中國信息戰的基礎 fundamentals of chinese information warfare ltcol (ret)william hagestad ii...

中國信息戰的基礎Fundamentals of Chinese Information Warfare

LTCOL (RET)William Hagestad II MSc Security Technologies

MSc Management of Technologywww.red-dragonrising.com

[email protected]

Red-DragonRising.com©

“21st Century Chinese Cyber Warfare”

“ 二十一世紀中國網絡戰”

ISBN: 9781849283342


中國信息戰的基礎1. Credit where credit is due….2. Current Cyber News….3. People’s Republic of China “Informization”4. Unrestricted Warfare…war without limits5. Chinese Cyber Threat history6. Conclusions7. Questions


Masters of this domain….Attribution where credit is due….• Dr. James Mulvenon, Vice President,

Intelligence Division and Director, Center for Intelligence Research and Analysis, Defense Group, Inc.

• Mark Stokes, Executive Director, Project 2049 Institute

• Timothy Thomas, LTC US Army RET


Current China Cyber News• Chinese Firewall Maker, Hangzhou DPTech

Technologies booted from Microsoft Sharing Program – 3 MAY 2012, SC Magazine

• “US & the PRC must work to avoid cyber conflict” – SECDEF Panetta…8 MAY 2012 REUTERS

• Huawei aims efforts at market leaders Cisco, HP et al….10 MAY 2012, Network Computing

• PRC-Philippines Hacking War…10 MAY 2012 Council on Foreign Relations


Current China Cyber News

• 10 MAY 2012Philippines News Agency (PNA), Philippine government's news wire service defaced by hackers suspected to be from China


1) Nothing is what it appears2) 中國 literally means the middle kingdom3) The People’s Liberation Army ( 中国人民解放军 )

controls everything4) Capitalist economically, communism remains the

political bedrock5) ‘Keep your friends close but enemies closer’ ~ Sun

Tzu6) Mandarin Chinese an easy language – Brilliant

Cryptography……7) Kinetic military capability not yet fully developed8) Numerology is important – 8th Route Army

Rules of Engagement (ROE)


Who is China?


1. The People´s Liberation Army (PLA) is pursuing the means to seize and occupy the “information high ground”;

2. The rapid development of a comprehensive C4ISR (Command, Control, Computers, Communications, Information, Surveillance & Reconnaiscance) infrastructure, is a focus of PLA efforts currently underway;

3. PLA is trying to unify disparate information systems to enable coordination between geographically dispersed units in order to attain near total situational awareness of the battlespace while limiting an adversary’s ability to do the same ;

4. PLA is trying to reach information dominance early and using it to enable and support other PLA operations throughout a conflict ;

5. Tactical level employment of computer network attack (CNA) tools used with sufficient precision can achieve dramatic strategic outcomes with the potential to alter a campaign &, conversely, as the PLA deploys more sophisticated information systems growing increasingly reliant upon them for successful military operations, it must also protect itself from the same network vulnerabilities as its high-tech adversaries;

6. PLA is augmenting its developing computer network operations (CNO) capabilities by relying on inputs from China’s commercial IT industry, academia, and civilian and military research institutions;

7. Huawei, Zhongxing (ZTE), and Datang maintain relationships with the PRC government;

In summary - recent developments in Chinese computer network operations applications & research and development point to a nation fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace as another means of meeting military and civilian goals for national development.

Computer network operations have assumed a strategic significance for the Chinese leadership that moves beyond solely military applications and is being broadly applied to assist with long term strategy for China’s national development.

Bottom Line Up Front The BLUF


“Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage” NORTHRUP GRUMMAN March 7, 2012

Chinese Methodology?

• Chinese web “bots” performing reconnaissance, gathering info on web content;

• PRC “bots” so intrusive, servers scanned IOT determine server’s purpose and functions…

• Majority of Internet traffic from the People’s Republic of China, and included both….– Hits on servers (short pings on new servers); and,– Detailed examination looking for ports or access

points…


Chinese motivation?• Fear of 外國人 … foreigners….• Self-preservation and,• Hegemony ( 霸权 )…..– A perfect description of the Communist Party of

China (CPC)…..implied power of the Chinese state subordinates every element of modern Chinese Society……including threats by…..

Falun Gong…..Blind Dissidents…disaffected citizens….Regime Change


中國人民解放軍Information Warfare (IW)

“To achieve victory we must as far as possible make the enemy blind and deaf by sealing his eyes and ears, and drive his commanders to distraction by creating confusion in their minds.”

毛泽东 Mao Tse-Tung


Official Statement of Chinese IW

• 19 JUL 2010 – 解放军报 (PLA daily) ‘ordered by President Hu Jintao to handle cyber threats as China

enters the information age, and to strengthen the nation's cyber-infrastructure’

• General Staff Directorate’s (GSD) Cyber Warfare ‘Princelings’

General Zhang Qinsheng 章沁生General Chen Bingde 陈炳德 General Ma Xiaotian 马晓天Vice Admiral Sun Jianguo 孙建国Major General Hou Shu sen 侯树森

解放军报 (PLA Daily), July 19, 2010; [Online] Available at: http://english.peopledaily.com.cn/200007/21/eng20000721_46068.html


http://english.peopledaily.com.cn/200007/21/eng20000721_46068.html

http://english.peopledaily.com.cn/200007/21/eng20000721_46068.html

PLA Cyber Tacticians• Major General Hu Xiaofeng, Deputy Director,

National Defense University, Department of Information Warfare and Training Command

• Professor Meng Xiangqing, National Defense University Institute for Strategic Studies

黑暗訪問者 , 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/

“Goal is to achieve a strategic objective”“You have to meet my political conditions

or your government will be toppled, or you promise to meet some of my political

conditions.”


http://www.thedarkvisitor.com/category/uncategorized/

http://www.thedarkvisitor.com/category/uncategorized/

中国

人民

解放

军信

息保

障基

地


1) planting information mines2) conducting information reconnaissance3) changing network data4) releasing information bombs5) dumping information garbage6) disseminating propaganda7) applying information deception8) releasing clone information9) organizing information defense10) establishing network spy stations

Richard A. Clarke and Robert K. Knake, Cyber War. The Next Threat to National Security and What to Do about It, New York, HarperCollins Publishers 2010, pp. 47 – 64

制信息权Information Dominance….. Precise attack vectors of 制信息权

1) Omni directionality2) Synchrony 3) Limited objectives 4) Unlimited measures 5) Asymmetry 6) Minimal consumption 7) Multidimensional coordination 8) Adjustment and control of the entire process

Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version)

8 - Pillars of Chinese Warfare ( 超限战 )8 Principles of

"beyond-limits combined war” in Unrestricted Warfare

Tell me more about these

Chinese hackers….


中國共產黨 - CPC• Codified cyber warfare in 2010• “protect national infrastructure from external

cyber threats” – President Hu Jin tao• President Hu’s successor Xi Jin ping ….

CPC + PLA x information technology superiority = China’s

worldwide dominanceRed-DragonRising.com©

人民解放军 - PLA• 500 BC Sun-Tzu’s Art of War – basis• Sun Ping’s Military Methods• 1995 - Major General Wang Pufeng – founding

father of Chinese Information Warfare (IW)• 1999 - War Without Limits – PLAAF Senior

Colonel’s Qiao Liang & Wang Xiangsui• 2002 - PLA's IW strategy spearheaded by

Major General Dai Qingmin


國有企業 – State Owned Enterprises

• China Telecom – owned by the CPC, operated by the PLA

• Huawei – owned by former PLA officer direct links to the PLA however NOT the CPC

• ZTE – based in Shenzhen, Guangdong Province• China Petroleum & Chemical Corp• SinoChem• China National Petroleum Corp• China National Pharmaceutical Group


黑客 - Hacktivists• Originally supported by CPC & PLA– Now uncontrollable….Golden Shield Project

• Reinforce PRC’s nationalism via the web– Taiwan, the renegade Chinese Province– Punishing Japan for WWII war crimes– Codera’s anti-Chinese web rhetoric


Chinese Perspective…. 16 AUG 2011 - People’s Tribune Magazine ( 人民论坛杂志 ) publishes several

articles… Four are very troublesome for the U.S…….

– “A Sovereign Country Must Have Strong Defense” by Min Dahong, director of the Network & Digital Media Research Office @ China Academy of Social Sciences;

– “America’s ‘Pandora’s Box’ Cyber Strategy Confuses the World” by Shen Yi - Fudan University’s Department of International Politics;

– “Cyber Power ‘Shuffles the Cards’: How China Can Overtake the Competition” by Tang Lan, Institute of Information and Social Development Studies at the China Institute of Contemporary International Relations; and

– “How to Construct China’s Cyber Defenses” by Liu Zengliang, from the PLA National Defense University

Red-DragonRising.com©http://www.rmlt.com.cn/qikan/2011-08-16/

http://www.rmlt.com.cn/qikan/2011-08-16/28359.html






13+ Years Chinese Cyber Activity 1995 – Major General Wang Pufeng describes attacking via Internet 1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar 1997 – “War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels May 03, 2001 China warns of massive hack attacks 2002 - “informatization” 信息化 campaign begins Chinese Communist Party (CCP) General Secretary and Central Military

Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress 2003 - Titan Rain 泰坦雨 US DoD & Government websites targeted 2004 – Japan targeted by Chinese over disputed Daiyu Islands 2007 – GhostNet 幽灵网 Global CnC network with IP addresses in People’s Republic of China 2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and malicious

attachments and links in e-mail messages. 2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - the Chinese

army is using Internet spyware to steal confidential information 2009 - Operation Aurora 操作极光 International Energy Industry targeted 2009 – Night Dragon 夜龙 Global multinationals attacked via Internet 2010 – Article - Should we be afraid of Chinese hackers?...Or lost cyber war? 2011 -US needs to get better at preventing foreign access to advanced technology

- GAO watchdogs find holes in high-tech access, licensing rules 2011 – Chinese military CCTv-7 demonstrates GUI Hacking of University of Alabama 2011 – Office of the National Counterintelligence Executive (ONCIX) Report indicates both China & Russia target

corporate intellectual property 2011 – Operation Shady RAT FIVE year campaign of economic & intelligence data exfiltration• 2012 – “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage”

NORTHRUP GRUMMAN March 7, 2012 2012 – Chinese Technology Policy & Cyber Offensive Operations - April 2012 – China & Philippines engage in mutual cyber attacks over Scarborough Shoals - April


Conclusions1) Hegemony drives use information warfare in the cyber realm;

2) Cyber-warfare is state sponsored; yet direct attribution is an illusion….

3) People’s Liberation Army plans cyber-warfare – defensively & offensively;

4) Cultural, economic, historical & linguistic thread drives Chinese cyber-warfare;

5) The CPC, although advocating citizen hacking, can no longer control it;

6) Commercial enterprises worldwide are permeable to Chinese cyber hacking in all its form & methods – Nortel Case Study;

7) Chinese written malware, RATs, Botnets are undiscoverable….

8) Mandarin Chinese (complex and simple) is an exceptional form of cryptography…not to mention Classical / Literary Chinese….

9) All commercial IPS are ineffective against Chinese based attacks;

10)People’s Republic of China cyber-warfare threat is serious & will only become much worse…..

11)Diplomatic initiatives with a show of U.S. military force in ASIA PAC…only option?


Short & Long Term Moves


Strategy/Move Who What/Why How When Cost

BS, CS, IS & GS -Define specific Economic Targets

US Dept of Commerce – International Undersecretary

What are most likely targets of economic espionage

Work with commercial industry to assist defining possible loss of business if they lost their intellectual property to China

Immediately, then quarterly Minimal

BS, CS & GS –Educate employees about possibility of data exfiltration

Business & Corporate leadership – Chief Security Officers

Awareness of persistent threat of economical cyber war

Design educational awareness programs to address identifying, reporting and mitigating foreign information exfiltration threats

Immediately, then monthly Nominal

BS, CS & IS –Create a universal defense-in-depth policy

ICW security software & hardware manufacturers

Protect critical infrastructure against Chinese Cyber Threats

Design a defense-in-depth standard that protects Critical Economic & National Infrastructure

Immediately, then ongoing

Nominal to very expensive

GS –Liaise & dialogue w/Chinese Government

US Department of State, Depart ment of Defense, USAID

Mutual understanding of the cyber threat – define it

Develop official dialogue to define, explain and set conditions for defining the cyber threat mutually

Immediately, then quarterly and semi-annually

Nominal

Short & Long Term Focus on addressing high risks of the Chinese Cyber Threat

BS = Business StrategyCS = Corporate StrategyIS = Innovation StrategyGS = Government Strategy

References1) Cyber Silhouettes: Shadows Over Information

Operations, Timothy Thomas, Foreign Military Studies Office (FSMO), Fort Leavenworth, Kansas

2) Decoding the Virtual Dragon, Timothy Thomas, Foreign Military Studies Office (FSMO), Fort Leavenworth, Kansas

3) The Chinese People’s Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure, Mark A. Stokes, Jenny Lin and L.C. Russell Hsiao, Project 2049 Institute



“21st Century Chinese Cyber Warfare”

“ 二十一世紀中國網絡戰”

Available :

ISBN: 9781849283342

謝謝您謝謝您的時間今天

有沒有問題？


中國信息戰的基礎 fundamentals of chinese information warfare ltcol (ret)william hagestad ii...

Documents