World View: New Report Reveals Cyber Attack by China's Army

This morning’s key headlines from GenerationalDynamics.com

• New report reveals massive cyber war attack by China’s army
• China continues war preparations
• Revisiting Huawei and ZTE
• China rejects Philippines arbitration application

New report reveals massive cyber war attack by China’s army

The building in Shanghai housing People’s Liberation Army Unit 61398

Mandiant, an American computer security company, has issued a lengthyreport that shows, beyond a reasonable doubt, that China’s People’sLiberation Army (PLA) is directing its “Unit 61398” to conduct astealth world wide cyber war, particularly targeting Americangovernment and corporate organizations. Unit 61398 has possiblythousands of people, specializing in hacking into American andCanadian networks. It works in a Shanghai building guarded by PLAsoldiers. Mandiant refers to the unit as APT1, and according to thereport:

“Our evidence indicates that APT1 has been stealinghundreds of terabytes of data from at least 141 organizationsacross a diverse set of industries beginning as early as2006. Remarkably, we have witnessed APT1 target dozens oforganizations simultaneously. Once the group establishes access toa victim’s network, they continue to access it periodically overseveral months or years to steal large volumes of valuableintellectual property, including technology blueprints,proprietary manufacturing processes, test results, business plans,pricing documents, partnership agreements, emails and contactlists from victim organizations’ leadership. We believe that theextensive activity we have directly observed represents only asmall fraction of the cyber espionage that APT1 has committed…. Since 2006 we have seen APT1 relentlessly expand its accessto new victims.”

Once APT1 gains control of someone’s network, it retains control instealth mode and downloads all the data in the network. In one case,APT1 accessed a network for four years and ten months. In anothercase, APT1 downloaded 6.5 terabytes of information in tenmonths. According to the report:

“Our research and observations indicate that theCommunist Party of China is tasking the Chinese People’sLiberation Army to commit systematic cyber espionage and datatheft against organizations around the world.”

There have been dozens of publicly known Chinese hacker attacks onAmerican companies, including recent ones on the New York Times andthe Wall Street Journal, and probably tens of thousands more that areunknown or haven’t been publicized. Whenever one is made public, theChinese angrily deny it, and demand proof. Thanks to the Mandiantreport, we now have proof.

The White House has responded by threatening to “strike back” throughfines, penalties and other trade restrications, but this appears to bea fantasy to me. Telegraph (London) and AP

China continues war preparations

It’s worth taking a moment to review previous statements and actionsby China, as it prepares for war:

• Last month, China directed the PLA to ‘Get Ready for War.’ One senior PLA officer is advocating a strategy of “Kill a chicken to scare the monkeys.” This means that China would win a short, decisive war with Vietnam, the Philippines or Japan. Everyone else would do as China demands, and the Americans would “run like rabbits.”
• China’s military budget has been increasing exponentially for years, and now China’s military is deploying a large number of new warships, tanks, missiles, submarines and strike aircraft, much of it in preparation for full-scale war with the United States. These weapons include hundreds (and perhaps thousands) of mobile, nuclear ballistic missiles targeting American cities, and newly developed missiles capable of striking and disabling American aircraft carriers. For the first time in its modern history, China has the firepower to contest control of disputed territory far from its coastal waters.
• China is demanding sovereign control of the entire South China Sea, including islands and regions that have historically belonged to other nations. In November, China announced that it would be moving additional warships into the South China Sea, and that, starting some time in 2013, China’s police would board and take control of any ship entering whatever it claims it owns.
• China has declared economic war on Japan in order to gain control of the Senkaku/Diaoyu islands controlled by Japan. Chinese citizens have smashes Japanese cars and factories in China to force Japan to give up its historic control of these islands.
• China has implemented massive military buildups in Tibet, in preparation for war with India.

Now we have the Mandiant report that proves that China has beenconducting cyber warfare against the United States for years.

Revisiting Huawei and ZTE

Last year, House Intelligence Committee warned American companiesagainst doing business with Chinese companies Huawei (pronounced WAHway) and ZTE. (See “14-Oct-12 World View — Huawei scandal exposes potential ‘Cyberwar Pearl Harbor’ from China”) The reason is computer chips supplied by thesevendors appear likely to contain “back door” capabilities that wouldpermit the Chinese to take control of any computer or router in whichtheir chips were installed.

Since then, I’ve seen a number of young people ridicule these concerns.One British politician said that all these chips have been thoroughlytested, and so a “back door” is impossible. Some Chinese officialshave sworn that there are no back doors. So I’d like to respondto these comments.

In the past, I’ve developed software for embedded systems down to thebare hardware level. At that level, you’re dealing with chips thatare completely opaque, except for a set of specifications that say,anyone who tests the chip will simply verify that it works correctlyaccording to the specifications. You have no visibility into how thechip executes that command. In particular, if “x” is some 512-bitcode, known only to the chip designers, that makes the chip dosomething that’s not in the specifications, then no test can determinethat fact. Those codes would be known only to the chip designers, andnot to even other Chinese workers and managers working on relatedprojects that use the chips. So if the PLA ordered a chip maker toadd a backdoor to a chip, it could not be found by testing, and no oneelse would know about it.

Now, since the PLA COULD have done this, we can conclude that theyMUST have done this, because they’re preparing for war in every otherway, and would not give up the opportunity to prepare for war in thisway.

Huawei and ZTE are among the biggest chip producers in the world, withlarge shares of the market in almost every country. There’s a goodchance that your computer has one of these chips, and that my computerhas one of these chips. The same is true of utilities andmanufacturing organizations around the world.

China rejects Philippines arbitration application

Earlier this year, the Philippines applied to the United NationsInternational Tribunal on the Law of the Sea (ITLOS) to settle thedispute over the Scarborough Shoal, a Philippines island that China isclaiming. (See “24-Jan-13 World View — Furious Chinese spokesman blasts Philippines for seeking arbitration”)

On Tuesday, China officially rejected arbitration:

“Chinese Ambassador to the Philippines Ma Keqing hadan appointment with officials from the Philippines’ ForeignMinistry on Tuesday and returned a note and related notice afterexpressing China’s rejection. The note and related notice notonly violate the consensus enshrined in the Declaration on theConduct of Parties in the South China Sea, but are also factuallyflawed and contain false accusations.”

The Philippines Department of Foreign Affairs responded as follows:

“This excessive claim is the core issue of thePhilippines’ arbitration case against China. The Departmentstresses that China’s action will not interfere with the processof Arbitration initiated by the Philippines on 22 January2013. The Arbitration will proceed under Annex VII of UNCLOS andthe 5-member arbitration panel will be formed with or withoutChina.”

Xinhua and Mindanao Examiner

Permanent web link to this article
Receive daily World View columns by e-mail