.S. strategy seems to be to ask China to join a global cyber arms-control regime when China is the world’s major promoter and beneficiary of cyber warfare. Parchment promises rarely work in world affairs, but they have no chance in this case until China pays a price for its thievery.

In 1991, Beijing watched the U.S. military rout Saddam Hussein and recognized the same could happen to the People’s Liberation Army. Chinese leaders resolved to study U.S. “network-centric warfare,” mimic it in part, and attack it asymmetrically. China would try to get inside U.S. networks, steal their secrets and find vulnerabilities.

Two decades later, China is a confident military power that bullies its neighbors and has the Pentagon concerned about its expanding navy, anti-satellite missiles and especially its ability to sabotage American military systems and electricity grid. Cyber attacks were essential to this great military leap forward, and Beijing won’t give them up merely because Washington asks.

China also gains economically from cyber spying. Years of Chinese commercial cyber theft have yielded “the greatest transfer of wealth in history,” says U.S. National Security Agency Director Keith Alexander. To maintain rapid growth, China needs technology that its domestic firms don’t produce and that means pillaging foreign intellectual property.

Jeffrey Bader, a White House adviser on China until 2011, told the New York Times that one cyber arms-control idea is “a bilateral ‘no sabotage’ pledge.” But how could such a pledge be enforced? As a technical matter, acts of cyber sabotage look like mere espionage until, with the click of a mouse, it’s too late. “Any adversary that can spy can also harm—the only limitation is his intent,” wrote Richard Bejtlich of the cyber security firm Mandiant recently. “In cyberspace, the power to steal is the power to destroy.”

Some argue that cyber norms would be valuable even if China initially ignored them, because diplomatic isolation and reputational damage could pressure Beijing over time to change course. But moral shame has not persuaded Communist leaders to end their support for global rogues like the Kim regime in North Korea.

Consider the 1972 U.S.-Soviet agreement on preventing incidents at sea, a rare Cold War deal that mostly worked—but only because the Soviet navy was fairly professional and subject to civilian control. China’s navy responds with curses when U.S. vessels give customary salutes at sea and has threatened U.S. and Japanese ships with weapons-guiding radar. It isn’t even clear that Beijing’s civilian leaders control the PLA.

Three years ago the U.S. and 14 other countries asked the United Nations to begin drafting cyber norms. That process grinds on with little progress. In September 2011, Chinese and Russian diplomats submitted a draft U.N. resolution that would curb “information which incites terrorism, secessionism, extremism, or undermines other nations’ political, economic, and social stability, as well as their spiritual and cultural environment.” That’s language from the authoritarian handbook for squelching free speech, not stopping cyber raids on the West.

Mr. Obama deserves credit for elevating cyber war to the top of the U.S.-China relationship, but Chinese leaders will stonewall until they see there is some cost to their stealing. The U.S. needs better cyber defenses, private and public, but it also needs a better offense.

This may mean sanctions against Chinese firms and individuals that benefit from cyber theft, as well as against military officials who practice it. But even those steps probably won’t matter unless the Chinese begin to see that their own military and business assets are vulnerable to cyber attack. Arms control won’t stop China’s cyber theft. The fear of counter cyber warfare might.

http://online.wsj.com/article/SB10001424127887323844804578528832874199480.html

A subtle defrosting in China’s chilly war with America


www.ft.com/intl/cms/s/0/594776d2-d1ba-11e2-9336-00144feab7de.html

“China is, in essence, a very narrow-minded, self-interested, realist state, seeking only to maximize its own national interests and power. It cares little for global governance and enforcing global standards of behavior (except its much-vaunted doctrine of noninterference in the internal affairs of countries). Its economic policies are mercantilist and its diplomacy is passive. China is also a lonely strategic power, with no allies and experiencing distrust and strained relationships with much of the world.”


www.washingtonpost.com/opinions/fareed-zakaria-china-is-not-a-superpower-yet/2013/06/05/cbeb88e0-cdfa-11e2-8845-d970ccb04497_story.html

toles05292013 China IS Hacker Central

Chinese Military Group Linked to Hacks of More Than 100 Companies

APT1 Victims China IS Hacker Central

Hierarchical Structure of Chinas Hacking Apparatus Mandiant China IS Hacker Central

http://www.wired.com/threatlevel/2013/02/chinese-army-linked-to-hacks/

chinese military at computers possibly hacking 640x353 China IS Hacker Central

AUSTRALIAN LAWMAKER CONFIRMS CHINA HACKED SPY BASE

http://hosted.ap.org/dynamic/stories/A/AS_AUSTRALIA_CHINESE_HACKERS?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2013-05-28-05-45-23

Updated April 22, 2013, 10:48 p.m. ET
China: Cyberattacks Are Like Nuclear Bombs

By ANDREW BROWNE

BEIJING—Cyberattacks could be “as serious as a nuclear bomb,” according to a top Chinese general, who rejected suggestions that the Chinese military is behind cyberspying aimed at Western companies.

Gen. Fang Fenghui, chief of staff of the People’s Liberation Army, made the comments after meeting with his U.S. counterpart Martin Dempsey, chairman of the Joint Chiefs of Staff.

was one of a number of sensitive issues covered. The Obama administration is looking at options to confront Beijing over the issue, including trade sanctions, diplomatic pressure and indictments of Chinese nationals in U.S. Courts.

Gen. Fang denied allegations that the army sponsors hacking against Western companies to steal commercial secrets. “None of these activities is tolerated here in China,” he said at a news conference. If Internet security can’t be guaranteed, “the damaging consequences may be as serious as a nuclear bomb.”

He also suggested it was hard to trace the source of attacks, saying “the Internet is open to anyone, and anyone can launch attacks from the place where they live, from their own country or from another country.” The general reiterated that China itself is a victim of cyberattacks. “We should jointly work on this,” he said.

Meantime, Gen. Fang repeated the consistent Chinese line that North Korea’s nuclear threat is best dealt with through negotiation, even though he said it was possible Pyongyang could conduct a fourth nuclear test despite U.N. sanctions that China helped draft following the latest test by China’s close ally.

He urged restraint from all sides, comments suggesting Beijing thinks Washington as much as Pyongyang should take responsibility for calming tensions in North Asia.

Secretary of State John Kerry, on a visit to China this month, made little headway in trying to persuade Beijing to publicly rebuke North Korea after it threatened to attack U.S. and allied targets in North Asia and the Pacific.

The first face-to-face meeting between the two chiefs of staff was part of an effort to rebuild military-to-military ties between the U.S. and China that are strained by U.S. arms sales to Taiwan.

OB XE515 cmilit G 20130422235051 China IS Hacker Central

Military relations have lagged behind other aspects of the engagement between the U.S. and China, whose economies are deeply entwined. There is a sense of strategic distrust between the two powers, as China becomes more assertive in Asia and as the U.S. refocuses its attention on the world’s most economically dynamic region.

But Gen. Fang struck a conciliatory tone. “The Pacific Ocean is wide enough to accommodate us both,” he said, though adding that each country should respect the other’s “core interests.” China’s expansive interests in the region include a claim to sovereignty over almost the entire South China Sea, which brings it into conflict with many of its smaller neighbors.

Gen. Fang said it is important for the two countries “to avoid vicious competition, friction, or even confrontation in this area.”

Gen. Dempsey said the U.S. wants a “healthy, stable and reliable” military-to-military relations with China. “The U.S. is a Pacific power,” he said, adding that Washington seeks to be a stabilizing presence in the region and “the absence of a U.S. presence would be destabilizing.”

China believes the U.S. aims to contain China’s rise in the world. It feels hemmed in by a string of U.S. military alliances in the region stretching from Japan all the way to Australia.

Repeated Warnings

May 2012 U.S. provides detailed evidence to Chinese government of cyberespionage against U.S. companies.

July National Security Adviser Donilon raises cybersecurity concerns privately with China.
Summer U.S. companies bring complaints of Chinese hacking to federal agencies.

January 2013 U.S. issues formal démarche to China on cyberespionage.

February President Obama signs executive order to bolster cybersecurity.

Feb. 28 China’s Ministry of Defense says two military websites were the targets of numerous cyberattacks in 2012, most originating in the U.S.

March 11 Mr. Donilon calls on China to investigate and stop cyberspying.

March 12 Director of National Intelligence James Clapper places cybersecurity at top of his list of national-security threats.

March 14 Mr. Obama raises cybersecurity in a phone call with Chinese President Xi Jinping.

April 13 Secretary of State Kerry says the two countries will create a working group on cybersecurity.

http://online.wsj.com/article/SB10001424127887323551004578438842382520654.html?mod=WSJ_hpp_LEFTTopStories&cb=logged0.33743261476047337

Someone found a college recruitment notice to join China’s alleged military hacker team

unit notice China IS Hacker Central


www.washingtonpost.com/blogs/worldviews/wp/2013/02/20/someone-found-a-recruitment-notice-to-join-chinas-alleged-military-hacker-team/

feature hackers08  01  630x420 China IS Hacker Central

Cyb3rsleuth said he felt like he’d found the face of a ghost when he saw pictures on a blog linked to Zhang Changhe

A Chinese Hacker’s Identity Unmasked
By Dune Lawrence and Michael Riley on February 14, 2013

Joe Stewart’s day starts at 6:30 a.m. in Myrtle Beach, S.C., with a peanut butter sandwich, a sugar-free Red Bull, and 50,000 or so pieces of malware waiting in his e-mail in-box. Stewart, 42, is the director of malware research at Dell SecureWorks, a unit of Dell (DELL), and he spends his days hunting for Internet spies. Malware is the blanket term for malicious software that lets hackers take over your computer; clients and fellow researchers constantly send Stewart suspicious specimens harvested from networks under attack. His job is to sort through the toxic haul and isolate anything he hasn’t seen before: He looks for things like software that can let hackers break into databases, control security cameras, and monitor e-mail.

Within the industry, Stewart is well-known. In 2003 he unraveled one of the first spam botnets, which let hackers commandeer tens of thousands of computers at once and order them to stuff in-boxes with millions of unwanted e-mails. He spent a decade helping to keep online criminals from breaking into bank accounts and such. In 2011, Stewart turned his sights on China. “I thought I’d have this figured out in two months,” he says. Two years later, trying to identify Chinese malware and develop countermeasures is pretty much all he does.

Computer attacks from China occasionally cause a flurry of headlines, as did last month’s hack on the New York Times (NYT). An earlier wave of media attention crested in 2010, when Google (GOOG) and Intel (INTC) announced they’d been hacked. But these reports don’t convey the unrelenting nature of the attacks. It’s not a matter of isolated incidents; it’s a continuous invasion.

Malware from China has inundated the Internet, targeting Fortune 500 companies, tech startups, government agencies, news organizations, embassies, universities, law firms, and anything else with intellectual property to protect. A recently prepared secret intelligence assessment described this month in the Washington Post found that the U.S. is the target of a massive and prolonged computer espionage campaign from China that threatens the U.S. economy. With the possible exceptions of the U.S. Department of Defense and a handful of three-letter agencies, the victims are outmatched by an enemy with vast resources and a long head start.

Stewart says he meets more and more people in his trade focused on China, though few want that known publicly, either because their companies have access to classified data or fear repercussions from the mainland. What makes him unusual is his willingness to share his findings with other researchers. His motivation is part obsession with solving puzzles, part sense of fair play. “Seeing the U.S. economy go south, with high unemployment and all these great companies being hit by China … I just don’t like that,” he says. “If they did it fair and square, more power to them. But to cheat at it is wrong.”

Stewart tracks about 24,000 Internet domains, which he says Chinese spies have rented or hacked for the purpose of espionage. They include a marketing company in Texas and a personal website belonging to a well-known political figure in Washington. He catalogs the malware he finds into categories, which usually correspond to particular hacking teams in China. He says around 10 teams have deployed 300 malware groups, double the count of 10 months ago. “There is a tremendous amount of manpower being thrown at this from their side,” he says.

Investigators at dozens of commercial security companies suspect many if not most of those hackers either are military or take their orders from some of China’s many intelligence or surveillance organizations. In general, they say the attacks are too organized and the scope too vast to be the work of freelancers. Secret diplomatic cables published by WikiLeaks connected the well-publicized hack of Google to Politburo officials, and the U.S. government has long had classified intelligence tracing some of the attacks to hackers linked to the People’s Liberation Army (PLA), according to former intelligence officials. None of that evidence is public, however, and China’s authorities have for years denied any involvement.

Up to now, private-sector researchers such as Stewart have had scant success putting faces to the hacks. There have been faint clues left behind—aliases used in domain registrations, old online profiles, or posts on discussion boards that give the odd glimpse of hackers at work—but rarely an identity. Occasionally, though, hackers mess up. Recently, one hacker’s mistakes led a reporter right to his door.

Stewart works in a dingy gray building surrounded by a barbed-wire fence. A small sign on a keycode-locked door identifies it as Dell SecureWorks. With one other researcher, Stewart runs a patchwork of more than 30 computers that fill his small office. As he examines malware samples, he shifts between data-filled screens and white boards scribbled with technical terms and notes on Chinese intelligence agencies.

feature hackers08  02  inline605 China IS Hacker Central

Photograph by Stephen Morton/Bloomberg

Dell SecureWorks’s Myrtle Beach facility

The computers in his office mostly run programs he wrote himself to dissect and sort the malware and figure out whether he’s dealing with variations of old code or something entirely new. As the computers turn up code, Stewart looks for signature tricks that help him identify the work of an author or a team; software writers compare it with the unique slant and curlicues of individual handwriting. It’s a methodical, technical slog that would bore or baffle most people but suits Stewart. He clearly likes patterns. After work, he relaxes with a 15-minute session on his drum kit, playing the same phrase over and over.

A big part of Stewart’s task is figuring out how malware is built, which he does to an astonishing level of detail. He can tell the language of the computer on which it was coded—helping distinguish the malware deployed by Russian criminal syndicates from those used by Chinese spies. The most important thing he does, however, is figure out who or what the software is talking to. Once inside a computer, malware is set up to signal a server or several servers scattered across the globe, seeking further marching orders. This is known in the information security business as “phoning home.” Stewart and his fellow sleuths have found tens of thousands of such domains, known as command and control nodes, from which the hackers direct their attacks.

Discovery of a command node spurs a noticeable rise in pitch in Stewart’s voice, which is about as much excitement as he displays to visitors. If a company getting hacked knows the Internet Protocol (IP) address of a command node, it can shut down all communication with that address. “Our top objective is to find out about the tools and the techniques and the malware that they’re using, so we can block it,” Stewart says.

The Internet is like a map, and every point—every IP—on that map belongs to someone with a name and an address recorded in its registration. Spies, naturally, tend not to use their real names, and with most of the Internet addresses Stewart examines, the identifying details are patently fake. But there are ways to get to the truth.

In March 2011, Stewart was examining a piece of malware that looked different from the typical handiwork of Russian or Eastern European identity thieves. As he began to explore the command nodes connected to the suspicious code, Stewart noticed that since 2004, about a dozen had been registered under the same one or two names—Tawnya Grilth or Eric Charles—both listing the same Hotmail account and usually a city in California. Several were registered in the wonderfully misspelled city of Sin Digoo.

Some of the addresses had also figured in Chinese espionage campaigns documented by other researchers. They were part of a block of about 2,000 addresses belonging to China Unicom (CHU), one of the country’s largest Internet service providers. Trails of hacks had led Stewart to this cluster of addresses again and again, and he believes they are used by one of China’s top two digital spying teams, which he calls the Beijing Group. This is about as far as Stewart and his fellow detectives usually get—to a place and a probable group, but not to individual hackers. But he got a lucky break over the next few months.

Tawnya Grilth registered a command node using the URL dellpc.us. It was a little too close to the name of Stewart’s employer. So Stewart says he contacted Icann (the Internet Corporation for Assigned Names and Numbers), the organization that oversees Internet addresses and arbitrates disputes over names. Stewart argued that by using the word Dell, the hackers had violated his employer’s trademark. Grilth never responded, and Icann agreed with Stewart and handed over control of the domain. By November 2011 he could see hacked computers phoning home from all over the world—he was watching an active espionage campaign in progress.

He monitored the activity for about three months, slowly identifying victim computers. By January 2012, Stewart had mapped as many as 200 compromised machines across the globe. Many were within government ministries in Vietnam, Brunei, and Myanmar, as well as oil companies, a newspaper, a nuclear safety agency, and an embassy in mainland China. Stewart says he’d never seen such extensive targeting focused on these countries in Southeast Asia. He broadened his search of IP addresses registered either by Tawnya Grilth or “her” e-mail address, jeno_1980@hotmail.com, and found several more. One listed a contact with the handle xxgchappy. The new addresses led to even more links, including discussion board posts on malware techniques and the website rootkit.com, a malware repository where researchers study hacking techniques from all over the world.

Then Stewart discovered something much more unusual: One of the domains hosted an actual business—one that offered, for a fee, to generate positive posts and “likes” on social network sites such as Twitter and Facebook (FB). Stewart found a profile under the name Tawnya on the hacker forum BlackHatWorld promoting the site and a PayPal (EBAY) account that collected fees and funneled them to a Gmail account that incorporated the surname Zhang. Stewart was amazed that the hacker had exposed his or her personal life to such a degree.

In February 2012, Stewart published a 19-page report on SecureWorks’s website to coincide with the RSA Conference in San Francisco, one of the biggest security industry events of the year. He prefaced it with an epigraph from Sun Tzu’s The Art of War: “We cannot enter into informed alliances until we are acquainted with the designs of our neighbors and the plans of our adversaries.”

Stewart didn’t pursue Zhang. His job was done. He learned enough to protect his customers and moved on to the other countless bits of malware. But his report generated interest in the security world, because it’s so difficult to find any traces of a hacker’s identity. In particular, Stewart’s work intrigued another researcher who immediately took up the challenge of unmasking Tawnya Grilth. That researcher is a 33-year-old who blogs under the name Cyb3rsleuth, an identity he says he keeps separate from his job running an India-based computer intelligence company. He asked that his name not be used to avoid unwanted attention, including hacking attempts on his company.

Cyb3rsleuth says he’d already found a calling in outing the identities of Eastern European hackers and claims to have handed over information on two individuals to government authorities. Stewart’s work inspired him to post his findings publicly, and he says he hopes that unearthing more details on individual hackers will give governments the evidence to take action. The hackers are human and make mistakes, so the trick is finding the connection that leads to a real identity, Cyb3rsleuth says.

As Stewart’s new collaborator dug in, the window into Tawnya Grilth’s world expanded. There were posts on a car forum; an account on a Chinese hacker site; and personal photos, including one showing a man and a woman bundled up against the wind at what looked like a tourist site with a pagoda in the background.

Cyb3rsleuth followed the trail of the hacker’s efforts to drum up business for the social media promotion service through aliases and forums tied to the Hotmail account. He eventually stumbled on a second business, this one with a physical location. The company, Henan Mobile Network, was a mobile-phone wholesaler, according to business directories and online promotional posts. The shop’s website was registered using the Jeno Hotmail account and the Eric Charles pseudonym.

Cyb3rsleuth checked an online Chinese business directory for technology companies and turned up not only a telephone number for the company but also a contact name, Mr. Zhang, and an address in Zhengzhou, a city of more than 8 million in the central Chinese province of Henan. The directory listing gave three account numbers for the Chinese instant-messaging service called QQ. The service works along the lines of MSN Messenger, with each account designated by a unique number. One of those accounts used an alternate e-mail that incorporated the handle xxgchappy and listed the user’s occupation as “education.”

Putting that e-mail into Chinese search engines, Cyb3rsleuth found it was also registered on Kaixin001.com, a Chinese Facebook-style site, to a Zhang Changhe in Zhengzhou. Zhang’s profile image on Kaixin is of a blooming lotus, a traditional Buddhist symbol. Going back to the QQ account, Cyb3rsleuth found a blog linked to it, again with a Buddha-themed profile picture, whose user went by Changhe—the same pronunciation as the Kaixin user’s given name, though rendered in different characters. The blog contained musings on Buddhist faith, including this, from a post written in Chinese and titled “”: “It’s Jan. 31, 2012 today, I’ve been a convert to Buddhism for almost five years. In the past five years, I broke all the Five Precepts—no killing living beings, no stealing, no sexual misconduct, no lies, and no alcohol, and I feel so repentant.” Amid his list of sins, from lack of sympathy to defensiveness to lying, is No. 4: “I continuously and shamelessly stole, hope I can stop in the future.”

The same QQ number appears on an auto forum called xCar, where the user is listed as belonging to a club for owners of the Dongfeng Peugeot 307—a sporty four-door popular among China’s emerging middle class—and where the user asked, circa 2007, about places to buy a special license-plate holder.

In a photo taken in 2009, Zhang stands on a beach, squinting into the sun with his back to the waves, arm in arm with a woman the caption says is his wife—the same person as in the pagoda picture. His bushy hair is cut short over a young face.

In March, Cyb3rsleuth published what he found on his personal blog, hoping that someone—governments, the research community, or some of the many hacking victims—would act. He knows of no response so far. Still, he’s excited. He’d found the face of a ghost, he says.

The city of Zhengzhou sprawls near the Yellow River in Henan province. The municipal government website describes it as “an example of a remarkably fast-changing city in China (without minor tourism clutter).” Kung-fu fans pass through on their way to the Shaolin Temple, a center of Buddhism and martial arts, 56 miles to the southwest. The city mostly serves as a gigantic transit hub for people and goods moving by rail to other places all over China.

About a 500-meter walk south from the central railway station is a tan, seven-story building with a dirty facade and red characters that read Central Plains Communications Digital City. The building is full of tiny shops, many selling electronics. The address listed for Zhang’s mobile-phone business is on the fourth floor, room A420.

feature hackers08  03  inline605 China IS Hacker Central

Central Plains Communications Digital City in Zhengzhou

Under dim fluorescent lights, two young clerks tell a reporter that they don’t know Zhang Changhe or Henan Mobile Network. The commercial manager of the building, Wang Yan, says the previous tenant of A420 moved out three years ago; she says she has no idea what the business had been, except that the proprietors weren’t there very often and that the operation didn’t last long.

A Chinese-language search on Google turns up a link to several academic papers co-authored by a Zhang Changhe. One, from 2005, relates to computer espionage methods. He also contributed to research on a Windows rootkit, an advanced hacking technique, in 2007. In 2011, Zhang co-authored an analysis of the security flaws in a type of computer memory and the attack vectors for it. The papers identified Zhang as working at the PLA Information Engineering University. The institution is one of China’s principal centers for electronic intelligence, where professors train junior officers to serve in operations throughout China, says Mark Stokes of the Project 2049 Institute, a think tank in Washington. It’s as if the U.S. National Security Agency had a university.

The gated campus of the PLA Information Engineering University is in Zhengzhou, about four miles north of Zhang Changhe’s mobile shop. The main entrance is at the end of a tree-lined lane, and uniformed men and women come and go, with guards checking vehicles and identification cards. Reached on a cell-phone number listed on the QQ blog, Zhang confirms his identity as a teacher at the university, adding that he was away from Zhengzhou on a work trip. Asked if he still maintained the Henan Mobile telephone business, he says: “No longer, sorry.” About his links to hacking and the command node domains, Zhang says: “I’m not sure.” About what he teaches at the university: “It’s not convenient for me to talk about that.” He denies working for the government, says he won’t answer further questions about his job, and hangs up.

Stewart continues to uncover clues that point to Zhang’s involvement in computer network intrusions. A piece of malware SecureWorks discovered last year and dubbed Mirage infected more than 100 computers, mainly in Taiwan and the Philippines. Tawnya Grilth owned one of the command domains. Late last year, Stewart was looking at malware hitting Russian and Ukrainian government and defense targets. The only other sample of that kind of malware he could find in his database was one that phoned home to a command node at AlexaUp.info. The billing name used in the registration: Zhang Changhe. Stewart says Zhang is affiliated with the Beijing Group, which probably involves dozens of people, from programmers to those handling the infrastructure of command centers to those who translate stolen documents and data. As Stewart discusses this, his voice is flat. He’s realistic. Outing one person involved in the hacking teams won’t stop computer intrusions from China. Zhang’s a cog in a much larger machine and, given how large China’s operations have become, finding more Zhangs may get easier. Show enough of this evidence, Stewart figures, and eventually the Chinese government can’t deny its role. “It might take several more years of piling on reports like that to make that weight of evidence so strong that it’s laughable, and they say, ‘Oh, it was us,’ ” says Stewart. “I don’t know that they’ll stop, but I would like to make it a lot harder for them to get away with it.”

feature hackers08  01  inline304 China IS Hacker Central

Gate to the PLA Information Engineering University

www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked

GRAPHIC

http://www.nytimes.com/interactive/2013/02/18/business/Industries-Targeted-by-the-Hackers.html

Chinese Army Unit Is Seen as Tied to Hacking Against U.S.

Hack articleLarge China IS Hacker Central

This 12-story building on the outskirts of Shanghai is the headquarters of Unit 61398 of the People’s Liberation Army. China’s defense ministry has denied that it is responsible for initiating digital attacks.

By DAVID E. SANGER, DAVID BARBOZA and NICOLE PERLROTH
Published: February 18, 2013

On the outskirts of Shanghai, in a run-down neighborhood dominated by a 12-story white office tower, sits a People’s Liberation Army base for China’s growing corps of cyberwarriors.

The building off Datong Road, surrounded by restaurants, massage parlors and a wine importer, is the headquarters of P.L.A. Unit 61398. A growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate in and around the white tower.

An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the military unit’s headquarters. The firm was not able to place the hackers inside the 12-story building, but makes a case there is no other plausible explanation for why so many attacks come out of one comparatively small area.

“Either they are coming from inside Unit 61398,” said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, “or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood.”

Other security firms that have tracked “Comment Crew” say they also believe the group is state-sponsored, and a recent classified National Intelligence Estimate, issued as a consensus document for all 16 of the United States intelligence agencies, makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like Unit 61398, according to officials with knowledge of its classified content.

Mandiant provided an advance copy of its report to The New York Times, saying it hoped to “bring visibility to the issues addressed in the report.” Times reporters then tested the conclusions with other experts, both inside and outside government, who have examined links between the hacking groups and the army (Mandiant was hired by The New York Times Company to investigate a sophisticated Chinese-origin attack on its news operations, but concluded it was not the work of Comment Crew, but another Chinese group. The firm is not currently working for the Times Company but it is in discussions about a business relationship.)

While Comment Crew has drained terabytes of data from companies like Coca-Cola, increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America. The unit was also among those that attacked the computer security firm RSA, whose computer codes protect confidential corporate and government databases.

Contacted Monday, officials at the Chinese embassy in Washington again insisted that their government does not engage in computer hacking, and that such activity is illegal. They describe China itself as a victim of computer hacking, and point out, accurately, that there are many hacking groups inside the United States. But in recent years the Chinese attacks have grown significantly, security researchers say. Mandiant has detected more than 140 Comment Crew intrusions since 2006. American intelligence agencies and private security firms that track many of the 20 or so other Chinese groups every day say those groups appear to be contractors with links to the unit.

And the Chinese Ministry of Foreign Affairs said Tuesday that the allegations were ‘‘unprofessional.’’

‘‘Making unfounded accusations based on preliminary results is both irresponsible and unprofessional, and is not helpful for the resolution of the relevant problem,’’ said Hong Lei, a ministry spokesman. ‘

‘China resolutely opposes hacking actions and has established relevant laws and regulations and taken strict law enforcement measures to defend against online hacking activities.’’

4 PAGES


www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

Chinese hackers outed themselves by logging into their personal Facebook accounts


www.washingtonpost.com/blogs/worldviews/wp/2013/02/19/chinese-hackers-outed-themselves-by-logging-into-their-personal-facebook-accounts/

White House warns of cyber threat from ‘aggressive’ China and Russia
US outlines new strategy to deal with theft of trade secrets and says pair remain ‘capable collectors of sensitive information’


Kin Cheung/AP – Foreign Minister Yang Jiechi has rejected allegations that China’s military is behind hacking attacks on U.S. targets.

www.washingtonpost.com/world/national-security/us-publicly-calls-on-china-to-stop-commercial-cyber-espionage-theft-of-trade-secrets/2013/03/11/28b21d12-8a82-11e2-a051-6810d606108d_story.html

Pentagon: Chinese government, military behind cyberspying


www.washingtonpost.com/world/national-security/pentagon-chinese-government-military-behind-cyberspying/2013/05/06/f4851618-b694-11e2-b94c-b684dda07add_story.html

Vast majority of global cyber-espionage emanates from China, report finds


www.washingtonpost.com/business/technology/vast-majority-of-global-cyber-espionage-emanates-from-china-report-finds/2013/04/22/61f52486-ab5f-11e2-b6fd-ba6f5f26d70e_story.html

Chinese cyberspies have hacked most Washington institutions, experts say

http://www.washingtonpost.com/business/technology/chinese-cyberspies-have-hacked-most-washington-institutions-experts-say/2013/02/20/ae4d5120-7615-11e2-95e4-6148e45d7adb_story.html

GRAPHIC

Industries Targeted by the Hackers


www.nytimes.com/interactive/2013/02/18/business/Industries-Targeted-by-the-Hackers.html

White House promises trade war on countries behind cybercrime
China the apparent target as Obama administration says it will put pressure on governments and prosecute offenders

Staff and agencies
guardian.co.uk, Thursday 21 February 2013 00.16 EST

Eric Holder the US attorn 008 China IS Hacker Central

Eric Holder, the US attorney general, said: ‘A hacker in China can acquire source code from a software company in Virginia without leaving his or her desk.’ Photograph: Jacquelyn Martin/AP


www.guardian.co.uk/technology/2013/feb/21/white-house-war-cybercrime-trade

Akamai Technologies, AKAM -3.06% which monitors large amounts of web traffic, said in the third quarter of 2012 China was the world’s No. 1 source of observed attack traffic, with 33% of such traffic. The U.S. was second, at 13%.

U.S. intelligence agencies issued a rare public report in 2011 that fingered Chinese hackers as the “most active and persistent perpetrators of economic espionage.” Senior intelligence officials said the Chinese government and sympathetic hackers are behind the cyberspying.

http://online.wsj.com/article/SB10001424127887323549204578316413319639782.html

U.S. Demands China Block Cyberattacks and Agree to Rules


www.nytimes.com/2013/03/12/world/asia/us-demands-that-china-end-hacking-and-set-cyber-rules.html

China enraged by Pentagon’s claims it is waging new cyberwar
US report makes first explicit accusation that Beijing is hacking for military secrets

RUPERT CORNWELL , CLIFFORD COONAN WASHINGTON, BEIJING TUESDAY 07 MAY 2013

 China IS Hacker Central

An unprecedented and blunt Pentagon report that accuses China of cyber-espionage aimed at extracting US military secrets has prompted a war of words between Washington and Beijing, with the latter angrily denying the accusations.

The 83-page report marked the first time the US has explicitly accused China’s military of hacking American government computer networks, and has underscored how electronic warfare is now one of the prime elements in the growing military rivalry between the two countries. It contends that the cyber-intrusions, aimed at gathering information and at honing the ability to disrupt, are a key part of Beijing’s military strategy as it jostles with Washington for dominance in East Asia.

The computer security firm Mandiant recently identified a single agency in the People’s Liberation Army, Unit 61398, as responsible for over 140 such operations since 2006.

Predictably, the charges levelled in the Pentagon report were dismissed by the Chinese authorities, who termed them “groundless,” and “hype” that would only harm bilateral cooperation and dialogue. “This is not beneficial to US-China mutual trust and cooperation,” the Foreign Ministry spokeswoman Hua Chunying said.

Despite its accusations against China, the US is no slouch when it comes to cyberwarfare, as evidenced by the 2010 Stuxnet attacks on computers controlling Iran’s nuclear programme, believed to be a joint American/Israeli operation, and the rapid build-up of the Pentagon’s own Cyber Command.

Despite the rapid and sustained expansion of China’s armed forces, the US remains far ahead in terms of firepower and military technology. Although Beijing’s defence spending is growing by some 10 per cent annually and is described by the new report at totalling between $135bn (£87bn) and $215bn (£139bn), it is eclipsed by the US defence budget, almost $700bn (£452bn) for 2013. China, says the Pentagon, sees electronic warfare as a way to “reduce or eliminate” US advantage.

China’s military expansion – symbolised by the commissioning in 2012 of its first aircraft carrier, stepped-up spending on medium and short range missiles, and advances in stealth technology for aircraft – has long been rattling nerves in the region. Ever more assertive about territories it claims in the South China Sea and elsewhere, Beijing is embroiled in disputes with Japan, the Philippines, Vietnam and other neighbours, not to mention the island of Taiwan which China has always considered its own. The Chinese government, says the Pentagon, “is capable of increasingly sophisticated military action against Taiwan.”

With the Iraq war over and the Afghan conflict soon to join it, President Barack Obama announced plans in November 2011 for an American “pivot to Asia” in part to assuage US allies in the region over China’s perceived expansionism. The shift is presented by Washington in the context of ‘partnership’ with Beijing. China however is visibly less than convinced and, the Pentagon contends, has made cyber weaponry a centrepiece of its new strategy.

Evidence, the report declares, can be found in two recent public statements, entitled ‘Science of Strategy’ and ‘Science of Campaigns.’ Both are said to identify cyber-spying as “integral to achieving information superiority and countering a stronger foe.”

Some elements in the current Chinese leadership favour a more aggressive posture. But the Pentagon also notes the 1990s advice of former leader Deng Xiaoping – that China should “cope with affairs calmly, hide our capabilities and bide our time; be good at maintaining a low profile and never claim leadership.”


www.independent.co.uk/news/world/asia/china-enraged-by-pentagons-claims-it-is-waging-new-cyberwar-8606795.html

GOOGLE translation

United States is the real “Matrix”

2013-05-11 21:53 Chinese computer security Anonymous
Keywords: Matrix U.S. News

In recent years, the United States to develop advanced weapons and equipment, the formation of offensive cyber warfare forces, the international community has to see. The United States has no right to China’s national defense and army building legitimate irresponsible remarks.

- Chinese Defense Ministry spokesman

Geng Yansheng

FANG XIAO

U.S. Department of Defense released the 6th annual “China Development Report of the military and security situation”, the Chinese military and the official media gave yesterday lashed out.

Chinese Defense Ministry spokesman Geng Yansheng said yesterday that the U.S. Department of Defense submitted to Congress and published 2013 annual “China Development Report of the military and security situation,” harping on “China military threat” and “China’s military opaque,” the old tune, accusing China to safeguard national the legitimate sovereign rights act, questioning Chinese national strategy and defense policy direction. China expresses strong dissatisfaction and resolute opposition, made solemn representations.

“People’s Daily” yesterday to describe the United States is the real “The Matrix.” “Liberation Army Daily” is ridiculed report credibility comes from China refers to the majority of its military forum.

Japan-US security dialogue first network

Pentagon report for the first time in an official report in the form of speculation PLO network capabilities and actions, saying that in 2012 a number of U.S. government computer networks against attacks, “they appear to be directly traced back to the Chinese government and the army.” Report said China supported through the national “industrial and technological espionage” increasing level of military technology.

“People’s Daily” yesterday in a signed article in this fight that the United States is the real “The Matrix” and its extensive network of espionage, not only for allies against hostile nations, and its intelligence gathering covering political, military, technology, business and other fields. In recent years, the United States continued to strengthen against other countries for political subversion networking tools. From the network birth, the United States has been in preparation for the fight cyber warfare, and set a world first.

Articles describe the network more terrible weapon than a nuclear weapon, cyber warfare this “Pandora’s box” Once opened, cyberspace will be no peace. In order to establish a network of military hegemony unprovoked discredit other countries, is a dangerous astray, ultimately shooting itself in the foot.

At the same time, the United States and allies Japan are strengthening cooperation on cybersecurity.

According to Japanese media reports, the U.S. and Japanese governments will be held for two days in September and this month the Japanese Foreign Ministry held its first comprehensive network security dialogue, to discuss how to deal with the illegal invasion of government and corporate computer system failure caused by network hacker attacks. Reported that the two countries may have come from China and other places, deepening worries cyber attacks, as will the “new security threats” to confirm bilateral cooperation. The dialogue aims to develop on the use of cyberspace leading international rules.

Reports revealed that attended the dialogue with the Japanese Foreign Ministry, Defense Ministry and the Cabinet Secretariat is responsible for Information Security Center and the U.S. State Department, the Defense Department and the Department of Homeland Security officials. The first dialogue will exchange views on the threat of cyber attacks, and to discuss the power companies, public transportation and other critical infrastructure protection methods. The two sides are expected in the 10th issued a joint statement confirming the close cooperation between the two countries. The composite dialogue is expected to hold regular meetings in the future. In addition, Japan and the U.S. are currently in network security for the ASEAN countries to build capacity to provide support, the two sides also interested in cooperation with ASEAN together for the development of “open international rules” to create international opinion.

Last month, U.S. Secretary of State Warren during his visit, China and the U.S. agreed to establish a working group of network security. Kerry said at the time, the United States and China has accelerated the need to take action network security consensus. Kerry said the network security “affect the financial sector, banking and financial transactions, affecting all aspects of the modern state, all of us – all countries – clearly has the right to protect the interests of its own people and to protect their infrastructure.”

U.S. army newspaper ridiculed sources of information

On issues such as the Diaoyu Islands, the report ignores the historical and legal unwarranted accusations against China. The report said China started in September last year around the Diaoyu Islands “inappropriate delineated straight baselines,” China’s territorial claim is inconsistent with international law.

Chinese Defense Ministry spokesman Geng Yansheng said, the question of national sovereignty, territorial core interests, China’s armed forces to safeguard national sovereignty and territorial firm resolution and determination. Since last year, Zhang Shi recklessly individual neighboring countries, in relation to China’s territorial sovereignty and maritime rights and interests to create disturbances, which is caused by the current tensions surrounding the root. Report of the United States reversed black and white, to mislead the international public opinion is extremely irresponsible.

According to the report, “China’s budget transparency is poor, the transition from a planned economy is not entirely.” Geng Yansheng said China to strengthen defense spending is to safeguard national sovereignty, security and territorial integrity needs, is the legitimate right as a sovereign state, is not directed against any country and objectives. In recent years, the United States to develop advanced weapons and equipment, the formation of offensive cyber warfare forces, the international community has to see. The United States has no right to China’s national defense and army building legitimate irresponsible remarks.

For reports on the Taiwan issue accusations, Geng Yansheng that in recent years, cross-strait relations have made a series of significant positive developments, showing a situation of peaceful development, safeguarding peace in the Taiwan Strait area. In this situation, the United States deliberately hype the mainland to Taiwan, “military threat”, rendering the cross-strait military imbalance, provoke cross-strait relations, in order to find an excuse to sell weapons, China is firmly opposed.

“Liberation Army Daily” published a signed article yesterday, directly on the report’s credibility questioned. The article, entitled “China Military Power Report, longer hair military relations ‘clogging’,” the article said, in recent years, the U.S. Department of Defense annually publish a Chinese military report on China’s military development and strategic intent to make irresponsible remarks, even irresponsible guesswork. For the contents of the report source, as many experts point out, mostly some U.S. crude understand Chinese so-called experts, from Chinese military website forum “Ctrl + C” “Ctrl + V” results. The article said that the forum of things, mostly from users speculation and conjecture, the U.S. Defense Department has listed it as based on lies, “It’s ridiculous to slip!”

[Editor: small sokdam mind] [I want to pick the wrong]

http://sec.chinabyte.com/354/12612354.shtml

US is to launch unprecedented counter-attack on Chinese hackers accused of stealing state secrets

Peter Warren Thursday 21 February 2013

The US Government is to launch an unprecedented counter-attack on the individual Chinese hackers who are accused of stealing the country’s state and industrial secrets.

A series of personal attacks on Chinese hackers is to be launched, with the US naming perpetrators and bringing lawsuits and fines.

The move follows on from the announcement yesterday by the computer security company Mandiant that it had discovered a unit of the Chinese Army based in Shanghai that it claims has stolen hundreds of terrabytes of information from 140 US firms.

The American action marks a growing exasperation with Beijing, following 10 years of officials warnings from Western governments that the wholesale theft of defence secrets, and valuable business information was being carried out by Chinese hackers.

The US exasperation has been felt in the UK, where the Foreign Secretary William Hague has warned that Western powers are suffering unprecedented levels of cyber theft due to espionage. He fell shy of naming the Chinese but officials behind the scenes left journalists in no doubt that the Chinese were to blame.

News of the stiffening of attitude has come at the same time as a significant diplomatic escalation over the issue, with President Obama flagging up the cyber threat in his State of the Union address and particularly focusing in on the threat to the computerised systems that control the critical national infrastructure, systems such as electricity, gas and telecommunications, all it has been claimed the target of Chinese hackers.

The US announcement also signals one other important change, that the cyber security industry is now confident that it can identify those who are carrying out the attacks.

Up until now attribution has been a difficulty and many times over the past 10 years countries identified as being responsible for cyber crime have claimed that the attacks are simply being routed through their countries but are not actually originating from there.

According to Howard Schmidt, who was President Obama’s cyber security tsar until last Summer, the US response means that a line has been drawn in the sand.

“Since 2010 there has been report after report after report, effectively saying the same thing… but it doesn’t seem to dissuade those responsible and I am pretty sure a lot of this is coming from the Chinese Government, though some will also be coming from other groups. But it doesn’t seem to convince them that they should stop.

“The reason for that seems to be that they have so much more to gain from doing this than they have to lose.”

News of the US loss of patience has coincided with a series of signs that indicate that an international consensus on cyber crime is beginning to emerge, with Russia’s President Putin recently announcing that Russia would start moves to crack down on cyber crime.

According to sources in the intelligence and cyber worlds the release of the Mandiant report has been deliberately time to coincide with the US Government announcement of a crackdown on those attacking it.

Rumours of the US response have been circulating in the UK, well in advance of David Cameron’s announcement that the UK would be seeking to co-operate with India to build cyber centres of excellence and indicate an attempt to generate a united front against the Chinese in the light of the hacking activity claimed by Mandiant.

“It’s been going on for a while and it’s a massive response,” said one source, who declined to be named.

The Chinese have denied the Mandiant claims.

In a statement, the Chinese Defence Ministry said the report lacked “technical proof” when it used IP addresses to link hacking to a military unit, adding that many hacking attacks were carried out using hijacked IP addresses.

American exasperation was signalled by Senator Mike Rogers at the opening of the US House Permanent Select Committee on Intelligence’s hearing on cyber threats two years ago.

“China’s economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy.

“Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop. Combined, the United States and our allies in Europe and Asia have significant diplomatic and economic leverage over China, and we should use this to our advantage to put an end to this scourge.”

http://www.independent.co.uk/news/world/americas/us-is-to-launch-unprecedented-counterattack-on-chinese-hackers-accused-of-stealing-state-secrets-8504084.html

www.washingtonpost.com/world/national-security/pentagon-creating-teams-to-launch-cyberattacks-as-threat-grows/2013/03/12/35aa94da-8b3c-11e2-9838-d62f083ba93f_story.html

Security Leader Says U.S. Would Retaliate Against Cyberattacks

By MARK MAZZETTI and DAVID E. SANGER
Published: March 12, 2013

WASHINGTON — The chief of the military’s newly created Cyber Command told Congress on Tuesday that he is establishing 13 teams of programmers and computer experts who could carry out offensive cyberattacks on foreign nations if the United States were hit with a major attack on its own networks, the first time the Obama administration has publicly admitted to developing such weapons for use in wartime.

“I would like to be clear that this team, this defend-the-nation team, is not a defensive team,” Gen. Keith Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee. “This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone.”

General Alexander’s testimony came on the same day the nation’s top intelligence official,

James R. Clapper Jr., warned Congress that a major cyberattack on the United States could cripple the country’s infrastructure and economy, and suggested that such attacks now pose the most dangerous immediate threat to the United States, even more pressing than an attack by global terrorist networks.

On Monday, Thomas E. Donilon, the national security adviser, demanded that Chinese authorities investigate such attacks and enter talks about new rules governing behavior in cyberspace.

General Alexander has been a major architect of the American strategy on this issue, but until Tuesday he almost always talked about it in defensive terms. He has usually deflected questions about America’s offensive capability, and turned them into discussions of how to defend against mounting computer espionage from China and Russia, and the possibility of crippling attacks on utilities, cellphone networks and other infrastructure. He was also a crucial player in the one major computer attack the United States is known to have sponsored in recent years, aimed at Iran’s nuclear enrichment plants. He did not discuss that highly classified operation during his open testimony.

Mr. Clapper, the director of national intelligence, told the Senate Intelligence Committee that American spy agencies saw only a “remote chance” in the next two years of a major computer attack on the United States, which he defined as an operation that “would result in long-term, wide-scale disruption of services, such as a regional power outage.”

Mr. Clapper appeared with the heads of several other intelligence agencies, including Lt. Gen. Michael T. Flynn of the Defense Intelligence Agency, the F.B.I. director Robert S. Mueller III, and the C.I.A. director John O. Brennan, to present their annual assessment of the threats facing the nation. It was the first time that Mr. Clapper listed cyberattacks first in his presentation to Congress, and the rare occasion since the Sept. 11, 2001, attacks that intelligence officials did not list international terrorism first in the catalog of dangers facing the United States.

“In some cases,” Mr. Clapper said in his testimony, “the world is applying digital technologies faster than our ability to understand the security implications and mitigate potential risks.” He said it was unlikely that Russia and China would launch “devastating” cyberattacks against the United States in the near future, but he said foreign spy services had already hacked the computer networks of government agencies, businesses and private companies.

Two specific attacks Mr. Clapper listed, an August 2012 attack against the Saudi oil company Aramco and attacks on American banks and stock exchanges last year, are believed by American intelligence officials to have been the work of Iran.

General Alexander picked up on the same themes in his testimony, saying that he was adding 40 cyber teams, 13 focused on offense and 27 on training and surveillance. When pressed, he said that the best defense hinged on being able to monitor incoming traffic to the United States through private “Internet service providers,” which could alert the government, in the milliseconds that electronic messages move, about potentially dangerous attacks. Such surveillance is bound to raise more debate with privacy advocates, who fear government monitoring of the origin and the addressing data on most e-mail messages and other computer exchanges.

Traditional threats occupied much of Mr. Clapper’s testimony. American intelligence officials are giving new emphasis to the danger posed by North Korea’s nuclear weapons and missile programs, which are said for the first time to “pose a serious threat to the United States” as well as to its East Asian neighbors. North Korea, which recently made a series of belligerent statements after its third nuclear test, has displayed an intercontinental missile that can be moved by road and in December launched a satellite atop a Taepodong-2 launch vehicle, Mr. Clapper’s prepared statement noted.

“The rhetoric, while it is propaganda laced, is also an indicator of their attitude and perhaps their intent,” Mr. Clapper said during one exchange with a lawmaker, adding that he was concerned that North Korea “could initiate a provocative action against the South.”

In his discussion of terrorism, Mr. Clapper noted that while Al Qaeda’s core in Pakistan “is probably unable to carry out complex, large-scale attacks in the West,” spinoffs still posed a threat. Listed first is the affiliate in Yemen, Al Qaeda in the Arabian Peninsula, which Mr. Clapper said had retained its goal of attacks on United States soil, but he also noted militant groups in six other countries that still threaten local violence.

Mr. Clapper began his remarks by criticizing policy makers for the current budget impasse, saying that the budget cuts known as sequestration will force American spy agencies to make sharp reductions in classified programs and to furlough employees. The classified intelligence budget has ballooned over the past decade, and Mr. Clapper compared the current round of cuts to the period during the 1990s when the end of the cold war led to drastic reductions in the C.I.A.’s budget.

“Unlike more directly observable sequestration impacts, like shorter hours at public parks or longer security lines at airports, the degradation of intelligence will be insidious,” Mr. Clapper said. “It will be gradual and almost invisible unless and until, of course, we have an intelligence failure.”

The threat hearing is the only scheduled occasion each year when the spy chiefs present open testimony to Congress about the dangers facing the United States, and Mr. Clapper did not hide the fact that he is opposed to the annual ritual. President Obama devoted part of his State of the Union address to a pledge of greater transparency with the Congress and the American public, but Mr. Clapper, a 71-year-old retired Air Force general, made it clear that he saw few benefits of more public disclosure.

“An open hearing on intelligence matters is something of a contradiction in terms,” he said.


www.nytimes.com/2013/03/13/us/intelligence-official-warns-congress-that-cyberattacks-pose-threat-to-us.html

Luring Young Web Warriors Is a U.S. Priority. It’s Also a Game.

http://www.nytimes.com/2013/03/25/technology/united-states-wants-to-attract-hackers-to-public-sector.html

Hackers who thought they were gods: The bedroom cyber villains who hit FBI and Nato ‘for fun’ are jailed for a total of seven years

  • Ryan Ackroyd, Jake Davis, Mustafa Al-Bassam & Ryan Cleary sentenced
  • Sophisticated attacks on global institutions such as Sony and Nintendo
  • Attacks stole data including emails, passwords and credit card details
  • article 2325624 19D2C7ED000005DC 866 306x529 China IS Hacker Central

    article 2325624 19D303D5000005DC 879 306x529 China IS Hacker Central

    article 2325624 19D2C776000005DC 136 306x529 China IS Hacker Central

    article 2325624 19D2C786000005DC 90 306x529 China IS Hacker Central


    www.dailymail.co.uk/news/article-2325624/Hackers-believed-gods-cyberspace-jailed-attacks-CIA-FBI-NHS-computers.html

    Originally published April 28, 2013 at 8:02 PM | Page modified April 29, 2013 at 1:02 PM
    Corrected version

    In battle against cyber attacks, these Seattle hackers wear ‘white hats’
    Mikhail Davidov is 26, sports a bleached-blond Mohawk haircut and works for a Seattle Internet security firm. He’s one of the “white hat” hackers protecting your digital safety.

    By Erik Lacitis
    Seattle Times staff reporter

    He’s 26, likes industrial and electronic music, has a bleached-blond Mohawk haircut and sometimes, Mikhail Davidov says, he starts his day “at the crack of noon.”

    The late hours are in front of a computer, working on reverse engineering, tearing apart computer programs to find their vulnerabilities.

    Sometimes he works 18 hours straight. “There are few hackers out there who are ‘morning people,’ ” says Davidov.

    These days, the front lines for security don’t only include soldiers carrying weapons.

    They include computer whiz kids like Davidov, who works for the Leviathan Security Group, a 20-person firm that operates out of second-floor offices in a renovated 1918 building in Seattle’s Sodo neighborhood.

    Chad Thunberg, chief operating officer of Leviathan, says he can relate to Davidov, remembering his own younger days.

    Thunberg is 35, married, with two children and says, “I’m considered a grandpa in my industry. There was a time when I was the Mikhail equivalent. You live and breathe security.”

    Davidov is one of about three dozen young people in the Seattle area who are the “white hat” hackers who work for Internet security companies.

    With this area being a high-tech hub, it’s only natural that about 10 such firms or branches of firms exist here.

    Cyber attacks are costing corporations — and consumers — a lot. In a six-year span starting in 2005, data breaches in 33 countries, including the U.S., cost the firms involved more than $156 billion, says the nonprofit Digital Forensics Association.

    Every second, in various parts of the world, there are 18 cybercrime victims — some 1.6 million a day — says a Norton by Symantec study.

    On Friday, The Wenatchee World reported that a Leavenworth hospital said hackers stole more than $1 million from the hospital’s electronic bank account. The Chelan County treasurer said it had been able to retrieve about $133,000 by notifying recipient bank accounts, most in the Midwest and East Coast.

    And The Associated Press reported that LivingSocial, an online deals site, said Friday that its website was hacked and the personal data of more than 50 million customers may have been affected – names, email addresses, date of birth of some users and encrypted passwords.

    Then there are the Chinese hackers, who blasted into the news in February when Mandiant, an Internet security firm, released a report saying that a group linked to the People’s Liberation Army had systemically stolen confidential data from at least 141 American firms.

    In his State of the Union address, President Obama warned, “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems.”

    Booming industry

    That makes Internet security a booming industry, at an estimated nearly $1 billion a year in 2012, says the consulting firm Frost & Sullivan.

    Another white-hat hacker is Adam Cecchetti, 31, who used to work at Leviathan and then in 2010 became one of the founders of http://www.dejavusecurity.com/Déjà vu Security , which operates out of a second-floor renovated loft on Capitol Hill. Sometimes, he has colored his hair blue.

    Davidov and Cecchetti are on the front lines of fighting off the “black hat” hackers. Yes, that is how they describe their enemy.

    The latter includes those sending out phishing emails that look like they came from a legitimate source but are fakes trying to get your passwords and credit-card information.

    Or maybe they are black hats trying to compromise a company’s website just so they can boast about it in hacker circles.

    For the white hats, their unique skill at finding where a program is vulnerable and how to close the digital doors that the black hats use to penetrate a website is worth $120,000 to $130,000 a year, says Thunberg.

    “Companies are being attacked by bad people, and if they want to defend themselves, they have to attract these scarce people,” he says. “There are maybe 1,000 individuals of this nature in the world. They have this unique hacker mindset.”

    Their clients aren’t exactly keen to publicize that they seek Internet security, says Thunberg, and that’s often written into their contracts with Leviathan. Thunberg says his company’s average contract size is for around $70,000. Citing privacy, he only says that most are Fortune 1000 companies.

    But one client that didn’t mind talking is a Washington, D.C.-based company called Silent Circle. For $20 a month, it offers a service that encrypts voice, text and video on a user’s smartphone, tablet or computer.

    Their customers, says Jon Callas, Silent Circle’s chief technical officer, include U.S. businesses “doing work in China and Eastern Europe and other places where they don’t want their phone calls tapped.”

    His company, says Callas, hired Leviathan to evaluate the encrypting software for vulnerabilities and fix them.

    “They helped us find problems before anybody else did,” says Callas.

    At Déjà vu Security, says Cecchetti, work that they’vedone includes posing as new employees at a financial institution, given the standard access to computers. Firms routinely give computer “administrative privileges” to only a handful of individuals.

    But, says Cecchetti, “within a couple of weeks we had basically control of the entire organization and could access pretty much anything we wanted.”

    Déjà vu put together “a very large report” on how to fix things, he says.

    Hackers such as Davidov and Cecchetti have certain similarities. For one thing, they started tinkering with computers when they were kids, and that passion never stopped.

    Cecchetti grew up in Greensburg, Pa. He helped start a computer club in high school and says that although he ran track and played soccer, “I was plenty nerdy.”

    As a teen in the 1990s, he was programming video games and went on to creating simple websites, before they had become ubiquitous.

    Cecchetti earned a master’s from Carnegie Mellon University in electrical and computer engineering, and ended up in Seattle in 2005, working for Amazon to keep black hats from breaking in.

    Davidov is the son of Russian immigrants. His dad worked at a tech firm in Moscow and got a visa to come to the U.S. in 1995, moving the family to Woodinville.

    But even in the old country, when he was 5, Davidov says, he was using a computer his dad brought home, “playing little DOS games,” the early operating system.

    By his teen years, Davidov was hacking into video games so he could beat them.

    Having promised his parents that he’d go to college, Davidov enrolled at the DigiPen Institute of Technology in Redmond, and earned a four-year degree in “Real-Time Interactive Simulation.”

    Says Davidov, “That means I know video games.”

    It is the ability to look at programs over, under, sideways and down that makes a Davidov so valuable, and in such short supply.

    Motivated to help

    At the University of Washington’s renowned Computer Science and Engineering program, out of nearly 50 faculty members, “we have one full-time faculty member, Yoshi Kohno , who is a superstar in computer security, but we’re hoping to grow in that area in the near future,” says its chairman, Hank Levy .

    But even with more college classes in cyber security, it is real-world experience that is needed, says
    Davidov. Outside of a school’s lab, he says, it all gets “much grander in scope.”

    There are also personal aspects, he says, such as when he delivers a report to developers who had spent a long time working on a program, and he points out its security flaws.

    The developers, he says, “can get a little defensive, and it can become a little confrontational.”

    For both Davidov and Cecchetti, it was a conscious, and simple, decision to become a white hat.

    Says Cecchetti, “I’m not in this business to harm people, or to take grandma’s savings, or deface somebody’s website.”

    ‘Matrix’ an inspiration

    There is plenty of money to be made in Internet security.

    “Things are very good,” says Cecchetti about Déjà vu, which has a staff of a dozen.
    Companies pay for security because getting hacked can cost plenty.

    At Leviathan, on one of the brick walls are a dozen or so framed exotic bugs. Chad Thunberg, as one of Leviathan’s bosses at the 20-person company, says that every time the company finds “a big-deal” bug in software, up goes another display insect.

    At Déjà vu, a small gong gets banged when there is some good news.

    Yes, Cecchetti has heard the jokes about his company somehow being affiliated with the Déjà Vu strip joints.

    But “déjà vu” is a very different reference point in the hacker mentality.

    Cecchetti says it’s from the 1999 movie “The Matrix,” which he figures he’s seen 10 or 20 times. The hero, played by Keanu Reeves, is a hacker in a future time in which humans live in an artificial reality.

    In the movie, Reeves sees a black cat walk by, and then immediately sees the same black cat walk by again.

    “Whoa. Déjà vu,” he says.

    It turns out that a déjà vu is a glitch in the matrix, and happens when something is changed in that cyberspace reality. The logo for Déjà vu Security even has a black cat.

    What kind of individual makes for a top hacker?

    Cecchetti now is one of those who hires, and says that when interviewing applicants, he wants to know, “Can they see things from the perspective of a hacker, gleeful to see how things are made? They need to want to peel away the layers. What happens if I make a very small change in the system?”

    If you can do that, you can come to the office in any hairstyle you want.

    “It’s usually a little bit of a shock,” Davidov says about how some clients react to his Mohawk.

    “But once they start seeing the output of the work we do, they find it almost endearing.”

    http://seattletimes.com/html/localnews/2020882320_hackerguysxml.html

    UC, NKU expand cybersecurity programs amid growing threat

     China IS Hacker Central

    Jun. 3, 2013 3:47 PM
    Written byCliff Peale

    Farooq Alkhateeb of Independence just graduated from the University of Cincinnati, but he isn’t terribly worried about finding a job.

    He majored in information technology and founded a campus group called Cybercrime Cats.

    “There’s so many opportunities, it’s almost hard to sift through them all,” he said.

    Fueled by an increase in cyber attacks on critical infrastructure – nearly 200 last year compared to fewer than a dozen in 2009, the federal Department of Homeland Security says – cybersecurity has become among the hottest job markets in the country and an increasing focus of universities.

    While it’s clearly become a cool major for students to consider, it also carries a dark side: Hackers launching attacks that can devastate the daily lives of citizens and put businesses into panic as their most basic systems are infected.

    Online attacks can disrupt banking, health care or even electronic identities, as well as infrastructure such as utilities or financial markets that could disrupt daily lives for millions of people.

    Analysts earn median pay of about $75,000 a year and more than 65,000 new jobs will be created by 2020, the federal Labor Department says.

    Those workers are desperately needed, experts said, because the quest for information online is multiplying just as the need for security becomes more critical.

    “This isn’t a fad,” said UC political science professor Richard Harknett, a member of Ohio’s Cyber Security Education and Economic Development Council. “We keep doubling down on this. We’re doubling down on an insecure infrastructure for convenience and efficiency.”

    Whether the motive is money, strategic advantage or simply to wreak havoc, the attacks have gotten more serious and more brazen during the last few years.

    The Obama administration recently accused China of of mounting a series of cyber attacks on government or military targets.

    And earlier this year, prosecutors in New York arrested several people after hackers managed to steal $45 million by illegally tapping into automated teller machines more than 40,000 times.

    Attacks can range from using infected attachments to hack into personal e-mails, to sophisticated schemes that use one computer as a launching pad that can tap into large data storehouses.

    For every confirmed attack, there are thousands of attempts.

    For example, utilities across the country have reported nearly constant attacks. According to a congressional report last year, one utility reported it was the target of 10,000 attempted attacks each month.

    Last year, Homeland Security processed about 190,000 “cyber incidents” against critical infrastructure or federal agencies, up 68 percent from the year before.

    The stakes are immense.

    “Our daily life, economic vitality and national security depend on cyberspace,” top Homeland Security officials said in written testimony to Congress earlier tin May. “A vast array of interdependent IT networks, systems, services, and resources are critical to communicating, traveling, powering our homes, running our economy, and obtaining government services. No country, industry, community or individual is immune to cyber risks.”

    ‘It’s kind of scary how simple it is.’

    With the problem growing, universities are stepping up academic programs to provide the workers they will need.

    Nearly every university teaches computer science and information technology courses. The newest trend is packaging those courses into certificates and degree programs aimed at supplying workers to a far-flung network of cybersecurity employers.

    For example, Northern Kentucky University will debut its data science major this fall and a group of students on a cyber defense team have shown success in national competitions.

    Yi Hu, the NKU computer science professor who coaches the team, said students learn the importance of maintaining customer service even in the face of a behind-the-scenes attack.

    “Not only do students need to have a skill to defend their systems, they need to have the skills to fight back,” he said.

    Starting this fall, UC will offer a cybersecurity certificate including classes from political science, criminal justice and information technology.

    In a class this spring, Harknett and colleague Mark Stockman set up scenarios for their students, including one in which a group including Alkhateeb modeled an “attack” on a bank in the Middle East, reading actual code that showed exploitable flaws in the bank’s web pages to steal credit card numbers.

    “We said, ‘This area of the world is growing so fast that they’re probably not worrying too much about security,’ ” Alkhateeb said. “It’s kind of scary how simple it is.”

    In that case, the attackers’ motive was stealing millions of dollars, but the design of any attack often is not that simple.

    In another scenario in the UC class, students studied how to attack a California water treatment plant.

    Playing a series of scenarios by rolling dice to reflect probability of success, the group got a plant manager to respond to a Facebook invitation, opening the door to they were able to hack into his computer and company data.

    Overall, Alkhateeb said, anyone with basic knowledge of coding and IT infrastructure can launch attacks.

    “If anybody tells you it can be 100 percent foolproof, no,” he said.

    Potential jobs are only one reason programs teaching cybersecurity are so popular with students.

    “Hackers are becoming like the cool thing now,” he said. “But your goal should be learning what the hackers are doing and how to defend against it. That’s even more fun.”

    http://news.cincinnati.com/article/20130603/NEWS0102/306030093/UC-NKU-expand-cybersecurity-programs-amid-growing-worldwide-threat

    In cyberwarfare, rules of engagement still hard to define


    www.washingtonpost.com/world/national-security/in-cyberwarfare-rules-of-engagement-still-hard-to-define/2013/03/10/0442507c-88da-11e2-9d71-f0feafdd1394_story.html

    As Hacking Against U.S. Rises, Experts Try to Pin Down Motive

    By NICOLE PERLROTH, DAVID E. SANGER and MICHAEL S. SCHMIDT
    Published: March 3, 2013

    SAN FRANCISCO — When Telvent, a company that monitors more than half the oil and gas pipelines in North America, discovered last September that the Chinese had hacked into its computer systems, it immediately shut down remote access to its clients’ systems.

    Company officials and American intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?

    Was the People’s Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs into the system so they could cut off energy supplies and shut down the power grid if the United States and China ever confronted each other in the Pacific? Or were the Chinese hackers just trolling for industrial secrets, trying to rip off the technology and pass it along to China’s own energy companies?

    “We are still trying to figure it out,” a senior American intelligence official said last week. “They could have been doing both.”

    Telvent, which also watches utilities and water treatment plants, ultimately managed to keep the hackers from breaking into its clients’ computers.

    At a moment when corporate America is caught between what it sees as two different nightmares — preventing a crippling attack that brings down America’s most critical systems, and preventing Congress from mandating that the private sector spend billions of dollars protecting against that risk — the Telvent experience resonates as a study in ambiguity.

    To some it is prime evidence of the threat that President Obama highlighted in his State of the Union address, when he warned that “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems,” perhaps causing mass casualties. Mr. Obama called anew for legislation to protect critical infrastructure, which was killed last year by a Republican filibuster after intensive lobbying by the Chamber of Commerce and other business groups.

    But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears — the subject of weekly research group reports, testimony and Congressional studies — may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.

    American intelligence officials believe that the greater danger to the nation’s infrastructure may not even be China, but Iran, because of its avowal to retaliate for the Stuxnet virus created by the United States and Israel and unleashed on one of its nuclear sites. But for now, these officials say, that threat is limited by gaps in Iranian technical skills.

    There is no doubt that attacks of all kinds are on the rise. The Department of Homeland Security has been responding to intrusions on oil pipelines and electric power organizations at “an alarming rate,” according to an agency report last December. Some 198 attacks on the nation’s critical infrastructure systems were reported to the agency last year, a 52 percent increase from the number of attacks in 2011.

    Researchers at McAfee, a security firm, discovered in 2011 that five multinational oil and gas companies had been attacked by Chinese hackers. The researchers suspected that the Chinese hacking campaign, which they called Night Dragon, had affected more than a dozen companies in the energy industry. More recently, the Department of Energy confirmed in January that its network had been infiltrated, though it has said little about what damage, if any, was done.

    But security researchers say that the majority of those attacks were as ambiguous as the Telvent case. They appeared to be more about cyberespionage, intended to bolster the Chinese economy. If the goal was to blow up a pipeline or take down the United States power grid, the attacks would likely have been of a different nature.

    In a recent report, Critical Intelligence, an Idaho Falls security company, said that several cyberattacks by “Chinese adversaries” against North American energy firms seemed intended to steal fracking technologies, reflecting fears by the Chinese government that the shale energy revolution will tip the global energy balance back in America’s favor. “These facts are likely a significant motivation behind the wave of sophisticated attacks affecting firms that operate in natural gas, as well as industries that rely on natural gas as an input, including petrochemicals and steelmaking,” the Critical Intelligence report said, adding that the attack on Telvent, and “numerous” North American pipeline operators may be related.

    American intelligence experts believe that the primary reason China is deterred from conducting an attack on infrastructure in the United States is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy. It could interrupt exports to Walmart and threaten the value of China’s investments in the United States — which now include a new, big investment in oil and gas.

    Iran, however, may be a different threat. While acknowledging that “China is stealing our intellectual property at a rate that qualifies as an epidemic,” Representative Mike Rogers, the Michigan Republican who chairs the House Intelligence Committee, added a caveat in an interview on Friday. “China is a rational actor,” he said. “Iran is not a rational actor.

    A new National Intelligence Estimate — a classified document that has not yet been published within the government, but copies of which are circulating for final comments — identifies Iran as one of the other actors besides China who would benefit from the ability to shut down parts of the American economy. Unlike the Chinese, the Iranians have no investments in the United States. As a senior American military official put it, “There’s nothing but upside for them to go after American infrastructure.”

    While the skills of Iran’s newly created “cybercorps” are in doubt, Iranian hackers gained some respect in the technology community when they brought down 30,000 computers belonging to Saudi Aramco, the world’s largest oil producer, last August, replacing their contents with an image of a burning American flag.

    The attack did not affect production facilities or refineries, but it made its point.

    “The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” Abdullah al-Saadan, Aramco’s vice president for corporate planning, told Al Ekhbariya television.

    President Obama has been vague about how the United States would respond to such an attack. No one in the administration argues that the United States should respond with cyber- or physical retaliation for the theft of secrets. Attorney General Eric H. Holder Jr. has made clear that would be dealt with in criminal courts, though the prosecutions of cybertheft by foreign sources have been few.

    But the question of whether the president could, or should, order military retaliation for major attacks that threaten the American public is a roiling debate.

    “Some have called for authorizing the military to defend private corporate networks and critical infrastructure sectors, like gas pipelines and water systems,” Candace Yu, who studies the issue for the Truman National Security Project, wrote recently. “This is unrealistic. The military has neither the specialized expertise nor the capacity to do this; it needs to address only the most urgent threats.”

    But the administration has failed to convince Congress that the first line of defense to avert catastrophic cyberattack is to require private industry — which controls the cellphone networks and financial and power systems that are the primary target of infrastructure attacks — that it must build robust defenses.

    A bill containing such requirements was defeated last year amid intense lobbying from the United States Chamber of Commerce and others, which argued that the costs would be prohibitive. Leading members of Congress say they expect the issue will come up again in the next few months.

    “We are in a race against time,” Michael Chertoff, the former secretary of homeland security, said last week. “Most of the infrastructure is in private hands. The government is not going to be able to manage this like the air traffic control system. We’re going to have to enlist a large number of independent actors.”

    The administration’s cybersecurity legislation last year failed despite closed-door simulations for lawmakers about what a catastrophic attack would look like.

    During one such simulation that the Department of Homeland Security allowed a New York Times reporter to view at a department facility in Virginia, a woman played the role of an “evil hacker” who successfully broke into a power plant’s network. To get in, the hacker used a method called “spearphishing,” in which she sent a message to a power plant employee that induced the employee to click on a link to see pictures of “cute puppies.”

    When the employee clicked on the link, it surreptitiously allowed the hacker to gain access to the employee’s computer, enabling her to easily turn the switches to the plant’s breakers on and off.

    Although the officials providing the briefing acknowledged that the simulation was a bit simplistic, their message was clear: with so many vulnerable critical infrastructure systems across the country, such an attack could easily occur, with huge consequences. No one rules out that scenario — whatever the current motivations and abilities of countries like China and Iran.

    “There are 12 countries developing offensive cyberweapons; Iran is one of them,” James Lewis, a former government official and cybersecurity expert at the Center for Strategic and International Studies in Washington, said at a security conference in San Francisco. Those countries have a long way to go, he said, but added: “Like nuclear weapons, eventually they’ll get there.”


    www.nytimes.com/2013/03/04/us/us-weighs-risks-and-motives-of-hacking-by-china-or-iran.html

    An Elizabethan Cyberwar

    By JORDAN CHANDLER HIRSCH and SAM ADELSBERG
    Published: May 31, 2013

    NEW HAVEN — AS Barack Obama and China’s president, Xi Jinping, prepare to meet in California next week, America’s relations with China are feeling increasingly like the cold war — especially when it comes to cybersecurity.

    With the two countries accusing each other of breaking the old rules of the game, a new breed of “cyberhawks” on both sides are arguing for cold-war-like escalation that could turn low-level cyberconflict into total war.

    But treating today’s Beijing like Brezhnev’s Moscow distorts the nature of the threat and how Washington should respond to it.

    In confronting today’s cyberbattles, the United States should think less about Soviets and more about pirates. Indeed, today’s cybercompetition is less like the cold war than the battle for the New World.

    In the era after the discovery of the Americas, European states fought for mastery over the Atlantic. Much like the Internet today, the ocean then was a primary avenue for trade and communication that no country could cordon off.

    At that time, the Spanish empire boasted a fearsome navy, but it could not dominate the seas. Poorer and weaker England tested Spain’s might by encouraging and equipping would-be pirates to act on its behalf without official sanction. These semi-state-sponsored privateers robbed Spain of gold and pride as they raided ships off the coasts of the New World and Spain itself, enriching the English crown while augmenting its naval power. Spain’s inability to attribute the attacks directly to England allowed Queen Elizabeth I to level the playing field in an arena lacking laws or customs.

    Today’s cyberbattles aren’t so different.

    Next week’s summit takes place amid reports of increasingly sophisticated Chinese cyberespionage. Earlier this week, evidence surfaced that Chinese hackers had gained access to several top-secret Pentagon programs. That followed news that cyberunits believed to be linked to the Chinese Army have resumedattacks on American businesses and government agencies.

    As tensions deepen, hawkish Chinese military leaders are paving the way for offensive war. A study by a RAND Corporation expert cited Chinese sources calling for pre-emptive cyberstrikes “under the rubric of the rising Chinese strategy of xianfa zhiren, or ‘gaining mastery before the enemy has struck.’” And a recent paper found that Chinese military officials have contemplated using cyberweapons like Stuxnet, which the United States and Israel deployed against Iran’s nuclear program, to target critical infrastructure.

    American policy makers are beginning to view their cyberstruggle with China through a cold war lens. One Pentagon official recently said that while during the cold war America focused “on the nuclear command centers around Moscow,” today American leaders “worry as much about the computer servers in Shanghai.”

    Another senior official declared that “the Cold War enforced norms, and the Soviets and the United States didn’t go outside a set of boundaries.” But, he argued, “China is going outside those boundaries now.”

    Among those who view these hostilities as the cold war redux, some are proposing a more strident response. Earlier this year, the United States military announced the formation of 13 units dedicated to offensive cyberstrikes and endorsed pre-emptive cyberattacks. And late last month, Jon M. Huntsman Jr., the former ambassador to China, and Dennis C. Blair, the former director of national intelligence, suggested allowing American companies to retaliate against Chinese hackers on their own.

    This emergence of cyberhawks in both nations raises the odds of a hack’s becoming a cyberwar. These voices could pressure both nations to treat any escalating cyberconflict as a latter-day Cuban missile crisis.

    But the cold war model of a struggle with calibrated boundaries, clear rules, and the threat of mutual assured destruction simply doesn’t fit cyberspace.

    The first major difference is terrain. The United States and the Soviet Union fought for global influence, manning divisions here and infiltrating covert operatives there. The Internet is more fluid. Neither the United States nor China can slice cyberspace into the reassuring structure of spheres of influence. With no obvious borders for states to violate or defend, power in cyberspace is at once easier to exercise and harder to maintain, a battle of subtleties rather than hard-nosed deterrence.

    There are also more players today. The United States and the Soviet Union were the world’s unmatched nuclear powers. But in the cyberrealm, the United States and China stand only just ahead of other nations, hacker groups and individuals in their ability to inflict damage. And all of these actors can hide behind layers of networks and third parties, making it difficult to discover not only who attacked but also how and when. There will, in most cases, be plausible deniability. Even if American and Chinese policy makers wanted to manage the Web as carefully as their predecessors did the cold war, no working group could tame this instability.

    With nations still navigating how to interact on the Web and arguments persisting about whether international law applies to the Internet, there are few established customs of cyberbehavior, legal or implicit. The United States should not expect China to follow the rules of a previous era. The norms of American-Soviet conflict, which themselves emerged out of years of gunpoint diplomacy, can’t be grafted onto cyberspace.

    If American policy makers continue to define the cyberstruggle between Washington and Beijing as a new cold war, they will not meet the challenge. Viewing China’s actions through an obsolete lens will give them a distorted sense of its intentions. And it will limit American retaliation to the outmoded rules of a bygone battle.

    If they must look to the past, they should heed the lessons of the 16th century, not the 20th. In 1588, the Spanish crown, in no small part due to its frustration with English piracy, resorted to massive retaliation, sending its armada to overthrow Queen Elizabeth. That move ended in disaster and an overwhelming English victory.

    Instead of trying to beat back the New World instability of the Internet with an old playbook, American officials should embrace it. With the conflict placed in its proper perspective, policy makers could ratchet down the rhetoric and experiment with a new range of responses that go beyond condemnation but stop short of all-out cyberwar — giving them the room to maneuver without approaching cyberconflict as a path to Defcon 1.

    In these legally uncharted waters, only Elizabethan guile, not cold war brinkmanship, will steer Washington through the storm.


    www.nytimes.com/2013/06/01/opinion/an-elizabethan-cyberwar.html

    http://www.guardian.co.uk/world/2013/feb/19/chinese-military-unit-prolific-hacking

    www.guardian.co.uk/world/2013/feb/21/china-hacking-claims-tech-firms

    www.guardian.co.uk/technology/2013/feb/23/mandiant-unit-61398-china-hacking


    www.nytimes.com/2013/02/25/world/asia/us-confronts-cyber-cold-war-with-china.html

    Turkish group hacks into Akron-Canton Airport website

    By Jim Carney and Rick Armon
    Beacon Journal staff writers

    Published: May 25, 2013 – 02:19 PM

    Turkish Ajan has struck again in Summit County.

    The cyber group hacked into the Akron-Canton Airport website Saturday morning and leaked personal information about customers online. But airport officials said sensitive details such as credit card information and Social Security numbers weren’t released.

    Kristie VanAuken, the airport’s senior vice president, said the attackers went after about 15,000 online contest entries for travel giveaways. The only information that was exposed included names, email addresses, phone numbers and city of residence, she said.

    “We are notifying our customers as quickly as we can,” she said.

    The airport, located in Green, is advising people who signed up for a contest in the past two years to change email passwords as a precaution. Officials also are working with consultants to find out how the attack occurred.

    The hacking did not affect regular airport operations and flight information wasn’t compromised, the airport said.

    The FBI is investigating the incident. FBI spokeswoman Vicki Anderson confirmed that the agency is involved but she would not comment further.

    A little over a week ago, Turkish Ajan claimed credit for hacking into the city of Akron’s website and internal server and posting sensitive information, including Social Security numbers and account numbers, of about 35,000 taxpayers on another website where anyone could access it.

    Turkish Ajan is part of the Anonymous’ OpUSA Campaign, which has been trying to hack into various U.S. government websites. Akron Mayor Don Plusquellic has called the hacking “a terrorist attack.”

    VanAuken said the airport website was attacked at 8 a.m. and shut down for security reasons.

    The airport website displayed a message from the Turkish Ajan group when hacked, the website Hackread.com reported. The message, which appeared in both Turkish and English, said, in part: “We are not terrorists, we are working for justice and freedom for the Suppressed Muslim countries! FREE PALESTINE, FREE MYANMAR, FREE AFGHANISTAN, FREE IRAQ!”

    VanAuken could not confirm that the message appeared on the airport website, which was back online at 10:30 a.m.

    The airport takes personal information of customers “very seriously,” VanAuken said. “We are going to
    work hard to get this rectified. We want to restore trust with our customers.”

    The airport, she said, “will take every measure in the future to prevent this from happening” again.

    She also praised the work of the FBI.

    “They were terrific,” she said. “They acted immediately.”

    Tyler Hudak, 37, of Akron, senior security consultant for KoreLogic Security, said it seems like the group responsible “keeps going and hacking into websites connected to the government.” He said he is certain the organization is “going after hundreds of other sites.”


    www.ohio.com/news/turkish-group-hacks-into-akron-canton-airport-website-1.400738

    China IS Hacker Central

    Posts


    About Jerry Frey

    Born 1953. Vietnam Veteran. Graduated Ohio State 1980. Have 5 published books. In the Woods Before Dawn; Grandpa's Gone; Longstreet's Assault; Pioneer of Salvation; Three Quarter Cadillac
    This entry was posted in China and tagged , , . Bookmark the permalink.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    *


    − 3 = three

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>