Pages

Friday, February 19, 2010

Should we be afraid of Chinese hackers? ...Or lost cyber war. (Part II)

PART I
PART II
PART III


Average PC user in China or were the hackers are growing...

Internet users in China aged below 25 spend on average 50 percent of their leisure time online, according to this survey. Those surveyed in China demonstrated high levels of social media activity. Nearly 9 out of 10 Chinese respondents indicated that they actively read or contribute to blogs and 85 percent said they participate in chat rooms.

New opportunities for self-expression, communication and interaction in China made the Internet a part of their everyday routines. The number of intelligent 20+ youngsters is increasing. Their computer skills reached sophistication allowing them to gain access to the world's most sensitive sites, including the Pentagon. In fact, some of them claim that they are sometimes paid secretly by the Chinese government -- a claim the Beijing government denies. There is a number that circulates the web (not confirmed data) that the Chinese government pays to up to 50,000 highly skilled military hackers to use the Internet for specific purposes that are defined by the government officials (cyber expert James Mulvenon told a congressional commission in 2008). Considering the population of China, this number may not seem threatening at first.

Sure they don't have a special facility with high-tech equipment; they operate from small apartments. Don't underestimate them - they are hardcore hackers who claim that "no web site is 100% safe". In spite of high level security, every web site has a specific weakness that can be exploited. Some of the hackers are self-educated programmers and some of them came from the People's Liberation Army, either way they know how to approach the task. Carefully studying the web pages, they determine the underlying programs used on a particular web site and then exploit the known weakness or test it to find the new one. The language differences are not the barriers for hacking. Many of them study English to the degree that serves them well in their activities. Young hackers are persistently trying to prove themselves against some of the most secure Web sites in the world.

There are many hacking tools are available on Chinese web sites for free and for a few bucks. For instance, for $150, youngsters can buy decent tools for hacking, design of Trojans or tool to evade anti-virus programs in addition to interactive tutorials and the support through chat or IM, i.e., the infamous software known as Grey Pigeon. Some days ago, the software was used for remote control (similar to GotoMyPC.com) but as it was discovered, it is an ideal tool for hacking that can easily be purchased in China.

Some experts believe many individual hackers are joined together to form small and large groups such as a civilian cyber militia that launch attacks on government and private web sites around the world. Some sites reach more than 10,000 registered users and offer special tutorials (sometimes even interactive) about hacking. There are hacker magazines, hacker clubs and online movie serials about hackers. About 43 percent of elementary-school students say they adore China's hackers and 33 percent say they want to be one! Imagine that future army of hackers.

As the Chinese economy improves, you can see more cars on the streets, plenty of construction sites, and numerous brand names ads and shopping centers. More and more citizens become wealthy, or at least move to the middle class level. Those who still can't find the way to make more money (and the young generation, in particular) try different methods utilizing the computer technology.

For instance, they build the web sites that are selling counterfeit items and attract customers by the low price. Usually, after getting money they either mail cheap imitations or nothing at all.

There is another side of hacking: not for money but to make a political statement.

The young generation knows how the government can suppress the democracy movements (Tiananmen Square), so rather than proceed on the road of democracy many young people (or China's Internet patriots) identify themselves in opposition to the West. These "red hackers" may not be acting on behalf of their government directly but the effect of their activities is the same.

If you'd knew the Mandarin language and tried to Google the word "hacker" using its characters, you'd find hundreds and hundreds web sites dedicated to the Chinese art of computer hacking. Some of the web sites are highly organized with detailed tutorials, history and logs of actual hacking, documentation, links, and even technical support. Some Chinese hackers are being trained at schools like the Communication Command Academy in Wuhan (the capital of Hubei province). Based on some research by the U.S. intelligence, the total number of registered hackers in China is approaching 400,000.

The hackers of all sorts can be found in the organized clubs whose members meet regularly. There are kid hackers, women-only hackers, hacker novices, and, of course, gurus. The most amazing and disturbing is the fact that most of them have the unifying characteristic: nationalism. Most of the Chinese hackers are not the individuals or anarchists but rather "tend to get more involved with politics because most of them are young, passionate, and patriotic." This stylish nationalism of hackers with laptops and Internet connection is dangerous for all countries but it is the most harmful to China itself since their government is inclined not to prosecute hackers unless they attack within the country.

These loose government restrictions are more frightening than state sponsored cyber-warfare. The government perhaps tolerates hackers and sometimes encourages them. Their government might task these hackers in turn gain control of them. Homegrown hackers might just as easily be recruited to write viruses or software for the People's Liberation Army.

If you are interested in learning more about the top Chinese hackers, check out the The Dark Visitor web site (in English).

In 2002, a scholarship student, Peng Yinan and two other hackers broke into the web site of Lite-On Corporation and replaced the Taiwanese firm's home page with the message "[F-ck] Taiwan's pro-independence!" In December 2003, similar message reemerged on the U.S. Navy Chartroom site. "[F%ck] usa.gov," read the defacement, which was signed by coolswallow and four others (the same Peng hacked the FoxNews web site after U.S. invasion into Iraq). In fact, they have not only defaced many web sites in the U.S. but also shared the hacking tool on the Internet.

Web site defacement is a very unpleasant thing when your web site is defaced! I remember when I got a call from California from a man who informed me about a U.S. teenager who hacked several web sites including my company's default web page (with a similar message about the U.S. government). It's good that I have the habit not to use the default page on the Microsoft Internet server (IIS) as a home page but rather any secondary. It saved my company from potential shame.

Based on Peng Yinan's following activities after 2003, I would compare him with infamous hacker Kevin Mitnick with the only a difference that Peng was somehow connected to the Shanghai government and since he was qualified enough, could be paid to do some freelance work. There are speculations that he was permanently hired by the Chinese government since he has disappeared from the hacker's world and that in itself is very disturbing.

The Chinese hackers became so experienced and recognized worldwide that MI5 hired Asian teenage hackers in fight against cyber terrorism in China, Russia and Pakistan.

In spite of the huge Internet activity in China, the country's Internet censoring is well known to the world (didn't KGB do the same with the phone calls and letters?). The government wants to have the control of the information flowing in and out of the country. It's not easy to do without sophisticated technology. It's a fact that Chinese entrepreneurs returning from working in Silicon Valley were requested to provide the filtering technology to China's Internet police. These police are actually very successful not only with censoring the communications but also with quick and effective shutting down the sites that they also do not hesitate to pursue for classified information inside of China or similar rogue sites.



How Microsoft armed Chinese hackers

When it comes to money, many (if not all) companies intend to forget about any possible consequences and lose conscience. Microsoft is not the exclusion. The prospect of a sweet piece of pie (e.g. China market) was reflected in the first move that Microsoft made in 2003 when Microsoft signed source code browsing agreement with China.

With the known weak security of Microsoft's operating systems and with the source code not open to the public, many countries, including China, adopt the open source code Linux operational system, a rival of Microsoft. To avoid it, Bill Gates signed an agreement with the Chinese government stating that the new Source Code Browsing Lab can browse the source code of the Microsoft operating system and engage in information security related research.

Almost 15 years of learning about how to do business with China, Microsoft decided to share the source code as a first significant step in penetration into Chinese market through the cooperation with the communist government. Liu, a member of the political bureau of the CPC Central Committee, said that China has great number of software talents and regarded software sector as one of its backbone industries. As a result, Microsoft offered China and later, 59 other countries the right to look at the fundamental source code for its Windows OS and to replace some sections with their own code. Now when China uses Windows in President Hu's office, or perhaps in its missile systems, it can install its own cryptography.

Let's look at this from another point of view. Microsoft makes money by selling its software to China and China has access to the source code of the operating systems that are used by the majority of the computer users around the world. Imagine that you are the computer hacker. What would you want most of all in order to break into the Windows PC?

You probably heard about "reverse engineering" used by hackers when the program they want to hack is taken apart into pieces in order to build the piece of code used for hacking. It is a very complicated and challenging process and not many hackers are able to do it. With the source code available as a gift from Microsoft, isn't it easier to hack Windows?

For instance, the latest report from Google is troubling: "Google detected a "highly sophisticated and targeted attack" last month which originated from China, and resulted in the theft of intellectual property from the search engine, according to Google's corporate development and chief legal officer David Drummond.

It later transpired that the attack was not limited to Google, but infiltrated 20 other large companies from a wide range of businesses - including the internet, finance, technology, media and chemical sectors." More.

Since the Chinese government directly or indirectly supports its own hackers, they might have access to the source code as well. Let's recall how many times Windows - based OS was hacked. In accordance to Shane Harris, who wrote an article about Chinese hackers, they "pose a clear and present danger to U.S. Government and private-sector computer networks and may be responsible for two major U.S. power blackouts." The U.S. government "officials believe that the intrusion may have precipitated the largest blackout in North American history. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected."

Needless to say, Chinese hackers are surely in the state of war with the U.S. Do you need more proof? Just read the daily news.
"China's big goal in the 21st century is to become world number one, the top power," People's Liberation Army (PLA) Senior Col. Liu Migfu writes in a newly published book, "The China Dream." This dream could rapidly become America's nightmare.




A cyber-war in action?

The U.S. Defense Secretary R. Gates said in a recent speech to the Air Force Association: "Investments in cyber and anti-satellite warfare (by China), anti-air and anti-ship weaponry, and ballistic missiles could threaten America's primary way to project power and help allies in the Pacific - in particular our forward air bases and carrier strike groups." The Pentagon recently admitted that last year many computer networks in the United States, Germany, Britain and France were hit by multiple intrusions, many of them originating from China. However, U.S. officials have been cautious not to directly accuse the Chinese military or its government of hacking because it is difficult to prove.

Due to the nature of botnets (distributed networks of infected computers spread out across the globe) the cyber-defense experts are faced with a problem to prove the origin of a cyber attack. Another reason the U.S. hasn't made any claims against China is previously mentioned necessity to be politically correct. 

When David Sedney, the deputy assistant secretary of defense for East Asia mentioned, "The way these intrusions are conducted are certainly consistent with what you would need if you were going to actually carry out cyber warfare." Beijing hit back at that, denying such an allegation and calling on the U.S. to provide proof. "If they have any evidence, I hope they would provide it. Then, we can cooperate on this issue," said Qin Gang, a spokesman for the Chinese Foreign Ministry, during a regular press briefing... "I am telling you honestly, the Chinese government does not do such a thing".

India's security advisor said that Indian government network was attacked on December 15, 2009, the same day that some US companies reported having been attacked. The attack on the Indian computers came through a maliciously crafted PDF file that arrived from China as an attachment to an email. As always, the Chinese foreign ministry called their claim "groundless".

However, there is some evidence data about China as the base land of various attacks that have slowly come on to surface. For instance, a security researcher says he has found evidence linking the recent attacks on Google to China (January 2010). Analysis of the software used in the attacks revealed that it contained an algorithm from a Chinese technical paper that was published only on Chinese-language web sites. 

Some experts believe that those hackers are not agents of the Chinese state even if they claim to be paid by Chinese government. All of it is quite sensitive information and no one would openly publicize it. However, I believe that with China's goal to achieve world dominance, it fits the picture. Military and economic espionage are an integral part of these carefully planned actions. As our recent Nobel Prize winner Mr. Obama mentioned in his speech, "We must begin by acknowledging the hard truth ... There will be times when nations - acting individually or in concert - will find the use of force not only necessary but morally justified."
Recent events related to the Islamic fundamentalism proved, different people have different morals. In China's goal for world dominance, everything is "morally justified". Chinese communists can be trusted the same way we trust Russian leaders.

In May 2001, several U.S. government web sites were hacked or brought down with DDoS attack by the Chinese. The White House, U.S. Navy, the Interior Department's National Business Center, and more than 1,000 American sites experienced an unprecedented situation of massive offense.

As qualification of Chinese hackers grows, the successive attacks have become more serious. In the past two years, Chinese hackers have intercepted critical NASA files, breached the computer system in a sensitive Commerce Department bureau and launched assaults on the Save Darfur Coalition, pro-Tibet groups and CNN. Sadly, those are just the attacks that have been publicly acknowledged.

What was the cause of these massive and sudden attacks in 2001? As later discovered, it was a coordinated effort of Chinese hackers whose rising Internet-driven nationalism pushed them to declare an anti-American protest after the death of a Chinese pilot who was killed in an accident when a U.S. EP-3 reconnaissance aircraft flying off the southern coast of China had collided with a Chinese F-8 fighter jet. 

In its 2008 report to Congress, the U.S.-China Economic and Security Review Commission called Chinese cyber-espionage a major threat to U.S. technology. "China is aggressively pursuing cyber warfare capabilities that may provide it with an asymmetric advantage against the United States," the commission warned. U.S. defense officials called it "patriotic hacking". Hey, this patriotic thing presents real danger for the most vulnerable targets in our country such as air traffic control, the electric grid and waste facilities, banking and Social Security systems, and it cannot be taken lightly. Whether it was paid by the Chinese government or it was an act of hacker patriotism, our government should take this very seriously. We live in the digital age and all the information that is used in our networks and resides on the servers is at risk.

President Bush correctly understood this issue and before leaving the Oval Office authorized the creation of a National Cyber Security Center under the Department of Homeland Security. The current government proposed $355 million to secure private and public sector cyber-infrastructure.

James A. Lewis who helped develop cyber-security policy recommendations for the Obama administration, a senior member at the Center for Strategic and International Studies (CSIS), shared that concern. He said, "The U.S. government had a number of serious computer incidents in 2007, most of which were attributed to China," he says. "The focus in Washington is on what appear to be state-sponsored activities. That, of course, is only a part of what's going on in China." I wish the U.S. would take cyber-security in relation to China more seriously.

In reiteration for past failure when the U.S. military employed cyber-tactics in Iraq war, the insurgents recently hacked the US Military Drone Surveillance Video (RQ-1, MQ-1 Predator MQ-9 Reaper drones). As it was discovered, they have been doing it for a while (the U.S. military personnel found files on the detained Shiite militant's laptop in 2008). All they had to do is to use the Russian-made SkyGrabber, a program freely available on the Internet for less than $26. The event itself is so shocking that I hope it will be an eye-opener for those U.S. officials who are still blindfolded about cyber-terrorism.

There is a real war in the East region but it's not anymore the war with religious but uneducated mujahidin, but with highly sophisticated in computer technology enemy. I don't think it was done without any "outside" assistance from those who would love to bring the U.S. to the knees but the fact itself is disturbing.

Let me remind you that China's neighbor Russia is "singing the same song" with China pretty often when it comes to vote for sanctions against rogue governments. Generally, both countries veto almost every U.S. proposition and both countries hate the fact that USA is a major power in the world (perhaps, still the major). They are dreaming about shifting the axle of power to their own countries, away from Americans.

Unfortunately, they're not only dreaming but rather are taking multiple, carefully planned steps to overpower U.S. on the military front, economically, and financially by rising of own influence in all corners of the world. We learned from history that when the power players are in the battlefield of a global scale, all methods are good - don't expect that the players will play honestly, especially from the regimes ruled by current and former communists.

With kind permission of an author of the article "Marina Kalashnikova's Warning to the West", Jeffrey. R. Nyquist, I want to share with you the information below. Forgive me for inclusion of quite a large piece of this article but I consider this information is so important that I cannot squeeze it further. 

"Russia has built an alliance of dictators, what Marina Kalashnikova (mentioned above) calls an "alliance of the most unbridled forces and regimes." Extremists of all kinds serve the purpose of breaking the peace, damaging Western economies, and setting the stage for a global revolution in which the balance of power shifts from the United States and the West to the Kremlin and its Chinese allies. "Among the ideas that animate general staff analysts in the Kremlin, there is the idea of diffusion," says Kalashnikova, "It is not that the Kremlin should strive for territorial expansion and the dissemination of its [political] model. The critical thing is power and the fulcrum of an overall strategic context. In that case, even if the Americans appear influential in the post-Soviet countries, Moscow remains in charge. The [Russian] General Staff therefore has successfully expanded Moscow's position beyond and above the old Soviet position in Africa and Latin America." What prevails, she says, is Moscow's "assertiveness and determination without fear of a reaction from the West."

In other words, the West has already been outmaneuvered. The KGB and the Russian General Staff have taken our measure, and they are laughing at us. Our leaders [read the U.S. Government] do not realize the sophistication of their enemy. They cannot see or understand what is happening. They blink, they turn away, continuing to use concepts gifted to them long ago by Soviet agents of influence. As a nation we are confused and disoriented, believing that the world is beholden to the West's money power - and therefore, peace can be purchased.

"The Kremlin has activated a network of extremists in the Third World," wrote Kalashnikova. "[At the same time] Russia has managed to shake off nearly all international conventions restricting the expansion of its military power." In this situation, the only counter to Russian power is American power. Yet the American president is preparing to surrender that power in a series of arms control agreements that will leave the United States vulnerable to a first strike. Placing this in context, nuclear weapons are ultimate weapons, so that the West's superiority in conventional weapons is therefore meaningless. Whoever gains strategic nuclear supremacy will rule the world; and the Russian strategic rocket forces are in place, ready to launch, while America's nuclear forces are rotting from neglect.

The Russian historian sees that the West relies on the greed of Russia's elite to keep the Kremlin in line. But this is a foolish conceit... the Kremlin's logic is ironclad: Let the West keep its worthless currency. Moscow will have weapons, and in the end Moscow and its allies will control everything. The liberal may believe that protests and appeals to humanity are the ultimate trump cards. The financiers may believe that money makes the world go 'round. Let them try to stop a salvo of ICBMs with liberal sentiment and cash. As far as the laws of physics are concerned, their favored instruments cannot stop a single missile.

According to Kalashnikova, "It is clear that the [Kremlin] regime has no restraint and will commit any crime, break any rule, surpass any benchmark in order to consolidate its already illegitimate power..." Even the old KGB chief, Vladimir Kryuchkov, was appalled: "Putin and others have to answer for what they are doing today to the country," he said. But the West sleeps. The West doesn't want to hear about the danger that rises in the East - from the Kremlin and its Chinese allies."


Recent attack simulation by the Pentagon officials reveled that "The enemy had all the advantages: stealth, anonymity and unpredictability. No one could pinpoint the country from which the attack came, so there was no effective way to deter further damage by threatening retaliation. What's more, the military commanders noted that they even lacked the legal authority to respond - especially because it was never clear if the attack was an act of vandalism, an attempt at commercial theft or a state-sponsored effort to cripple the United States, perhaps as a prelude to a conventional war." (New York Times).

If you didn't believe in the cyber-wars and attributed them to the movies only, what else can convince you more?



Cyber-espionage

As you may guess, stealing sensitive information from U.S. corporations is a part of a big plan for many Chinese conglomerates and the government. Considering a long history of the economic and military espionage, cyber-hacking is relatively new one, and the U.S. government officials are worried about China plans and actions.

In accordance to Brenner, the U.S. counterintelligence chief, perhaps once the Chinese used the strategic information gathered by cyber-espionage about large the American company during business negotiations. "The delegation gets to China and realizes, 'These guys on the other side of the table know every bottom line on every significant negotiating point.' They had to have got this by hacking into [the company's] systems." Brenner mentioned that even one case like this proves that Chinese will work very hard when they need to achieve the goal. It surely puts the national security (and eventually prosperity of our country) at serious risk.

Chinese target any high-level official, senior officers of the large companies or strategic institutions. Even the contractor working abroad can be the target of cyber-espionage. The laptop, USB memory module, the smart phone or PDA - all of it is under risk. "China is indeed a counterintelligence threat, and specifically a cyber-counterintelligence threat" said Brenner.

The cyber-espionage attempts are very difficult to register and prove since today's cyber world includes botnets that can be easily used let's say by Russians who are masking as Chinese. However, several proven cases of cyber-espionage by Chinese should raise the awareness to a higher level and stop making friends with those who want to overrun us at every corner.

Try to "google" the key phrase "china hackers" in English and you will be surprised with a number of article like these:
  1. Britain could be shut down by hackers from China, intelligence
    Mar 29, 2009 ... China has the ability to shut down Britain's vital services, including food or power supplies, because its companies are involved in ...
  2. Hackers in China break into PCs of Dalai, Indian embassy
  3. International hackers, many from China, are attacking NYPD computers
    Apr 22, 2009 ... A network of mystery hackers, most based in China, have been making 70000 attempts a day to break into the NYPD's computer system, ...
  4. Hackers put China flag on Australian film site - Security- msnbc.com
    Jul 27, 2009 ... Hackers posted a Chinese flag on the Web site of an Australian film festival in an escalation of protests against the planned appearance by ...
  5. China's hackers stealing US defence secrets, says congressional ...
    Nov 20, 2008 ... Beijing's spending on rocket science turns outer space into 'commanding heights' of modern warfare and could chill relations with America, ...
  6. Block China Web Traffic IP Addresses and Chinese Hackers
    Protect your web site from Chinese hackers by preventing traffic from IP address ranges originating in China.
Based on 7 year study, Mandiant describes how Chinese cyber-gangsters launched sophisticated attacks and were able to penetrate the government and corporate computer networks while being practically undetected. They describe so-called advanced persistent threat (APT) model and reveal the fact that the majority of APT attacks attributed to China. The shocking truth: existing anti-malware software was able to detect just 24% of the malware used in the attacks. Mandiant describes several stages of APT attacks:
  1. Reconnaissance (getting the identify of individuals they will target in the attacks);
  2. Intrusion into the network using known methods like phishing;
  3. Establishing a backdoor through injection, registry modification, or scheduled services;
  4. Installing multiple hacking utilities; obtaining user credentials and escalation of privileged access up to the administration level;
  5. Data extraction, encryption, compression, storing on stage servers, and following deletion after successful upload to own network.
  6. Maintaining persistence by adjusting the malware.
While APT-type attacks are usually silent, low profile attacks designed for long-term espionage, the recent attack on Google and 20 other large companies is more like open-war type.


Continue to PART III
Back to PART I

2 comments:

rongramza said...

We need to somehow link all US computers to work together powred on or off to combat the slanty eyed hackers as well as the communist drunk russians

Steffi said...

interesting blog. It would be great if you can provide more details about it. Thanks you



CISSP