China-based hacking of 760 companies an ‘undeclared cyber cold war’
Michael Riley and John Walcott
December 15, 2011
‘Every major company in the U.S. has been hacked by China’: Cyber-espionage warning from U.S security chief who warned of 9/11
By ROB WAUGH
PUBLISHED: 10:05 EST, 28 March 2012 | UPDATED: 10:05 EST, 28 March 2012
Richard Clarke warned of a ‘spectacular’ Al Qaeda attack in the run-up to 9/11. The security chief claims that every major company in the U.S. has been penetrated by Chinsese hackers
The former U.S government security chief whose warnings of a ‘spectacular’ Al Qaeda attack were ignored by the White House in the run up to 9/11 has delivered another stark warning.
Richard Clarke claims that every major company in the U.S. has already been penetrated by Chinese hackers looking to steal military and financial secrets.
‘I’m about to say something that people think is an exaggeration, but I think the evidence is pretty strong. Every major company in the United States has already been penetrated by China,’ Clarke said in an interview in Smithsonian magazine.
Clarke claims that Chinese-made computing equipment used by the U.S. could be ‘contaminated’ with ‘logic bombs’ and ‘trojan horses’ which could allow Chinese hackers a ‘back door’ into the American war machine.
Clarke – now head of a cybersecurity company Good Harbor – also claims that Chinese hackers are waging a piecemeal ‘economic war’ against America by passing secrets to Chinese company.
There’s a big difference between the kind of cyberespionage the United States government does and China,’ says Clarke.
‘The U.S. government doesn’t hack its way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. We don’t do that.’
Clarke believes that Chinese companies used information from Boeing and Microsoft – and that the nation is at risk from an economic war of attrition.
‘My greatest fear,’ Clarke says, ‘is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it.
‘That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.’
The move comes in the wake of several high-profile cyber attacks originating in China which targeted U.S and other government officials.
China is widely suspected of being the origin of many hacking attacks on government and commercial websites abroad, but officials have repeatedly dismissed reports that the government or military could be behind such attacks.
Last year, hackers based in Jinan, China targeted personal Gmail and Yahoo accounts of government officials.
The methods used suggested insider knowledge about the offiicals according to many observers.
The Chinese government denied any involvement.
‘Blaming these misdeeds on China is unacceptable,’ said Chinese foreign ministry spokesman Hong Lei after the attacks.
‘Hacking is an international problem and China is also a victim. The claims of so-called support for hacking are completely unfounded.’
How China Steals Our Secrets
By RICHARD A. CLARKE
Published: April 2, 2012
FOR the last two months, senior government officials and private-sector experts have paraded before Congress and described in alarming terms a silent threat: cyberattacks carried out by foreign governments. Robert S. Mueller III, the director of the F.B.I., said cyberattacks would soon replace terrorism as the agency’s No. 1 concern as foreign hackers, particularly from China, penetrate American firms’ computers and steal huge amounts of valuable data and intellectual property.
It’s not hard to imagine what happens when an American company pays for research and a Chinese firm gets the results free; it destroys our competitive edge. Shawn Henry, who retired last Friday as the executive assistant director of the F.B.I. (and its lead agent on cybercrime), told Congress last week of an American company that had all of its data from a 10-year, $1 billion research program copied by hackers in one night. Gen. Keith B. Alexander, head of the military’s Cyber Command, called the continuing, rampant cybertheft “the greatest transfer of wealth in history.”
The Chinese government has always denied that it is involved in cyber crime, claiming that it is a victim
Case Based in China Puts a Face on Persistent Hacking
Future conflict between the Unitrd States and China may be waged along networks through packets of data, cyber-warfare: malware, trojans and viruses. It is well-established in Western media that the Chinese seek to penetrate corporate and government networks to obtain sensitve data. Their hackers also target opponents of the Party.
China’s denials about cyberattacks undermined by video clip
China Confirms Existence of Elite Cyber-Warfare Outfit the ‘Blue Army’
Published May 26, 2011| NewsCore
China set up a specialized online “Blue Army” unit that it claims will protect the People’s Liberation Army from outside attacks, prompting fears that the crack team was being used to infiltrate foreign governments’ systems.
At a rare briefing, China’s defense ministry spokesman, Geng Yansheng, announced that the 30-strong team was formed to improve the military’s security, the Beijing News reported Thursday.
When a reporter asked if the Blue Army was set up in order to launch cyber attacks on other countries, Geng said that internet security was an international issue that impacted not only society but also the military field, adding that China was also a victim of cyber attacks and that the country’s network security was currently relatively weak.
The online unit, organized under the Guangdong Military Command, is believed to have existed for at least two years before Geng’s acknowledgment Wednesday.
Sources throughout the internet security industry have long believed that China-based hackers are the single largest source of worldwide cyber attacks.
A report from US anti-virus software maker Symantec last year found that almost 30 percent of so-called malicious emails were sent from China, with 21.3 percent of the attacks originating from the eastern city of Shaoxing.
Chinese hackers: No site is safe
March 07, 2008 | By John Vause CNN
They operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world’s most sensitive sites, including the Pentagon.
In fact, they say they are sometimes paid secretly by the Chinese government — a claim the Beijing government denies.
“No Web site is one hundred percent safe. There are Web sites with high-level security, but there is always a weakness,” says Xiao Chen, the leader of this group.
Chinese hacking worries Pentagon
A report focuses on the nation’s capability for ‘cyber-warfare.’
March 04, 2008 | Julian E. Barnes | Times Staff Writer
China in the last year has developed ways to infiltrate and manipulate computer networks around the world in what U.S. defense officials conclude is a new and potentially dangerous military capability, according to a Pentagon report issued Monday.
Computer network intrusions at the Pentagon and other U.S. agencies, think tanks and government contractors last year “appeared to originate” in China, according to the report.
In addition, computer intrusions in Germany, apparently by Chinese hackers, occur daily, along with infiltrations in France and Britain, the Pentagon said. Last year, British intelligence officials alerted financial institutions across the country that they were targets of “state-sponsored computer network exploitation” from China.
The Pentagon report does not directly accuse the Chinese military or government of the attacks but says the incidents are consistent with recent military thinking in that country. David Sedney, deputy assistant secretary of Defense for East Asia, said cyber-warfare was an area of growing concern and he called on the Chinese to clarify their intentions.
“The techniques that are used, the way these intrusions are conducted, are certainly very consistent with what you would need if you were going to actually carry out cyber-warfare, and the kinds of activities that are carried out are consistent with a lot of writings we see from Chinese military and Chinese military theorists,” Sedney said.
U.S. military officials believe that Chinese cyber-warfare advances, coupled with China’s increasing skill at neutralizing information-transmitting satellites and other capabilities, is part of a military objective of crippling potential foes, even those that may be militarily superior such as the United States, in the event of an international crisis or confrontation.
China ‘biggest victim’ of cyber attacks
China military paper urges steps against U.S. cyber war threat
By Chris Buckley | Reuters – Thu, 16 Jun, 2011
BEIJING (Reuters) – China must boost its cyber-warfare strength to counter a Pentagon push, the country’s top military newspaper said on Thursday after weeks of friction over accusations that Beijing may have launched a string of Internet hacking attacks.
The accusations against China have centered on an intrusion into the security networks of Lockheed Martin Corp and other U.S. military contractors, and deceptions intended to gain access to the Google e-mail accounts of U.S. officials and Chinese human rights advocates.
But the official newspaper of the People’s Liberation Army said it was Beijing that was vulnerable to attack, in a news report that surveyed the Pentagon’s efforts in cyber security.
“The U.S. military is hastening to seize the commanding military heights on the Internet, and another Internet war is being pushed to a stormy peak,” concluded the report in the Chinese-language Liberation Army Daily.
“Their actions remind us that to protect the nation’s Internet security, we must accelerate Internet defense development and accelerate steps to make a strong Internet army,” said the Liberation Army Daily article.
The article was also published on the website of (http://www.mod.gov.cn).
Although it does not amount to an official government statement, the report in the military newspaper — which is closely vetted to reflect official thinking — shows how China is also focused on the issues of Internet attacks and defense.
“Although our country has developed into an Internet great power, our Internet security defenses are still very weak. So we must accelerate development of Internet battle technology and armament,” said the report.
“Comprehensively improve our military’s ability to defend the Internet frontiers,” it urged.
Earlier this month, U.S. Defense Secretary Robert Gates said Washington was seriously concerned about cyber-attacks and prepared to use force against any it considered acts of war.
China brands Google ‘snotty-nosed’ as cyber feud intensifies
Military portrays China as victim rather than perpetrator of cyber-attack and vows to strengthen online defences
China Calls US Culprit in Global ‘Internet War’
Jonathan Watts in Beijing and agencies guardian.co.uk, Friday 3 June 2011 18.09 BST
China must bolster its online defences in the battle for public opinion, two military officers said on Friday as Beijing sought to portray itself as a victim rather than a perpetrator of cyberwarfare.
Two days after the US-based search engine Google revealed China was the origin of a high-profile hacking attack, senior colonel Ye Zheng and his colleague Zhao Baoxian of the People’s Liberation Army emphasised the need for a robust internetstrategy.
“Just as nuclear warfare was the strategic war of the industrial era, cyberwarfare has become the strategic war of the information era, a form of battle that is massively destructive and concerns the life and death of nations,” the strategists from the Academy of Military Sciences wrote in the China Youth Daily.
The article did not mention Google, but it comes amid a stream of angry rebuttals to the company’s accusation that the hacking originated in China. The Chinese foreign ministry said on Thursday that the claims revealed “ulterior motives”. An editorial in the nationalist Global Times newspaper went further, describing Google as “snotty-nosed” and resentful about its failure to secure a larger share of the market in China.
Neither Google nor the US government has directly blamed Chinese authorities for the hacking incidents against several hundred senior US and South Korean officials, human rights activists and journalists.
But the search engine traced the attacks to Jinan, the provincial capital of Shandong and home to a school that has previously been suspected of hosting hackers. US secretary of state Hillary Clinton described the allegations as “very serious”.
Chinese officials acknowledged last week that their army – like that of several other nations – had established a cyberwarfare unit.
Known as the “cyber blue team”, the group of 30 officers is reportedly organised under the Guangdong military command in the south of China and has a multi-million pound budget, the Global Times reported.
“Cyber-attacks have become an international problem affecting both civilian and military areas,” China’s defence ministry spokesman, Geng Yansheng, was quoted as saying at a rare media briefing.
“China is relatively weak in cyber security and has often been targeted. This temporary programme is aimed at improving our defences against such attacks.”
The unit and others are said to have already been engaged in simulations of cyberwarfare.
Rather than hacking attacks aimed at obtaining private or secret information, Ye and Zhao said China was threatened by psychological operations that used the internet to shift public opinion against governments. They cited the “domino effect” seen in the Middle East and north Africa created by Facebook, Twitter and other social media that are banned by China’s great firewall of censorship.
“Cyberwarfare is an entirely new mode of battle that is invisible and silent, and it is active not only in wars and conflicts, but also flares in the everyday political, economic, military, cultural and scientific activities,” the article went on to say.
BEIJING June 3, 2011 (AP)
The Chinese military accused the U.S. on Friday of launching a global “Internet war” to bring down Arab and other governments, redirecting the spotlight away from allegations of major online attacks on Western targets originating in China.
The accusations Friday by Chinese military academy scholars, and their urging of tougher policing of the Internet, followed allegations this week that computer hackers in China had compromised the personal Gmail accounts of several hundred people, including government officials, military personnel and political activists.
Google traced the origin of the attacks to the city of Jinan that is home to a military vocational school whose computers were linked to a more sophisticated assault on Google’s systems 17 months ago. China has denied responsibility for the two attacks.
Writing in the Communist Party-controlled China Youth Daily newspaper, the scholars did not mention Google’s claims, but said recent computer attacks and incidents employing the Internet to promote regime change in Arab nations appeared to have originated with the U.S. Government.
NSA allies with Internet carriers to thwart cyber attacks against defense firms
By Ellen Nakashima, Published: June 16
The National Security Agency is working with Internet service providers to deploy a new generation of tools to scan e-mail and other digital traffic with the goal of thwarting cyberattacks against defense firms by foreign adversaries, senior defense and industry officials say.
The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation’s largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets.
“We hope the. . .cyber pilot can be the beginning of something bigger,” Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”
The prospect of a role for the NSA, the nation’s largest spy agency and a part of the Defense Department, in helping Internet service providers filter domestic Web traffic already had sparked concerns among privacy activists. Lynn’s suggestion that the program might be extended beyond the work of defense contractors threatened to raise the stakes.
James X. Dempsey, vice president for public policy at the Center for Democracy & Technology, a civil liberties group, said that limiting the NSA’s role to sharing data is “an elegant solution” to the long-standing problem of how to use the agency’s expertise while avoiding domestic surveillance by the government. But, he said, any extension of the program must guarantee protections against government access to private Internet traffic.
“We wouldn’t want this to become a backdoor form of surveillance,” Dempsey said.
Officials say the pilot program does not involve direct monitoring of the contractors’ networks by the government. The program uses NSA-developed “signatures,” or fingerprints of malicious code, and sequences of suspicious network behavior to filter the Internet traffic flowing to major defense contractors. That allows the Internet providers to disable the threats before an attack can penetrate a contractor’s servers. The trial is testing two particular sets of signatures and behavior patterns that the NSA has detected as threats.
The Internet carriers are AT&T, Verizon and CenturyLink. Together they are seeking to filter the traffic of 15 defense contractors, including Lockheed, Falls Church-based CSC, McLean-based SAIC and Northrop Grumman, which is moving its headquarters to Falls Church. The contractors have the option, but not the obligation, to report the success rate to the NSA’s Threat Operations Center.
All three of the Internet carriers declined to comment on the pilot program. Several of the defense contractors declined to comment as well.
Partnering with the major Internet providers “is probably the technically quickest way to go and the best way to go” to defend dot-com networks, said Gen. Keith B. Alexander, who heads the NSA and the affiliated U.S. Cyber Command at Fort Meade, testifying before Congress in March.
Pentagon to unveil cybersecurity strategy
By Ellen Nakashima, Published: July 13
The Pentagon is set to unveil Thursday a strategy for protecting its computer systems that goes beyond erecting firewalls and stresses the use of sensors, software and data collected by U.S. intelligence, U.S. officials said.
At the same time, officials have labored to make their “Cyber 3.0” strategy not appear too bellicose in an effort to counter perceptions that the United States is militarizing cyberspace, according to people briefed on the process.
Those perceptions have been driven by the creation of U.S. Cyber Command, a military organization that is allied with the government’s largest and most technologically sophisticated spy agency, the National Security Agency. The Pentagon also has declared that cyberspace is a new “domain” of warfare — alongside air, land, sea and space.
But drafts of a speech introducing the policy, set for delivery Thursday by Deputy Defense Secretary William J. Lynn III, suggest that officials want to tamp down criticism that U.S. cybersecurity policy is more offensive than defensive. “Far from militarizing cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes,” reads one section of a draft obtained by the online publication Nextgov.
The strategy’s rollout was delayed by more than six months, in part to avoid preempting the White House’s release of a global cybersecurity strategy and in part to work through concerns that the language could fuel perceptions of military dominance, said experts briefed on the strategy who spoke on the condition of anonymity because the briefings were confidential. The State Department and other agencies argued that defining cyberspace as a war-fighting domain would complicate relationships with international partners wary of U.S. military domination of cyber-security policy, they said.
In the end, according to U.S. officials, the Pentagon agreed to refer to cyberspace as a domain strictly in terms of defending military networks rather than as a full-fledged arena of warfare.
The strategy, which has been two years in the making, is expected to emphasize that officials consider a military response to current cyber intrusions unlikely.
“Although it is certainly possible that a destructive or disruptive cyber attack could have an impact analogous to physical hostilities and therefore constitute an act of war, the vast majority of malicious cyber activity today would not cross this threshold, or justify a military response,” says another draft of Lynn’s speech.
In fact, the strategy does not specify how the United States might use computers in a direct attack, said several military officials, who said the document missed an opportunity to delineate how and when offensive means should be used.
The Pentagon’s strategy builds on the White House’s May release of its global cyber-security strategy, which declared that the United States would “oppose those who seek to disrupt networks and systems, dissuading and deterring malicious actors, and reserving the right to defend these vital national assets as necessary and appropriate.”
The Pentagon strategy’s five “pillars” have been outlined in speeches before and include the establishment of “active defenses” such as sensors and software that can make networks more resilient. Such technologies have prompteddebate within the Pentagon over whether they may be used to neutralize potentially malicious code in an adversary’s system — a course of action that could cross the line into offense.
The U.S. military has developed cyber weapons that can be used to deter an adversary from using its computer systems to attack the United States. They include viruses that can sabotage an opponent’s critical networks, similar to the Stuxnet virus, which damaged an Iranian nuclear facility, military officials said. Outside war, such weapons require presidential authority to be used, the officials said.
In March, in response to concerns from various departments and agencies, the White House prepared draft guidance that discussed use of the word “domain” to refer to cyberspace. The unclassified document, which was never formally issued but was obtained by The Washington Post, noted that “the lack of public understanding about the nature and parameters of U.S. military activity in cyberspace mandates messaging on this issue be precise.”
The guidance included the directive that “Cyberspace. . .is not to be characterized as a ‘warfighting,’ ‘military’ or ‘operational’ domain.” The phrase “cyber domain,” it continued, “is to be replaced with ‘cyberspace’ whenever possible.”
Gamers Target U.S. Troops in Chinese Military ‘Shooter’
By David Axe May 17, 2011 |12:23 pm
China’s latest stealth fighter might be cloned from the debris of a shot-down U.S. Air Force F-117. Chinese naval warplanes are reverse-engineered Soviet designs, as is its navy’s only aircraft carrier.
For decades, China has copied many of its military systems from foreign-made originals. It’s a hallmark of a fast-growing power just finding its footing in the high-tech world.
The latest example? A first-person-shooter video game, developed by China’s Giant Network Technology Co. and backed by the People’s Liberation Army. It’s apparently modeled on the U.S. Army–made shooter America’s Army.
Like its American counterpart, introduced as a recruiting tool in 2002, Glorious Mission begins with simulated basic training before deploying the player to an imaginary battleground to duke it out in close-quarters combat. News reports show scores of Chinese troops dutifully gaming away in front of their computer screens.
“The game itself looks pretty well-made,” one blogger commented. “Graphics definitely on par with at least the [Call of Duty] series.”
But there’s one key difference between the American and Chinese “shooters.” Where the bad guys in America’s Army are generic Middle Eastern or Central Asian insurgents and terrorists, the enemy in Glorious Mission is apparently the U.S. military. A TV report offers glimpses of an American-made Apache gunship crashing in flames.
There’s another big difference. America’s Army has been criticized for having a subtle, propagandistic effect on young players. In Glorious Mission, the politics are anything but subtle. Following training and combat, the game’s third stage recreates the “fiery political atmosphere of camp life,” according to one Chinese-language news report.
Glorious Mission follows a long line of computer games meant to reproduce some element of the military experience in a particular nation or conflict. Besides America’s Army, the Pentagon has also developed so-called “first-person thinker” games for training commanders to make tough decisions in times of information overload.
Amid Beijing’s apparent enthusiasm for Glorious Mission, some observers warn of conflating real warfare with mere simulations. “The game content and the values embodied in military thinking … are very different,” one Chinese website warns. “Long-term use is not conducive to military education and training, and may even mislead officers and men.”
It could be one of a thousand factors that mislead Chinese trainees into thinking the United States is estined to be China’s enemy. And not just on digital battlefields.
By Bill Gertz The Washington Times 7:25 p.m., Wednesday, May 25, 2011
Jet delay adds to China threat
The threat from Chinese advanced weapons, including new stealth fighters and ballistic missiles, dominated concerns expressed by senior military officers at a Senate hearing this week on the military impact of delays and problems with the new fifth-generation F-35 jet.
Two senior officers in charge of U.S. air power voiced increasing worries that U.S. forces will not be prepared for a future conflict with China, during a hearing of the Senate Armed Services airland subcommittee on Tuesday.
Air ForceLt. Gen. Herbert J. Carlisle, deputy chief of staff for operations, said China’s rollout earlier this year of a new J-20 stealth fighter, which has made two or three test flights, is very troubling, along with another joint Russian-Indian stealth jet.
Both aircraft could be sold to Iran and affect a future U.S. intervention there against Tehran’s nuclear program.
“Those are discouraging in that they rolled out in a time that we thought there was maybe a little bit more time, although we weren’t sure of that,” Gen. Carlislesaid.
The three-star general’s comments echoed earlier comments by NavyVice Adm. David J. Dorsett, a senior intelligence official, who said of the J-20 in January that “we have been pretty consistent in underestimating the delivery of Chinese technology and weapons systems.”
U.S. military fighters will remain a pace ahead technologically of both the Chinese and Russian stealth jets. But if there are further F-35 delays, “then that pacing is in jeopardy,” Gen. Carlislesaid.
In unusually candid comments on China’s growing military power, Gen. Carlisle said: “You need only look across the Pacific and see what China is doing, not just their air force capability, but their surface-to-air [missile] capability, their ballistic missile capability, their anti-ship ballistic missiles,” and new missiles that can reach U.S. bases in Guam and Japan.
“All of those things are incredibly disturbing to us for the future,” Gen. Carlisle said. “And again, … we not only have to be able to defeat those, we have to hold those targets at risk, and that’s where these fifth-generation aircraft come in.”
Asked during the hearing what “keeps you up at night,” Rear Adm. David L. Philman , Navy director of warfare integration, said: “Well, the China scenario is first and foremost, I believe, because they seem to be more advanced and they have the capability out there right now, and their ships at sea and their other anti-access capabilities.”
The Pentagon refers to China’s advanced weapons, including ballistic missiles that hit ships at sea, new submarines, anti-satellite weapons and cyberwarfare capabilities, as “anti-access and area denial” arms.
Adm. Philman said the J-20 rollout is a concern, but with 1,000 test hours on the F-35, the jet is a “far leap ahead from the Chinese fighter that’s flown three times.”
“But they will catch up. They understand. They’re a smart and learning enemy, and if we don’t keep our edge, then we will be behind, or at least lose our advantage,” Adm. Philman said.
China says will not threaten anyone with modern
Kevin Lim, Reuters
June 5, 2011, 6:54 pm
SINGAPORE (Reuters) – China’s defence minister sought to reassure Asia Pacific neighbours on Sunday that his country’s growing economic and military power was not a threat, as long-running maritime disputes in the region flare up again.
General Liang Guanglie told the annual Shangri-La security conference in Singapore that the modernisation of the People’s Liberation Army was in line with the country’s economic growth and to meet its security requirements.
“We do not intend to threaten any country with the modernisation of our military force. I know many people tend to believe that with the wealth of China’s economy, China will be a military threat,” he said, speaking dressed in full military uniform.
“I would like to say that it is not our option. We didn’t seek to, we are not seeking to and we will not seek hegemony and we will not threaten any country.”
China will beef up its military budget by 12.7 percent this year, the government announced in March, a return to double-digit spending increases that stirred unease in the region as well as in the United States which has long had a strong presence in the Asia-Pacific region.
China’s growing military influence has coincided with a more assertive diplomatic tone, evident in rows with Japan and Southeast Asia over disputed islands, and in rows with Washington over trade, the yuan currency and this week over cyber-security after Google said email accounts had been hacked in an attack that appeared to originate from China.
But Liang said the situation in the South China Sea where a territorial dispute with Vietnam and the Philippines heated up last month was now stable.
“China is committed to maintaining peace and stability in the South China sea,” he said adding it stood by a 2002 code of conduct signed with members of the Association of South East Asian Nations to resolve peacefully the rival claims over the resource-rich region.
SOUTH CHINA SEA TENSION
Both Vietnam and the Philippines have complained about Chinese activity and even harassment in the contested South China Sea over the past week or so.
China, Vietnam, the Philippines, Malaysia, Brunei and Taiwan all claim territories in the sea, which covers an important shipping route and is thought to hold untapped oil and gas reserves.
China’s claim is by far the largest, forming a vast U-shape over most of the sea’s 648,000 square miles (1.7 million square km), including the Spratly and Paracel archipelagos.
The Philippines said this week that Chinese naval ships and a surveillance vessel placed a buoy and posts near a bank in the part of the South China sea that Manila claims as its territory. The incident happened last month while Liang himself was in Manila on an official tour.
Tension also increased with Vietnam last month after Hanoi said a Vietnamese oil and gas exploration ship had its surveying cables cut by Chinese boats.
A Vietnamese government minister said on Sunday while the land borders had been settled with China, the dispute over the seas remained.
“The land border area has become an area of peace and cooperation for both countries, but it’s a different story with the South China Sea,” Nguyen Chi Vinh, deputy defence minister, told reporters on the sidelines of the conference.
In a rare public protest in Vietnam, up to 300 people shouting “Down with China” marched to the Chinese embassy in the capital, Hanoi, to protest against what they saw as China’s violations of Vietnam’s sovereignty in the sea.
Images posted online showed about 1,000 people marching in what appeared to be a similar protest in Ho Chi Minh City, Vietnam’s commercial hub.
The modernisation of China’s navy in particular has raised concern in the region. Beijing is upgrading its destroyers and frigates to sail further and strike harder.
China could launch its first aircraft carrier this year, according to Chinese military and political sources, a year earlier than U.S. military analysts had expected, underscoring its growing maritime power and assertiveness.
Liang did not touch on the naval modernisation, but said the army and the air force remained years behind several of those in the developed world, including those of the United States.
“Our army and air force have mainly second-generation weapons. We do not have a large arsenal of third generation weapons or systems while others are entering a fourth generation. So there is a generational gap.
Vietnam shift could see return of US ships
By Ben Bland in Cam Ranh Bay
Published: June 14 2011 22:46 | Last updated: June 14 2011 22:46
Nguyen Duc De knows at first hand how alliances can change. The former Vietnamese soldier was stationed on the disputed Spratly Islands in the 1980s, when tensions with China were high following their 1979 border war, and he used to take pot shots at the Chinese marines who approached his base, pretending to be fishermen.
When diplomatic relations between the Communist neighbours were restored in the 1990s, shooting was prohibited, he says, but, as China’s economic and military might has grown over the past decade, strains over contested islands in the South
China Sea have been on the rise again.
They’re so big and we’re so small, so what can we do?” asks 50-year-old Mr De, who works as a security guard at a memorial to Vietnamese and Russian soldiers who lost their lives in the Spratly Islands and at the nearby naval and air base at Cam Ranh Bay in south-central Vietnam.
The historic military facility, located within one of Asia’s best natural harbours, is at the centre of a strategic push from Vietnam to counter China’s growing assertiveness over disputed waters in the commercially important South China Sea.
Cam Ranh Bay became a potent cold war symbol, first as an American base during the war with Communist North Vietnam, and then as a Soviet base after 1979, hosting nuclear submarines and one of the most important spying stations outside Russia.
When the Russians finally pulled out in 2002, Hanoi vowed never to let any foreign power have control of the facility. But, last year, Nguyen Tan Dung, Vietnam’s prime minister, said he would let foreign naval ships use the base again to dock, resupply and undergo repairs on a commercial basis.
The move may generate some cash once the now crumbling facilities are refurbished, security analysts say. However, the main justification for opening up the bay is to balance China’s naval dominance in the South China Sea, which encompasses key global trade routes, valuable fisheries and is thought to sit atop vast oil and gas reserves.
“Who’s going to take up the offer to visit?” says Carl Thayer, an expert on security in the South China Sea at the Australian Defence Force Academy in Canberra. “Precisely those navies that China doesn’t want in the South China Sea, including the Americans, Australians, South Koreans and Indians.”
One senior Asian defence official argues that the US will be keenest to take advantage of the opportunity to use the base, which offers great protection from storms and is located close to key commercial shipping lanes and the disputed islands.
“The US has a Pacific fleet and it’s been more aggressive than many other countries in trying to build closer contacts with Vietnam to counter China’s rise,” he says.
The planned reopening of the base to foreign naval vessels is a sign of the shifting global strategic sands, with China’s inexorable rise causing concern among those such as Vietnam and the US, pushing these old enemies closer together.
Although Vietnam has developed deep economic and political ties with its larger northern neighbour since the 1990s, the relationship is coming under pressure because of China’s increasingly aggressive behaviour in the South China Sea, according to Ian Storey, a fellow at the Institute of Southeast Asian Studies in Singapore, who studies maritime security.
China, which recently built a large naval base on Hainan island, to the north of the disputed waters, increasingly has the capability to deploy coercive diplomacy in the South China Sea, says Mr Storey. Recent incidents where Chinese maritime surveillance vessels have tried to sabotage Vietnamese oil exploration ships show Beijing also has the political will to do so.
Hanoi has responded by seeking to internationalise the territorial dispute, calling on other claimants to some of the contested Paracel and Spratly Islands – Brunei, Malaysia, the Philippines and Taiwan – to hold joint talks and attempting to bring in the US as a mediator.
Despite macroeconomic difficulties,
Vietnam has boosted its spending on military hardware, agreeing to buy a number of Sukhoi SU-30 jetfighters and six Kilo-class diesel submarines from Russia.
Once delivered in the next year or two, the submarines are expected to be based at Cam Ranh Bay, which analysts say Russia has agreed to refurbish as part of the $2bn contract to supply the craft. Echoing the patriotism of many Vietnamese, Mr De says he does not want to see any foreign forces in the bay.
But changing dynamics of global security mean that, in a twist of fate, American and Russian ships may soon be back at Cam Ranh Bay, this time working alongside each other and the Vietnamese to counterbalance an ever stronger China.
Hacking is cheaper than product development, say experts.
Google and Intel were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyber spies on iBahn, a provider of internet services to hotels, takes some explaining.
iBahn provides broadband business and entertainment access to guests of Marriott International and other hotel chains, including multinational companies that hold meetings on site. Breaking into iBahn’s networks, according to a senior US intelligence official familiar with the matter, may have let hackers see millions of confidential emails, even encrypted ones, as executives from Dubai to New York reported back on everything from new product development to merger negotiations.
More worrisome, hackers might have used iBahn’s system as a launching pad into corporate networks that are connected to it, using traveling employees to create a backdoor to company secrets, said Nick Percoco, head of Trustwave’s SpiderLabs, a security firm.
The hackers’ interest in companies as small as Salt Lake City-based iBahn illustrates the breadth of China’s spying against firms in the US and elsewhere. The networks of at least 760 companies, research universities, internet service providers and government agencies were hit over the last decade by the same elite group of China-based cyber spies.
The companies, including firms such as Research in Motion (RIM) and Boston Scientific, range from some of the largest corporations to niche innovators in sectors like aerospace, semiconductors, pharmaceuticals and biotechnology, according to intelligence data obtained by Bloomberg News.
“They are stealing everything that isn’t bolted down, and it’s getting exponentially worse,” said Representative Mike Rogers, a Michigan Republican who is chairman of the US Permanent Select Committee on Intelligence.
China has made industrial espionage an integral part of its economic policy, stealing company secrets to help it leapfrog over US and other foreign competitors to further its goal of becoming the world’s largest economy, US intelligence officials have concluded in a report released last month.
“What has been happening over the course of the last five years is that China – let’s call it for what it is – has been hacking its way into every corporation it can find listed in Dun & Bradstreet,” said Richard Clarke, former special adviser on cybersecurity to US President George W. Bush, at an October conference on network security.
“Every corporation in the US, every corporation in Asia, every corporation in Germany. And using a vacuum cleaner to suck data out in terabytes and petabytes. I don’t think you can overstate the damage to this country that has already been done.”
In contrast, US cyberspies go after foreign governments and foreign military and terrorist groups, Clarke said.
“We are going after things to defend ourselves against future attacks,” he said.
Such accusations intensified when a November 3 report by 14 US intelligence agencies fingered China as the No.1 hacker threat to US firms. While the Obama administration took the unprecedented step of outing China by name, the White House, US intelligence agencies and members of Congress are struggling to assess how much damage is being done during such attacks and what to do to stop them beyond public rebuke.
For now, the administration is concentrating on raising awareness among company executives and seeking a commitment to improve security against such attacks. Rogers has a bill pending in the House that would permit the government to share secret information that would help companies spot hacker intrusions, such as signatures of malicious Chinese software.
Consistently denied responsibility
China has consistently denied it has any responsibility for hacking that originated from servers on its soil. Geng Shuang, a spokesman for the Chinese embassy in Washington, didn’t respond to several e-mails and phone calls requesting comment. Wang Baodong, another Chinese government spokesman in Washington, also didn’t respond to requests for comment.
Based on what is known of attacks from China, Russia and other countries, a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from US corporate computers in the last year reached almost $500 billion, said Rogers, a former agent for the Federal Bureau of Investigation.
US officials are grappling with how stolen information is being used, said Scott Borg, an economist and director of the US Cyber Consequences Unit, a non-profit research institute. Calculating the damage depends on hard-to-know variables, such as how effectively and quickly thieves can integrate stolen data into competing products, the senior intelligence official said.
While a precise dollar figure for damage is elusive, the overall magnitude of the attacks is not, Borg said.
“We’re talking about stealing entire industries,” he said. “This may be the biggest transfer of wealth in a short period of time that the world has ever seen.”
The public evidence against China now being rolled out by the Obama administration, Rogers and others in Congress has been collected by the intelligence community over several years. Many of the details remain classified.
The hackers who attacked iBahn are among the most skilled of at least 17 China-based spying operations the US intelligence community has identified, according to a private security official briefed on the matter who asked not to be identified because of the subject’s sensitivity.
Massive espionage ring
The hackers are part of a massive espionage ring codenamed Byzantine Foothold by US investigators, according to a person familiar with efforts to track the group. They specialise in infiltrating networks using phishing e-mails laden with spyware, often passing on the task of exfiltrating data to others.
Segmented tasking among various groups and sophisticated support infrastructure are among the tactics intelligence officials have revealed to Congress to show the hacking is centrally coordinated, the person said. US investigators estimate Byzantine Foothold is made up of anywhere from several dozen hackers to more than one hundred, said the person, who declined to be identified because the matter is secret.
“The guys who get in first tend to be the best. If you can’t get in, the rest of the guys can’t do any work,” said Richard Bejtlich, chief security officer for Mandiant Corp., an Alexandria, Virginia-based security firm that specialises in cyber espionage. “We’ve seen some real skill problems with the people who are getting the data out. I guess they figure if they haven’t been caught by that point, they’ll have as many chances as they need to remove the data.”
US and other companies have been secretive about the details of their computer security. When Google announced in 2010 that China-based hackers had raided its networks, it was a rare example of a US company publicly revealing a cyber burglary aimed at its intellectual property – in this case, its source code.
Mountain View, California-based Google, the world’s largest search-engine firm, said at the time that at least 34 other major companies were victims of the same attack. However, only two – Intel and Adobe Systems – stepped forward, and they provided few specifics.
Google vastly underestimated the scope of the spying. Intelligence documents obtained by Bloomberg News show that China-based hackers have hunted technology and information across dozens of economic sectors and in some of the most obscure corners of the economy, beginning in 2001 and accelerating over the last three years. Many of the victims have been hacked more than once.
One victim of Byzantine Foothold, Associated Computer Systems, a division of Xerox, provides back-office services such as accounting and human resources for thousands of multinational firms and government agencies in more than 100 countries. According to its website, ACS’s expertise includes digitising and storing documents, a potential treasure-trove of information on the firm’s corporate clients, including carmakers and computer companies.
Other targets of the group include large companies such as Hewlett-Packard, Volkswagen and Yahoo. Smaller firms in strategic sectors were also hit, such as iBahn and Innovative Solutions & Support, which manufactures flight-information computers; as were Massachusetts Institute of Technology, the Italian Academic and Research Network and the California State University Network.
An informal working group of private-sector cybersecurity experts and government investigators identified the victims by tracing information sent from hacked company networks to spy group-operated command-and-control servers, according to a person familiar with the process. In some cases, the targets aren’t aware they were hacked.
People’s Liberation Army
Such tracing is sometimes possible because of sloppiness and mistakes made by the spies, said another senior intelligence official who asked not to be named because the matter is classified. In one instance, a ranking officer in China’s People’s Liberation Army, or PLA, employed the same server used in cyberspying operations to communicate with his mistress, the intelligence official said.
Many of the cyber attacks have been linked to specific China-related events, a pattern noted by secret diplomatic cables published by WikiLeaks, the anti-secrecy website. During the five-year period beginning in 2006, a second group of China-based hackers ransacked the networks of at least 71 companies, government entities, think-tanks and non-profit groups, said McAfee, which analysed information from servers used in the attacks.
‘Operation Shady Rat’
Details of those intrusions were originally published in an August report by the cyber security firm dubbed “Operation Shady Rat.” The report didn’t name the country where the hackers were based or identify the private-sector victims. The report’s principal author, Dmitri Alperovitch, who now heads his own firm, Asymmetric Cyber Operations, confirmed the country was China.
In one of the earliest attacks on a company, cyberspies hacked into the computer networks of POSCO, the South Korean steel giant, in July 2006, Alperovitch said. The intrusion took place the same month that the steelmaker, the third largest in the world, initiated a takeover of a large steel mill in eastern China, according to the US-based Epoch Times, founded by supporters of the dissident Falun Gong spiritual sect, which first noted a link between the two events.
Earthquakes and satellites
Two years later, Chinese rescue workers were using satellite communications equipment made by the Danish technology firm Thrane & Thrane following a major earthquake in Sichuan province. China Daily, the quasi-official newspaper, had praised the Danish equipment’s performance. Alperovitch said the Danish firm was hacked by the Shady Rat crew three months later.
“With fans like those, who needs enemies?” he said.
John Alexandersen, a spokesman for the Lundtofte, Denmark-based Thrane & Thrane, said although he couldn’t “rule out” that hackers breached their networks, no confidential data was taken.
The approval of China’s most recent five-year economic plan provides another possible link between Chinese government policy and cyber-espionage. The plan, approved by the National People’s Congress in March, identifies seven priority industries that mirror the most prominent targets of China-based cyberspies, according to the two senior US intelligence officials who have knowledge of the victims.
KPMG International, the auditing firm, said the five-year plan’s priorities include clean energy; biotechnology; advanced semiconductors; information technology; high-end manufacturing, such as aerospace and telecom equipment; and biotechnology, including drugs and medical devices.
Same shopping list
In many cases, the iBahn hackers appear to be working off the same shopping list, according to intelligence documents.
In the biotechnology sector, their victims include Boston Scientific, the medical device maker, as well as Abbott Laboratories and Wyeth, the drug maker that is now part of Pfizer.
The hackers also rifled networks of the Parkland Computer centre in Rockville, Maryland, according to documents provided to Bloomberg News by a person involved in government tracking of the cyberspies, who declined to be identified because the matter isn’t public.
Parkland is the computing centre for the Food and Drug Administration, which has access to drug trial information, chemical formulas and other data for almost every important drug sold in the US.
In the manufacturing sector, San Jose, California-based Cypress Semiconductor, which makes advanced chips for telecommunications equipment, was a victim, as were Aerospace, which provides scientific research on national security-related space programs, and Environmental Systems Research Institute, a Redlands, California-based company that develops mapping software.
In China, those industries are developing rapidly. Chinese companies were involved in 10 of the 13 global technology initial public offerings in the third quarter of 2011, according to PricewaterhouseCoopers, the global auditing firm. The Chinese firms specialised in information technology, semiconductors and clean energy, like solar power, the PwC report said.
Driving China’s spike in cyberspying is the reality that hacking is cheaper than product development, especially given China’s vast pool of hackers, said a fourth US intelligence official. That pool includes members of its militia, who hack on commission, the official said. They target computing, high technology and pharmaceutical companies whose products take lots of time and money to develop, the official said.
US counterintelligence authorities have been tracking China’s cyberspies for years under the classified codename Byzantine Hades, which a March 27, 2009, secret US State Department cable published by WikiLeaks calls “a group of associated computer network intrusions with an apparent nexus to China.”
Byzantine Foothold, Byzantine Candor and Byzantine Anchor represent subsets, or various groups, of the overall Chinese cyber espionage threat, the person familiar with the secret tracking effort said.
Among the victims of Byzantine Foothold are internet service providers in more than a dozen countries, including Canada, Switzerland, Bangladesh, Venezuela and Russia. The ISPs are used as platforms to hack other victims and disguise spying activity.
An October 30, 2008, State Department cable described China-based hackers accessing several computer networks of a commercial internet provider in the US. They used the company’s systems to extract “at least 50 megabytes of email messages and attached documents, as well as a complete list of usernames and passwords from an unspecified” US government agency, according to the cable.
PLA’s Third Department
The cable stated that the hackers were based in Shanghai and linked to the PLA’s Third Department, a unit of the Chinese military that, according to a 2009 report by the US-China Economic and Security Review Commission, is responsible for cyber operations.
“Some notion that this isn’t nation-state driven is just false,” said Rogers, the US House intelligence committee chairman.
Fifteen of the companies and universities identified as hit by the iBahn hackers and contacted by Bloomberg News either declined to comment, said they had no knowledge of the attack, or didn’t respond to requests for comment.
Erik Fallis, a spokesman for the California State University Network, said that following an investigation, “no evidence was found to suggest that this event compromised CSU assets.”
Obama administration officials seeking to forge a robust policy and diplomatic response are facing few good options, said Clarke, the former White House cyber security official.
UN Security Council
China, a member of the UN Security Council, has the power to veto multilateral initiatives aimed at the country that pass through that body.
Sanctions on Chinese goods in sectors that have been heavily targeted by cyberspies – green energy, semiconductors and pharmaceuticals – would be a problematic solution, probably sparking a trade war, said James Lewis, a cyber security expert at the centre for Strategic and International Studies in Washington.
US government officials considering whether major corporate networks should be protected as a national security asset face opposition even from some victims protective of the internet’s laissez-fair culture, said Richard Falkenrath, a senior fellow for counterterrorism and national security studies at the Council on Foreign Relations.
“The situation we are in now is the consequence of three decades of hands-off approach by government in the development of the internet,” Falkenrath said.
Lack the leverage
For now, administration officials have correctly assessed that they lack the leverage to compel China to change its alleged criminal behavior, he said.
“The Cold War is a pretty good analogy,” Falkenrath said. “There was never any serious effort to change the internal character of Soviet state.”
At a minimum, the November intelligence agency report does throw down a marker in that conflict, said Estonian defence Minister Mart Laar. Estonia, which suffered a massive cyber attack in 2007 it said originated from Russia – is pushing for a NATO cyber defence alliance.
“I remember how the Cold War was changed, and you could for the first time feel the Soviet defeat coming when Ronald Reagan called the Evil Empire evil,” Laar said.