Tag Archives: cyber-warfare

Trump Ups Pressure On China Over Cyberhacks

Screenshot of FBI wanted poster for four alleged members of the PLA Fourth Department's 54th Research Institute in connection with the hack of the credit rating agency Equifax in 2017.

A REMINDER THAT the greatest deal in the history of the universe, or whatever US President Donald Trump called his Phase One trade deal with China, did not touch on one of the United States’ biggest beefs with Beijing, cybertheft.

Four alleged members of the PLA’s 54th Research Institute have been charged in the United States in connection with the cyberattack on the US credit rating company Equifax in 2017. Personal data of 147 million Americans and some UK and Canadian citizens were stolen in what was one of the largest data breaches in history.

The four were named as Wu Zhiyong, Wang Qian, Xu Ke and Liu Lei. Their whereabouts are unknown at it is highly unlikely they will ever appear before a US court.  The 54th Research Institute is based in Hebei and is overseen by the PLA’s Fourth Department, the military’s electronic and information warfare arm, including offensive cyber operations.

At a news conference announcing the nine-count indictment, US Attorney General William Barr called out other alleged cyberattacks by Chinese agents including on health insurer Anthem and the federal Office of Personnel Management reported in 2015, as well as a 2018 hack of the hotel chain Marriott.

US intelligence services believe that the Chinese government has been systematically accumulating personal information on US citizen and data-mining it for compromising details about individuals, including those in government and military service and academia, who could then be susceptible to blackmail and, thus, be potential recruits as spies. Washington also fears that this profiling exercise could also expose US intelligence agents working abroad.

Beijing has denied any such hacks and intentions.

When the Obama administration indicted five suspected PLA hackers in 2014 for allegedly breaking into the computer systems of several US manufacturing companies, it led to an agreement by China to cut back its cybertheft from US firms. Given the strained level of US-China relations tody, whether the Trump administration could get similar temporary relief if that is its aim in making this latest indictment public, is a different matter.

Leave a comment

Filed under China-U.S., Defence

Cyber And Space, More Than Blue Water, Next Theatres Of War


Photo Credit: Flickr/Times Asi. Licenced under Creative Commons. China’s conventionally-armed ballistic missile, the DF-21C.CHINA HAS BEEN reclaiming land for the deployment of dual-use facilities such as radar stations and landing strips in the disputed waters of the South China Sea for a while. Long-standing readers may recall this 2012 photograph of a radar station at the Zhubi reef in the Nansha Islands (the Subi Reef in the Spratly Islands to much of the rest of the world).

Chinese fishing fleet at Zhubi Reef, South China SeaHowever, the rhetoric around the reclamation — and the reclamation itself — has been ratcheted up in recent weeks. Washington’s new defense secretary, Ashton Carter, is among those recently weighing in to air his concerns. Those of China’s regional neighbours have also been well and repeatedly advertised.

Beijing’s recently released new defense strategy document will do little to calm those concerns. While to this Bystander’s eye, the document does little more than codify developments that have been in train for sometime, explicitly laying out the greater priority China is placing on its navy and “open seas protection” makes a statement in more senses than one.

There is no doubt that China is modernizing its navy to ensure its access to open sea and its ability to defend its sea lanes beyond. Plans for new aircraft carriers, destroyers and nuclear-power subs bear ready witness to that. But for all its rapidly rising defence budget, Beijing still has a long way to go before it can match the capabilities of Washington’s blue-water fleet.

The United States will continue its Asian ‘pivot’ and, more particularly, military overflights to undermine the notion that land reclamation establishes sovereignty over the artificial islands created in those waters — ‘meddling in South China Sea affairs’ by Beijing’s lights, which is one of the risk factors for ‘security and stability along China’s periphery’, as the new strategy document puts it.

However, it is easy to be distracted by China’s naval build-out from the the other priority areas that the new strategy document highlights. The new frontiers of military competition are, to Beijing’s mind, outer space and cyber warfare. The new strategy document puts it thus:

The world revolution in military affairs is proceeding to a new stage. Long-range, precise, smart, stealthy and unmanned weapons and equipment are becoming increasingly sophisticated. Outer space and cyber space have become new commanding heights in strategic competition among all parties. The form of war is accelerating its evolution to informationization. World major powers are actively adjusting their national security strategies and defense policies, and speeding up their military transformation and force restructuring. The aforementioned revolutionary changes in military technologies and the form of war have not only had a significant impact on the international political and military landscapes, but also posed new and severe challenges to China’s military security.

We have noted before China’s ambitious space plans, and the opportunities they provide for developing dual use technologies. The new strategy document promises:

China will keep abreast of the dynamics of outer space, deal with security threats and challenges in that domain, and secure its space assets to serve its national economic and social development, and maintain outer space security.

Earlier this year, there was confirmation of the poorly kept secret that China has both military and state-security-services run cyber-warfare units. Previously Beijing had dismissed all suggestions made in Washington and Brussels that China was behind repeated cyber attacks on U.S. and European targets. Indeed, its sees itself as more hacked than hacker:

Cyberspace has become a new pillar of economic and social development, and a new domain of national security. As international strategic competition in cyberspace has been turning increasingly fiercer, quite a few countries are developing their cyber military forces. Being one of the major victims of hacker attacks, China is confronted with grave security threats to its cyber infrastructure. As cyberspace weighs more in military security, China will expedite the development of a cyber force, and enhance its capabilities of cyberspace situation awareness, cyber defense, support for the country’s endeavors in cyberspace and participation in international cyber cooperation, so as to stem major cyber crises, ensure national network and information security, and maintain national security and social stability.

In the case of international cyber cooperation, China has already been working more closely with Russia on cyber operations further extending Beijing’s strategic cooperation with Moscow.

1 Comment

Filed under Defence

Sony Cyber Attack: The China Connection

IT WAS, PERHAPS, only a matter of time before China was dragged publicly into the war of words between the U.S. and North Korea over Pyongyang’s alleged cyber attack on Sony Corp. in retaliation for the company’s provocative Hollywood comedy about a plot to assassinate North Korean leader Kim Jong Un. China is North Korea’s main onramp to the internet. North Korea runs the overwhelming majority of its telecoms traffic through Chinese state-owned telco China Unicom. Its own networks are limited, as are its telecoms connections to its other outlet to the world, Russia. To get its cyber warriors even close to the internet backbone, Pyongyang stations some of them over the border in China.

Now Washington has reportedly asked Beijing to rein in Pyongyang’s use of Chinese routers and servers for cyber attacks, including expelling North Korean hackers based in China — a request Beijing has met with polite silence or neutral platitudes. The Sony incident is another Pyongyang embarrassment it could do without — even if it doesn’t mind a company with one foot in Hollywood and the other in Japan being embarrassed even more. Yet it is not going to open that particular can of worms. And especially not in public.

Cyber warfare is almost as sensitive a topic in Beijing as even a fictional assassination attempt on the Beloved Leader is in Pyongyang. Washington has repeatedly accused Beijing of hacking into U.S. companies, charges Beijing has repeatedly denied, saying it is a victim of cyber attacks not a perpetrator. But for both countries’ cyber warfare has become the “fifth dimension” of defence, adding to land, sea, air and space military operations.

Pyongyang, for the record, has also denied that it cyber attacked Sony. It has demanded a joint investigation with the U.S., following that up with a predictable burst of typical bombastic rhetoric.

So far, Beijing has walked a fine line over the Sony incident. It has condemned both the movie as being culturally arrogant and cyber attacks and terror threats. But, it is equally aware that the U.S. has become more forceful this year in pressing cyber-attack allegations against Beijing. In May, Washington broke new ground in bilateral relations by bringing its first cyber-spying case against China, charging five Chinese army officers in May with hacking into U.S. companies. The following month a Chinese businessman was charged with hacking into the computer systems of U.S. defence contractors, including Boeing.

For North Korea’s part, it could now return to the U.S.’s list of state sponsors of terrorism, from which it was removed in 2008 after agreeing to verification of its nuclear sites. The incident has also thrown a spotlight on Unit 121 of North Korea’s military intelligence agency. This is an elite if shadowy group of cyber warriors, some of whom are based in the Chilbosan hotel, a Chinese-North Korean joint venture in Shenyang in Liaoning  province. Estimates of their number vary from a few hundred to several thousand.

Little is known definitively about the group outside its own circles. What there is comes from defectors from several years ago. In truth, not much if anything new about it has been learned lately despite Unit 121 being written about relatively widely in the Western press since the Sony attack. A sign of how active it is is that North Korea has reputedly carried out more cyber attacks than another nation. Denial of service attacks on South Korea are its weapon of choice, but it is believed to have hacked about in the U.S., penetrating both the U.S. Department of Defense and U.S.-based companies. Part of its brief is to cause North Korea’s enemies monetary loss.

Some note similarities between the Sony attack and a broad based hack of South Korean banking and media companies last year widely believed to be the work of Unit 121. If it was responsible for the cyber hack of Sony, as charged, that would mark its boldest and most sophisticated attack to date.

With or without Beijing’s help, U.S. President Barack Obama has promised “proportionate” retaliation for what he has called an act of “cyber vandalism.” It is difficult to know what that might be. The hermit kingdom’s internet isolation has long offered Unit 121 an unlikely degree of protection. There isn’t much internet infrastructure in North Korea against which to retaliate; there are barely a dozen web sites using the country’s domain, .kp, all state run. Washington’s best bet is to get China to lean on its ally — which isn’t much of a bet at all.

Update: The internet went down in North Korea for nine and a half hours on Dec. 22 after more than a day of increasingly instability, suggesting an onslaught of denial-of-service attacks.  It could also be a result of a power failure, accidental or because someone pulled the plug. On either score, China has said it wasn’t its doing. The U.S. has declined to make comment. Well, both would, wouldn’t they — and hacktavist groups are just as likely suspects.

Leave a comment

Filed under China-Koreas, China-U.S., Defence

The Preemptive Cyber-Strike Edges Nearer

China-based North Korean hackers were behind a $6 million cyber-heist from an online gaming system, according to South Korean police (via JoongAng Daily). Not quite on the scale of the five-year long cyber attacks against 72 countries and organizations since 2006 that the U.S. security software firm McAfee revealed earlier this week without directly accusing China of being it’s origin though that has been the common assumption that has taken hold. This Bystander does wonder, albeit without a shred of evidence, if there might be a least a dotted line connecting the two, perhaps a little freelancing being tolerated on the side. The North Koreans were hired by a South Korean crime gang, but in whose pay were they in China in the first place? The report quoted above suggests they might be connected to Office 39, the North Korean agency that manages slush funds and generates foreign exchange for the Pyongyang leadership. In any event, they are some pretty grubby hired hands.

Regardless, as the victims of the larger operations ranged from the governments of the U.S., South Korea, Taiwan, Vietnam and India to organizations such as the UN and the International Olympic Committee and firms in the defense and high-tech industries, the attacks are likely to bolster the efforts in those countries to increase their both national and commercial cyber-defense capabilities. And, assuming the virtual world follows the real one, to raise calls in some quarters for retaliatory and preemptive strikes against, and we choose our words deliberately here, states believed to sponsor or harbor what will doubtless be called cyber-terrorists.

Update: Here is one such call by Richard Clarke, former head of U.S. cybersecurity.

Leave a comment

Filed under China-Koreas, China-U.S., Defence