Сравнение хакеров Ирана, Китая и Северной Кореи
DESCRIPTION
TRANSCRIPT
Red-‐DragonRising.com©
взломать этот!
Red-‐DragonRising.com©
Compara>ve Study: Global Cyber Doctrine
LTCOL (RET) William Hagestad II MSc Security Technologies
MSc Management of Technology www.red-‐dragonrising.com
hagestadwt@red-‐dragonrising.com
Cyber as a spectrum of cyberspace opera>ons including Defensive Cyberspace Opera>ons (DCO) Offensive Cyberspace Opera>ons (OCO)
Red-‐DragonRising.com©
Protec>ng The Cyber Front Lines
Red-‐DragonRising.com©
2014 Top Internet Attacks….
hYp://mybroadband.co.za/news/security/101440-‐top-‐internet-‐aYacks.html
Китайская Народная Республика
Соединенные Штаты Америки
Россия
Red-‐DragonRising.com©
Port 445 most targeted port, reaching 30% of observed aYacks..
hYp://mybroadband.co.za/news/security/101440-‐top-‐internet-‐aYacks.html
The volume of aYacks targe>ng Port 80 remained
steady at 14%
Red-‐DragonRising.com©
“21st Century Chinese Cyber Warfare”
“二十一世紀中國網絡戰”
ISBN: 9781849283342
取締中華人民共和國
Red-‐DragonRising.com© ISBN: 978-‐1482577105 hYp://www.amazon.com/Opera>on-‐Middle-‐Kingdom-‐Computers-‐Networks-‐ebook/dp/B00GTVFJOQ/
取締中華人民共和國
Red-‐DragonRising.com© ISBN: 978-‐1493771974 hYp://www.amazon.com/Chinese-‐Informa>on-‐Warfare-‐Doctrine-‐
Development-‐ebook/dp/B00GWO12LO/
取締中華人民共和國
Red-‐DragonRising.com© ISBN: 978-‐1496080875 hYp://www.amazon.com/Chinas-‐Plans-‐Winning-‐Informa>on-‐
Confronta>on/dp/1496080874/
取締中華人民共和國
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Cyber Threat Motive Targets of Opportunity Methodologies Capabilities
Nation States ~ Peace Time
Economic, Military, National Secrets, Political
Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure
Military & Intel specific cyber doctrine, hacktivists
Asymmetric use of the cyber domain short of kinetic
Nation States ~ War Time
Economic, Military, Political
Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure
Military & Intel specific cyber doctrine, hacktivists
Asymmetric use of the cyber domain including kinetic
Cyber Terrorists & Insurgents Political Infrastructure, Extortion and
Political Processes
Combination of advanced persistent threats (APT)
Developing – will be a concern in 2012
Cyber Criminals – Grey & Black
Markets Financial
Intellectual Property Theft, Fraud, Theft, Scams, Hijacked Network & Computer Resources, Cyber Crime for Hire
Exploits, Malware Botnets, Worms & Trojans
Cell-based structure as an APT
Criminal Organizations – RBN Financial Use of above with
distinct planning Highly professional, dangerous
Rogue Organizations – Anonymous,
LulzSec
Financial Military, National Secrets, Political
Intellectual Property Theft, Direct & Indirect pressure on OGA Resources
Organic hacking capabilities unsurpassed
Organized yet de-centralized
Руководство Цифровые оппоненты
Red-‐DragonRising.com©
“Thanks to the increased attack traffic seen from Indonesia, ports 80 and 443 were the
most commonly targeted ports, accounting for 41 percent of observed attacks
combined.”
Indonesia Overtakes China…
h4p://www.techinasia.com/report-‐indonesia-‐overtakes-‐china-‐worlds-‐biggest-‐source-‐online-‐a4acks/
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Where?... When? Who Started All This?
hYp://www.defense.gov/releases/release.aspx?releaseid=13551
US DoD Militarizes Cyber
Space…
“We Are Coming for You if your
country is a threat in Binary World!”
Red-‐DragonRising.com©
Preemp>ve Strikes Will Be A Part Of U.S. Cyber-‐Defense
Strategy
That was in 2010….
Red-‐DragonRising.com©
This is, however, 2014….
hYp://news.xinhuanet.com/mil/2014-‐05/21/c_126526347.htm
美方无中生有 别有用心
China: U.S. fabricated charges with
ulterior moEves
Red-‐DragonRising.com©
China’s Defense Ministry: “China's military has never stolen trade secrets through a network”
United States is calling this "commercial espionage network” saying nothing,
confused with ulterior mo>ves.
Red-‐DragonRising.com©
조선 민주주의 인민 공화국
Red-‐DragonRising.com©
(1) for informa>on to obtain informa>on and intelligence about each other’s means, capabili>es, and strategies; (2) against informa>on aimed at protec>ng their informa>on systems, while disrup>ng or destroying the other side’s informa>on infrastructure; and (3) through informa>on reflected in the misinforma>on and decep>on opera>ons to shape their broader internal and external strategic narra>ves.
Korean Peninsula IW….
3 levels of informa>on conflict simultaneously:
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Cyber-‐espionage : North Korea's primary overseas intelligence gathering unit, operaEng under the State Security Agency (SSA), relies on cyber-‐related techniques for cyber-‐espionage to access informaEon, steal sensiEve data, & monitor foreign communicaEons. Computer network aYacks : North Korea has a4empted to disrupt South Korea's sophisEcated digital informaEon infrastructure using cyber a4acks to shut down major websites, disrupt online services of major banks, and probe South Korea's readiness to miEgate cyber-‐a4acks
Korean Cyber TTPs….
Red-‐DragonRising.com©
North Korean Army General Staff’s Reconnaissance Bureau, Unit 110, intercepted confiden>al defense strategy plans... OPLAN 5027… detailing US–ROK responses to poten>al North Korean provoca>ons
US Military officer with the ROK–US Combined Forces Command used an unsecured USB memory s>ck plugged into his PC while switching from a highly secure private intranet to the public Internet
2009 Korean Cyber Conflict Begins….
Red-‐DragonRising.com©
North Korean hackers stole informa>on from the South Korean Chemical Accidents Response Informa>on System (CARIS) a�er infiltra>ng the ROK Third Army headquarters’ computer network and using a password to access CARIS’s Center for Chemical Safety Management
North Korea’s overseas-‐intelligence gathering unit under the State Security Agency (SSA) is also believed to increasingly rely on informa>on warfare techniques for cyber-‐espionage to access informa>on, steal sensi>ve data, and monitor foreign communica>ons
2009 More Korean Cyber Conflict….
Red-‐DragonRising.com©
"Ten Days of Rain" DDoS aYacks targe>ng South Korean government websites and networks of the US Forces Korea (USFK) las>ng for 10 days in 2011… North Korea has relied on informa>on warfare to alter the percep>ons of its strategic plans – December 2012, and subsequent third nuclear test in February 2013, North Korea manipulated news stories as part of a deliberate decep>on campaign to hide its real inten>ons.
2010 – Present Day More Korean Cyber Conflict….
Red-‐DragonRising.com©
Mouse & Keyboard Cheaper Than a Tank….
Red-‐DragonRising.com©
2013 – DPRK military
could turn to cyber-‐warfare for lower costs
Red-‐DragonRising.com©
South Korea will use military cyber F/X to thwart DPRK’s
nuclear ambi>ons
Red-‐DragonRising.com©
South Korea government is working to the development of a cyber weapon to hit North Korean nuclear facili>es. It’s
Informa>on warfare.
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Characteristics US North Korea China
Started IW/EW 1860’s
Founding Father Andrew Carnegie/ Winfield Scott
Used as Combined Arms? Yes - 2011
Use of Hacktivism as a Proxy? Yes
Official Military Command 2010
External Motivators Global Threats
Internet Controls? Yes
Criminal Cyber Capability? Yes
Impact on Commerce? Yes
Red-‐DragonRising.com©
Средний Восток
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Islamic Republic of Iran
Red-‐DragonRising.com©
Iranian Cyber Dilemma
Red-‐DragonRising.com©
Where is Iran…?
Red-‐DragonRising.com©
زبان های گوناگون
@ Least 18 or More…diverse languages…or dialects….
Red-‐DragonRising.com©
Shi’ah…Sunnah…BOTH! @ Least 12 or More…diverse ethnici>es…. & Yet 2 Religions….
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Iran Needs Domes>c Cyber Defence Model
Deputy Chief of Staff of the Iranian Armed Forces for Basij and Defense Culture… -‐ Brigadier General Massoud Jazayeri
hYp://iranmilitarynews.org/2012/10/
Red-‐DragonRising.com©
SEP 2010
Red-‐DragonRising.com©
“Iranian Cyber-‐Jihadi Cells in America plot Destruc>on on
the Net and in Reality” Iranian Cyber-‐Jihadi Cells in America plot Destruc>on on
the Net and in Reality "Last September, Jihadists who call themselves “Cyber-‐
Hezbollah” organised their second conference in Teheran. Islamist hackers and cyber-‐jihadists gathered there and decided to fight the U.S. and Europe. Hassan Abbasi,
poli>cal strategist and adviser of the Iranian Revolu>onary Guards, was present, and delivered an ardent and virulent
speech."
NOV 2011 hYp://www.thecu�ngedgenews.com/index.php?ar>cle=53212&pageid=&pagename=
Red-‐DragonRising.com©
SEP 2012
Red-‐DragonRising.com©
OCT 2012
Red-‐DragonRising.com©
Mohammad-‐Reza Farajipour, Deputy Chief of Informa>on Technology and Communica>on of the Passive Defense Organiza>on of Iran
(PDOI)
“….cyber defense will now be taught at Iranian universi>es including at the Tarbiat Modares
university in Tehran and also at ins>tu>ons outside the capital…”
OCT 2012 hYp://iranmilitarynews.org/category/basij/page/2/
Red-‐DragonRising.com©
MAY 2013
Red-‐DragonRising.com©
JUN 2013
Red-‐DragonRising.com©
JUL 2013
Red-‐DragonRising.com©
OCT 2013
Red-‐DragonRising.com©
OCT 2012
Red-‐DragonRising.com©
JAN 2013
Red-‐DragonRising.com©
Izz ad-‐Din al-‐Qassam Cyber Fighters
Red-‐DragonRising.com©
…10 JUL 2013
Red-‐DragonRising.com©
− 29 OCT 2013
…20 NOV 2013
hYp://world.>me.com/2013/10/29/if-‐iran-‐can-‐get-‐this-‐reactor-‐online-‐it-‐may-‐be-‐invulnerable-‐to-‐military-‐aYack/#! hYp://www.langner.com/en/wp-‐content/uploads/2013/11/To-‐kill-‐a-‐centrifuge.pdf hYp://www.foreignpolicy.com/ar>cles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_aYack?page=full
Red-‐DragonRising.com©
hYp://www.presstv.com/detail/2013/12/13/339845/iran-‐to-‐unveil-‐indigenous-‐cyber-‐products/ DEC 2013
Red-‐DragonRising.com©
MAY 2014
Iran ‘Bans’ Whatsapp a�er Zuckerberg buys it
hYp://cyberparse.co.uk/2014/05/05/iran-‐bans-‐whatsapp-‐over-‐zionist-‐zuckerberg/ hYp://america.aljazeera.com/ar>cles/2014/5/3/iran-‐narenji-‐bloggers.html
However, Iran’s president Hassan Rouhani later tweeted Iranian Government ….
“fully opposed to filtering of WhatsApp”.
TwiYer and Facebook have been banned in Iran since 2009, when protests against former president Mahmoud Ahmadinejad gained momentum thanks to social media.
IRAN'S TECH BLOGGERS CAUGHT IN THE POLITICAL CROSSFIRE
Apoli>cal bloggers caught in poli>cal crossfire between a reform-‐minded president, who has scaled back Iran’s nuclear program ini>ated a thaw w/West,
& a right-‐wing con>ngent led by the country’s supreme leader, the ultra-‐conserva>ve Ayatollah Khamanei.
Red-‐DragonRising.com©
Brigadier General Jalali – Iran to Develop Home-‐Designed Cyber Defense System fully capable of execu>ng تعريف جنگ نرم
hYp://english.farsnews.com/newstext.aspx?nn=13930221001069 hYp://theiranproject.com/blog/2014/05/11/iran-‐to-‐give-‐reciprocal-‐reac>on-‐to-‐possible-‐cyber-‐aYacks-‐
official/ MAY 2014
تعريف جنگ نرم Iran to give reciprocal reac>on to
possible cyber aYacks: تعريف
جنگ نرم
Red-‐DragonRising.com©
Current Iran Cyber SA… فرمانده پلیس فتا: استفاده از ویپیان جرم تلقی شود •
– ( Gen. Kamal Hadyanfr, Iran's cyber police (feta) today called for criminalizing the produc>on, purchase, sale and use of Vypyan (.VPN) in Iran)
• Iranian hackers becoming more aggressive
• Iran's Opera>on Saffron Rose Advanced Cyber Espionage...not advanced plagiarized threats hYp://www.bbc.co.uk/persian/iran/2014/05/140512_l45_iran_vpn_criminalize.shtml?
hYp://www.reuters.com/ar>cle/2014/05/13/us-‐cyber-‐summit-‐iran-‐hackers-‐idUSBREA4C03O20140513
hYp://www.fireeye.com/blog/technical/malware-‐research/2014/05/opera>on-‐saffron-‐rose.html
Red-‐DragonRising.com©
Why Iran…?
− STUXNET − DUQU − FLAME − WIPER….
Red-‐DragonRising.com©
Label Timeframe Purpose Target Na>on State Responsible
Na>on State Affected
Stuxnet 2004 -‐ 2007
Cyber / Physical Destruc>on
Iranian Nuclear Facility @ Natanz
US & Israel Islamic
Republic of Iran
Duqu 2007 – 2011
Cyber Counter Intelligence
Industrial Control Systems
US & Israel …Taiwan – Republic of
China
Mul>ple…
Flame 2009 -‐ 2012
Cyber reconnaissance/
cyber data exfiltra>on…
Cyber espionage
Middle Eastern computer systems
US & Israel
Iran, Lebanon, Syria, Sudan, Occupied
Territories of Israel
Gauss 2011 -‐ 2012
Cyber surveillance / Banking Trojan
Middle Eastern Banks Unknown
Lebanon, Ci>Bank & PayPal
Batch Wiper
2012 Cyber Destruc>on Iranian Oil Infrastructure US & Israel
Islamic Republic of
Iran
Weaponized Malware
Red-‐DragonRising.com©
hYp://arstechnica.com/security/2012/08/na>on-‐sponsored-‐malware-‐has-‐mystery-‐warhead/
Cyber Weapons Geo-‐Infec>ons
Red-‐DragonRising.com©
Middle East… Threat ?/ Resource?
Red-‐DragonRising.com©
Iranian Infrastructure…
hYp://www.classwarfareexists.com/wp-‐content/uploads/2012/02/caspian-‐sea.jpg
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Iranian Infrastructure… Cyber Target
Eight Known Iranian Nuclear
Sites
Red-‐DragonRising.com©
Iranian Military… & Nuke Facili>es…..
− 11. Ahwaz 92nd Division commando companies, which operate independently under their own command are beYer known as “independent companies.”
− Site above is also used by elements of the division’s 2nd Armored Brigade.
− 12. IRGC 92nd Armored Division’s 3rd Armored Brigade.
− 13. The IRGC’s Isfahan Ar>llery Brigade. − 15. The Zargan power sta>on for the military
camps in the region which runs on gas. − 18. A yacht and speedboat marina, recently
renovated, for the private use of Revolu>onary Guards commanders based in the region.
− 20. A light aircra� airport for ferrying farm produce..
− 21. A 500-‐meter-‐wide canal, which links the Karun River to the Majnoun islands in Iraq. Huge barges stand by there in case of an emergency calling for troops to be moved quickly inside the Khuzestan province.
− 22. A missile-‐an>-‐aircra� gun cluster for defending Ahwaz and its environs.
Red-‐DragonRising.com©
Quds – Iranian Intelligence
− Founded a�er 1979…Iran’s Revolu>on… Sepāh-‐e Pāsdārān-‐e Enqelāb-‐e Eslāmi سپاه پاسداران انقالب اسالمی −Sepāh-‐e Pāsdārān-‐e Enqelāb-‐e Eslāmi …
− Army of the Guardians of the Islamic Revolu>on (IGRC) − Commanded by Major General Qassem Suleimani − Experience in Soviet Afghanistan, Bosnia….Iraq…’Stan’s
Redux… − Iranian Military Support regionally…Syria… − Reports directly to Supreme Leader of Iran Ayatollah Ali
Khamenei
نیروی قدس … Niru-‐ye Qods…
نیروی قدس …..to organize, train, equip, and finance foreign Islamic revolu>onary movements. Quds Force maintains and builds contacts with underground Islamic militant organiza>ons throughout the Islamic world....
Red-‐DragonRising.com©
Anonymous Targets Iran with DoS aYack…April 2011
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Iran’s Cyber OrganizaEon(s) High Council of Cyberspace (Shoray-‐e Aali-‐e Fazaye Majazi).
hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare
− March 2012 – Order established by Ayatollah Khamenei − Mission of ins>tu>ng high-‐level policies on the cyberspace − Comprised of:
• President of Iran • Judicial Power Leader • Parliamentary Leader • IGRC CINC’s • Police • Minister of Intelligence • Telecommunica>ons, Culture & Science Ministers
All other Iranian organiza>ons in charge of cyber opera>ons are commiYed to implement the policies ins>tuted by this
new government body
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Iranian Military…Cyber (OFFICIAL) The Cyber Defense Command” (Gharargah-‐e Defa-‐e Saiberi)
− November 2010 – Order established by Ayatollah Khamenei − Mission of responding to NCI effects brought upon by Stuxnet − Supervised by :
• Joint Staff of the Armed Forces (Setad-‐e Kol-‐e Niruhay-‐e Mosalah) • Opera>onally via Passive Civil Defense Organiza>on (Sazeman-‐e Padafand-‐e
Gheyr-‐e Amel)
hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare
Mo>va>on to establish…..
Coordina>ng numerous government organiza>ons and agencies to non-‐militarily respond to a military aYack on the country with the goal of minimizing damage to the country’s infrastructure and facili>es in the event of a probable war…
Red-‐DragonRising.com©
ارتش سایبری ایران
hYp://www.rferl.org/content/Iranian_Cyber_Army_Hacks_Website_Of_Farsi1/2223708.html
Red-‐DragonRising.com©
Iran’s Cyber Army (UNOFFICIAL)
hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare
− Highly skilled informa>on technology specialists & professional hackers who obfuscate their iden>>es…
− No one claims responsibility… And yet… − Unassailable evidence suggests that the group is affiliated with the IRGC…
Red-‐DragonRising.com©
Basij Paramilitary Force – Cyber Mili>as … (Rogue…& Effec>ve)
hYp://iranbriefing.net/?p=2682 hYp://www.foxnews.com/story/0,2933,534116,00.html
Iran’s paramilitary mili>a helping maintain internal security…
Primary Goal is: Defeat of “Westoxifica>on,”
Iranian term for the harming of Persian culture by Western influences present in the cyber realm
Red-‐DragonRising.com©
Iranian Cyber Police….
hYp://www.darkgovernment.com/news/iran-‐cea>ng-‐its-‐own-‐internet/ hYp://www.ho orsecurity.com/blog/iran-‐allegedly-‐detected-‐massive-‐western-‐cyber-‐aYack-‐2479.html
Iran: website filtering policy: − Google Plus network blocked; − Plan to unblock Facebook denied and/or
− Iranian top cyber police official: Facebook may be unblocked in the future….
Red-‐DragonRising.com©
CommiYee to Iden>fy Unauthorized Sites
hYp://privacy.cytalk.com/2012/01/iran-‐squeezes-‐web-‐surfers-‐prepares-‐censored-‐na>onal-‐intranet/
Iran squeezes Web surfers, prepares censored na>onal intranet
Iranians have lost the right to surf the Web anonymously at Internet cafes as the
government reportedly moves closer to its ul>mate goal of replacing the global
network with a censored na>onal intranet.
Iranian Government officials claim they need to control access to the Internet to counter what they say is a “so�” cultural war being waged by Western countries to influence
the morals of Iranians.
Red-‐DragonRising.com©
IRAN’s Na>onal Internet Project
hYp://www.huffingtonpost.com/huff-‐wires/20121010/ml-‐iran-‐spies-‐online/
Google, Gmail blocked as Iran pushes 'na>onal Internet'
hYp://www.abna.ir/data.asp?lang=3&Id=351147
Reza Taghipour, Iran's informa>on and communica>ons minister, first phase of Iran’s na>onwide project, covering governmental ins>tu>ons in 29 provinces launched September 21. Taghipour said all Iranian universi>es would become part of this network by early 2013, pu�ng Iran a step closer to disconnec>ng itself en>rely from the global Internet.
Red-‐DragonRising.com©
Characteristics Iran Russia China
Started IW/EW 2005 1999
Founding Father Major General Yahya Rahim
Safavi ( صصففوویی ررححییمم)
S.P. Rastorguev (Расторгуев C.П.) & Marshall Sergeyev
(Маршалл Сергеев)
Used as Combined Arms? Yes - 2011 Yes 2007 & 2008
Use of Hacktivism as a Proxy? Yes Yes – w/criminal
intentions Official Military Command 2010 2010
External Motivators
United States of America, UK & Israel
United States of America
Internet Controls? Yes Yes
Criminal Cyber Capability? Yes Yes
Impact on Commerce? No Yes
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Red-‐DragonRising.com©
US Govt Charges PLA Officers with “Cyber Espionage”….
5 Chinese Military Hackers…? hYp://camera.china>mes.com/newsphoto/2014-‐05-‐20/clipping/B01A00_T_01_04.JPG
Red-‐DragonRising.com© hYp://money.china>mes.com/news/news-‐content.aspx?id=20140520000344&cid=1207
中國軍事⿊黑客 …?
Red-‐DragonRising.com©
Red-‐DragonRising.com©
中國人民解放軍 1949 Informa>on Warfare (IW)
Red-‐DragonRising.com©
毛泽东 Mao Tse-‐Tung
Red-‐DragonRising.com©
Chinese View…
16 AUGUST 2011
Red-‐DragonRising.com©
Chinese Perspec>ve….
– “A Sovereign Country Must Have Strong Defense” by Min Dahong, director of the Network & Digital Media Research Office @ China Academy of Social Sciences;
– “America’s ‘Pandora’s Box’ Cyber Strategy Confuses the World” by Shen Yi -‐ Fudan University’s Department of Interna>onal Poli>cs;
– “Cyber Power ‘Shuffles the Cards’: How China Can Overtake the Compe>>on” by Tang Lan, Ins>tute of Informa>on and Social Development Studies at the China Ins>tute of Contemporary Interna>onal Rela>ons; and
– “How to Construct China’s Cyber Defenses” by Liu Zengliang, from the PLA Na>onal Defense University
Red-‐DragonRising.com© hYp://www.rmlt.com.cn/qikan/2011-‐08-‐16/
16 AUGUST 2011 – People’s Tribune Magazine -‐ (⼈人民论坛杂志) publishes several ar>cles…
4 are very problema>c for the United States….
Red-‐DragonRising.com©
China's PLA Has Won the Cyber War Because They Hacked U.S. Plans for
Real War
hYp://www.nextgov.com/cybersecurity/2013/05/china-‐winning-‐cyber-‐war-‐because-‐they-‐hacked-‐us-‐plans-‐real-‐war/63740/
Red-‐DragonRising.com©
hYp://www.digitalaYackmap.com/#anim=1&color=0&country=ALL&>me=16205&view=map
Digital AYack…Chinese Perspec>ve….
Red-‐DragonRising.com© hYp://www.chinasmack.com/2010/more/cannons-‐english-‐
teacher-‐seduc>on-‐june-‐9th-‐jihad.html
Red-‐DragonRising.com©
誰是中國?
Red-‐DragonRising.com©
第一…中國共產黨 (CPC) 第二…人民解放军 (PLA) 第三… 中國國有企業 (SOE) 第四個…中國黑客 (Dark Guests)
中國黑客…. 4 Groups…Official & Unofficial….
Red-‐DragonRising.com©
Chinese Informa>on Control Ø Chinese Government Intent
ü Golden Shield…Filter the Chinese Internet o Designed 1998 o Opera>onal NOV 2003 o CISCO powered – cost $ 800M USD o China’s Ministry of Public Security (MPS) operates….
ü Green Dam…. Chinese Government Spyware effec>ve 1 July 2009…new PC’s must have ….
Ø Military Focus Ø Civilian Dimension – control freedom of search
– control freedom of speech hYp://www.certmag.com/read.php?in=3906
hYp://www.e-‐ir.info/2010/04/13/chinese-‐informa>on-‐and-‐cyber-‐warfare/ hYp://www.zdnet.com/blog/government/china-‐demands-‐new-‐pcs-‐carry-‐spyware/
4906
Red-‐DragonRising.com©
► Codified cyber warfare in 2010… • In response to US Cyber Command 6 months earlier…
► Official Edict: “protect national infrastructure from external cyber threats” – President Hu Jin tao
► President Hu’s successor Xi Jin ping ….
Motivations:
• Maintain & Retain Chinese Dream… • Ensure China’s Sovereignty… • Control Freedom of Search… • Ensure stable transition of Communist Regime…
中國共產黨 - CPC
Red-‐DragonRising.com©
Purify the internet…. Former Chinese President Hu Jintao had declared Communist party's intent to strengthen administra>on of the online environment & maintain the ini>a>ve in online opinion…
ü "Maintain the ini>a>ve in opinion on the Internet; ü “Raise the level of guidance online”; and, ü "We must promote civilized running and use of the Internet and purify the Internet environment….”
hYp://www.reuters.com/ar>cle/2007/01/24/us-‐china-‐internet-‐hu-‐idUSPEK9570520070124
Chinese Communist officials to intensify control even as they seek to release the Internet's economic poten>al.
"Ensure that one hand grasps development while one hand grasps administra>on…"
Red-‐DragonRising.com©
Chinese Cyber Police
hYp://www.bj.cyberpolice.cn/index.do
Red-‐DragonRising.com©
Should look like this…..
Red-‐DragonRising.com©
Remember #Team Ghost Shell
Red-‐DragonRising.com©
► 500 BC Sun-Tzu’s Art of War – basis ► Sun Ping’s Military Methods ► 1995 - Major General Wang Pufeng –
Founding father of Chinese Information Warfare (IW) ► 1999 - War Without Limits – PLAAF Senior Colonel’s
Qiao Liang & Wang Xiangsui ► 2002 - PLA's IW strategy spearheaded by Major General
Dai Qingmin -
人民解放军-‐ PLA
Integrated Network-‐Electronic Warfare (INEW)
Red-‐DragonRising.com©
General Staff Directorate’s (GSD) Cyber Warfare ‘Princelings’…
General Zhang Qinsheng 章沁生 General Chen Bingde 陈炳德 General Ma Xiaotian 马晓天 Vice Admiral Sun Jianguo 孙建国 Major General Hou Shu sen 侯树森
Official Statement of Chinese IW
20 JUL 2010 – ‘ordered by President Hu Jintao to handle cyber threats as China enters the information age, & strengthen
the nation's cyber-infrastructure’
漢族…Han Chinese Communist…
Technologists… PLA Leaders…. &
中國人
Red-‐DragonRising.com©
• Major General Hu Xiaofeng, Deputy Director for the National Defense University Department of Information Warfare and Training Command
• Professor Meng Xiangqing, National Defense University Institute for Strategic Studies
目前中國網絡戰的戰術 China’s “Goal is to achieve a strategic
objective…over adversaries…” “You have to meet my political conditions
or your government will be toppled, or you promise to meet some of my political
conditions.”
黑暗訪問者, 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/
Red-‐DragonRising.com©
“…train a new type of high-‐caliber military personnel in large numbers, intensively carry out military training under computerized condi>ons, and enhance integrated combat capability based on extensive IT applica>on…”;
“…implement the military strategy of ac>ve defense for the new period, and
enhance military strategic guidance as the >mes so require”;
“…strengthen na>onal defense aim to safeguard China's sovereignty, security and territorial integrity and ensure its peaceful development…“;
“…enhance the capability to accomplish a wide range of military tasks, the most
important of which is to win local war in an informa>on age…“;
Chinese Military …. Future OPS
hYp://news.xinhuanet.com/english/special/18cpcnc/2012-‐11/08/c_131959900.htm
8 NOV 2012: President Hu JinTao: “China will speed up full
military IT Applica>ons by 2020”
Red-‐DragonRising.com©
國有企業 – State Owned Enterprises
中华人民共和国工业和信息化部
Ø Commercial theme, profit oriented… Ø Research base, ties to Chinese Academy of
Sciences (CAS)… Ø International interest & focus…developing
countries… Ø No organic innovation capabilities… Ø Foreign cyber espionage capability via PLA (GSD) &
MSS…
Common Themes…
Red-‐DragonRising.com©
Chinese Military Sabotage India’s State Owned Telco BSNL’s Base Station PLA SOE Huawei implicated
華為
hYp://beyondheadlines.in/2014/01/chinese-‐military-‐sabotage-‐indias-‐state-‐owned-‐telco-‐bsnls-‐base-‐sta>on/
Earlier NSC warned of Huawei, ZTE’s links with Chinese Military
Red-‐DragonRising.com©
• 2001 …. Insider plants data exfiltration trojan
• Corporate executives targeted….
• Leadership avoids ignores warnings of threat
• Telecommunications Intellectual Property data theft continues unabated…for TEN years
• Market valuation and position lost…
• 2011 … Nortel ceases to exist as a Canadian Company….
• Chinese State Owned Enterprises…Huawei ZTE suddenly take global leadership in telephony….
Nortel Case Study…
6 JUNE 2012 “ Secret Memo Warns of Canadian Cyber Threat A�er
Nortel AYack….”
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Ø Originally supported by CPC & PLA • Now uncontrollable….Golden Shield Project? • Comment Group… • Elderwood Gang… • Use of known Chinese malware for commercial purposes now…
Ø Reinforce PRC’s nationalism via the web • Taiwan, the renegade Chinese Province • Punishing Japan for WWII war crimes, Daiyu Islands • Confronting Philippines, Oil near Huangyuan • Codera’s anti-Chinese web rhetoric
Ø Capability to carry out Chinese State Policies without attribution….
黑客 – “Dark Guests”
Red-‐DragonRising.com©
Characteristics Iran North Korea China
Started IW/EW 2005 1999 1995
Founding Father Major General Yahya Rahim Safavi( صصففوویی ررححییمم ) N/A Major General Wang Pu Feng
(少將王浦峰)
Used as Combined Arms? Yes - 2011 Yes 2010 Yes - 2011
Use of Hacktivism as a Proxy? Yes Yes – w/criminal
intentions Yes
Official Military Command 2010 Unknown 2010
External Motivators
United States of America, UK & Israel South Korea & USA United States of
America
Internet Controls? Yes Yes Yes
Criminal Cyber Capability? Yes Yes Yes
Impact on Commerce? No Yes Yes
Red-‐DragonRising.com©
@Red-‐DragonRising hYp://www.linkedin.com/in/RedDragon1949
Red-‐DragonRising.com
Red-‐DragonRising.com©
Red-‐DragonRising.com©
Cyber War Misunderstood…. 1) AYacker has the Advantage over the Defender
hYp://smallwarsjournal.com/jrnl/art/why-‐your-‐intui>on-‐about-‐cyber-‐warfare-‐is-‐probably-‐wrong
Red-‐DragonRising.com©
Conclusions
1) Cyber-‐espionage is state sponsored; yet direct aYribu>on is an illusion…. 2) Iran, Russia & 中國 plan cyber-‐espionage – defensively & offensively;
3) Each Na>on State has separate & dis>nct reasons… 4) All Three Countries started their military cyber commands in 2010;
5) Cultural, economic, historical & linguis>c threads for Iranian, Russian & Chinese cyber-‐espionage;
6) Ci>zen hacking an unofficial proxy cyber force mul>plier;
7) Commercial enterprises & all organiza>ons worldwide are permeable to cyber hacking in all form & methods;
8) Foreign language malware, RATs, Botnets are undiscoverable….un>l now…
Red-‐DragonRising.com©
9) Iranian (Persian), Russian & Mandarin languages are an excep>onal form of cryptography…
10) All Western InfoSec Technology are ineffec>ve against Foreign cyber aYacks…un>l now…
11) Organiza>ons cannot defend against various alleged Iranian, Russian & Chinese informa>on warfare threats…
12) Offensive Cyber Capabili>es must be developed…..protect your IP & Network
13) Na>on State cyber-‐espionage threats are very serious & will only become much, much worse…..
Conclusions
Red-‐DragonRising.com©
Red-‐DragonRising.com©
IRANIAN References… • hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238 • hYp://www.reuters.com/ar>cle/2012/10/03/us-‐iran-‐cyber-‐idUSBRE8920MO20121003 • hYp://www.eurasiareview.com/03102012-‐us-‐israeli-‐cyber-‐aYacks-‐against-‐iran-‐con>nue-‐
with-‐assault-‐on-‐internet-‐oped/? • hYp://www.csoonline.com/ar>cle/718068/iran-‐s-‐cyberaYack-‐claims-‐difficult-‐to-‐judge-‐
experts-‐say?source=rss_cso_exclude_net_net • hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐
cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare • hYp://thediplomat.com/2012/06/26/is-‐u-‐s-‐in-‐iran-‐cyber-‐war/ • hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238 • hYp://www.reuters.com/ar>cle/2012/10/03/us-‐iran-‐cyber-‐idUSBRE8920MO20121003 • hYp://www.eurasiareview.com/03102012-‐us-‐israeli-‐cyber-‐aYacks-‐against-‐iran-‐con>nue-‐
with-‐assault-‐on-‐internet-‐oped/? • hYp://www.csoonline.com/ar>cle/718068/iran-‐s-‐cyberaYack-‐claims-‐difficult-‐to-‐judge-‐
experts-‐say?source=rss_cso_exclude_net_net • h4p://www.guardian.co.uk/world/iran-‐blog/2012/mar/13/qassem-‐suleimani-‐issues-‐warning
Red-‐DragonRising.com©
People’s Republic of China References…
• h4p://thediplomat.com/2013/04/19/is-‐cyber-‐war-‐the-‐new-‐cold-‐war/?all=true • h4p://chinadigitalEmes.net/2013/04/cybersecurity-‐and-‐the-‐new-‐cold-‐war/? • h4p://thediplomat.com/2011/08/25/did-‐china-‐Ep-‐cyber-‐war-‐hand/ • h4p://thediplomat.com/2009/08/13/on-‐the-‐cyber-‐warpath/ • h4p://thediplomat.com/2011/11/09/china%E2%80%99s-‐cyber-‐moves-‐hurt-‐beijing/?all=true • William J. Lynn III W. Defending a New Domain: The Pentagon's Cyberstrategy.// Foreign Affairs.
September/October 2010. • h4p://www.foreignaffairs.com/arEcles/66552/william-‐j-‐lynn-‐iii/defending-‐a-‐new-‐
domain(29.08.2010) • h4p://www.rawstory.com/rs/2010/0829/pentagon-‐weighs-‐applying-‐preempEve-‐warfare-‐
tacEcs-‐internet/ (30.08.2010) • h4p://thediplomat.com/2013/04/19/is-‐cyber-‐war-‐the-‐new-‐cold-‐war/?all=true • h4p://www.nccgroup.com/en/our-‐services/security-‐tesEng-‐audit-‐compliance/technical-‐
security-‐assessment-‐penetraEon-‐tesEng/the-‐latest-‐origin-‐of-‐hacks/
Image References: hYp://techandscience.com/ hYp://www.website-‐guardian.com/ hYp://mashable.com/2013/04/23/global-‐malware-‐report/
Red-‐DragonRising.com©
• h4p://www.wired.com/2014/01/how-‐the-‐us-‐almost-‐killed-‐the-‐internet/all/
Red-‐DragonRising.com©
William T Hagestad II Red Dragon Rising RedDragon1949
Red-dragonrising.com