中國信息戰的基礎
Fundamentals of Chinese Information Warfare
LTCOL (RET)William Hagestad II
MSc Security Technologies
MSc Management of Technology
www.red-dragonrising.com
hagestadwt@red-dragonrising.com
Red-DragonRising.com©
“21st Century Chinese
Cyber Warfare”
“二十一世紀中國
網絡戰”
ISBN: 9781849283342
Red-DragonRising.com©
中國信息戰的基礎
1.
2.
3.
4.
5.
6.
7.
Credit where credit is due….
Current Cyber News….
People’s Republic of China “Informization”
Unrestricted Warfare…war without limits
Chinese Cyber Threat history
Conclusions
Questions
Red-DragonRising.com©
Masters of this domain….
Attribution where credit is due….
• Dr. James Mulvenon, Vice President,
Intelligence Division and Director, Center for
Intelligence Research and Analysis, Defense
Group, Inc.
• Mark Stokes, Executive Director, Project 2049
Institute
• Timothy Thomas, LTC US Army RET
Red-DragonRising.com©
Current China Cyber News
• Chinese Firewall Maker, Hangzhou DPTech
Technologies booted from Microsoft Sharing
Program – 3 MAY 2012, SC Magazine
• “US & the PRC must work to avoid cyber
conflict” – SECDEF Panetta…8 MAY 2012
REUTERS
• Huawei aims efforts at market leaders Cisco, HP
et al….10 MAY 2012, Network Computing
• PRC-Philippines Hacking War…10 MAY 2012
Council on Foreign Relations
Red-DragonRising.com©
Current China Cyber News
• 10 MAY 2012
Philippines News
Agency (PNA),
Philippine
government's news
wire service
defaced by hackers
suspected to be
from China
Red-DragonRising.com©
Rules of Engagement (ROE)
1) Nothing is what it appears
2) 中國 literally means the middle kingdom
3) The People’s Liberation Army (中国人民解放军)
controls everything
4) Capitalist economically, communism remains the
political bedrock
5) ‘Keep your friends close but enemies closer’ ~ Sun
Tzu
6) Mandarin Chinese an easy language – Brilliant
Cryptography……
7) Kinetic military capability not yet fully developed
8) Numerology is important – 8th Route Army
Red-DragonRising.com©
Red-DragonRising.com©
Who is China?
Red-DragonRising.com©
Bottom Line Up Front The BLUF
1. The People´s Liberation Army (PLA) is pursuing the means to seize and occupy the “information high ground”;
2. The rapid development of a comprehensive C4ISR (Command, Control, Computers, Communications, Information, Surveillance &
Reconnaiscance) infrastructure, is a focus of PLA efforts currently underway;
3. PLA is trying to unify disparate information systems to enable coordination between geographically dispersed units in order to attain near
total situational awareness of the battlespace while limiting an adversary’s ability to do the same;
4. PLA is trying to reach information dominance early and using it to enable and support other PLA operations throughout a conflict;
5. Tactical level employment of computer network attack (CNA) tools used with sufficient precision can achieve dramatic strategic
outcomes with the potential to alter a campaign &, conversely, as the PLA deploys more sophisticated information systems growing
increasingly reliant upon them for successful military operations, it must also protect itself from the same network vulnerabilities as its
high-tech adversaries;
6. PLA is augmenting its developing computer network operations (CNO) capabilities by relying on inputs from China’s commercial IT
industry, academia, and civilian and military research institutions;
7. Huawei, Zhongxing (ZTE), and Datang maintain relationships with the PRC government;
In summary - recent developments in Chinese computer network operations applications & research and development point to a nation
fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace as another
means of meeting military and civilian goals for national development.
Computer network operations have assumed a strategic significance for the Chinese
leadership that moves beyond solely military applications and is being broadly applied to
assist with long term strategy for China’s national development.
“Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber
Espionage” NORTHRUP GRUMMAN March 7, 2012
Red-DragonRising.com©
Chinese Methodology?
• Chinese web “bots” performing
reconnaissance, gathering info on web content;
• PRC “bots” so intrusive, servers scanned IOT
determine server’s purpose and functions…
• Majority of Internet traffic from the People’s
Republic of China, and included both….
– Hits on servers (short pings on new servers); and,
– Detailed examination looking for ports or access
points…
Red-DragonRising.com©
Chinese motivation?
• Fear of 外國人 …foreigners….
• Self-preservation and,
• Hegemony (霸权)…..
– A perfect description of the Communist Party of
China (CPC)…..implied power of the Chinese state
subordinates every element of modern Chinese
Society……including threats by…..
Falun Gong…..Blind Dissidents…disaffected
citizens….Regime Change
Red-DragonRising.com©
中國人民解放軍
Information Warfare (IW)
“To achieve victory we must as far as possible
make the enemy blind and deaf by sealing his
eyes and ears, and drive his commanders to
distraction by creating confusion in their
minds.”
毛泽东 Mao Tse-Tung
Red-DragonRising.com©
Official Statement of
Chinese IW
• 19 JUL 2010 – 解放军报 (PLA daily) ‘ordered by
President Hu Jintao to handle cyber threats as
China enters the information age, and to
strengthen the nation's cyber-infrastructure’
• General Staff Directorate’s (GSD)
Cyber Warfare ‘Princelings’
General Zhang Qinsheng 章沁生
General Chen Bingde 陈炳德
General Ma Xiaotian 马晓天
Vice Admiral Sun Jianguo 孙建国
Major General Hou Shu sen 侯树森
解放军报(PLA Daily), July 19, 2010; [Online] Available at:
http://english.peopledaily.com.cn/200007/21/eng20000721_46068.html
Red-DragonRising.com©
PLA Cyber Tacticians
• Major General Hu Xiaofeng, Deputy Director,
National Defense University, Department of
Information Warfare and Training Command
• Professor Meng Xiangqing, National Defense
University Institute for Strategic Studies
“Goal is to achieve a strategic objective”
“You have to meet my political conditions
or your government will be toppled, or you
promise to meet some of my political
conditions.”
黑暗訪問者, 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/
Red-DragonRising.com©
中
国
人
民
解
放
军
信
息
保
障
基
地
Red-DragonRising.com©
制信息权
Information Dominance…..
Precise attack vectors of制信息权
1)
2)
3)
4)
5)
6)
7)
8)
9)
10)
planting information mines
conducting information reconnaissance
changing network data
releasing information bombs
dumping information garbage
disseminating propaganda
applying information deception
releasing clone information
organizing information defense
establishing network spy stations
Richard A. Clarke and Robert K. Knake, Cyber War. The Next Threat to National Security and What to Do about It, New York, HarperCollins Publishers 2010, pp.
47 – 64
8 - Pillars of Chinese Warfare (超限战)
8 Principles of
"beyond-limits combined war”
in Unrestricted Warfare
1)
2)
3)
4)
5)
6)
7)
8)
Omni directionality
Synchrony
Limited objectives
Unlimited measures
Asymmetry
Minimal consumption
Multidimensional coordination
Adjustment and control of the entire process
Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version)
Tell me more
about these
Chinese
hackers….
Red-DragonRising.com©
中國共產黨 - CPC
• Codified cyber warfare in 2010
• “protect national infrastructure from external
cyber threats” – President Hu Jin tao
• President Hu’s successor Xi Jin ping ….
CPC + PLA x information
technology superiority = China’s
worldwide dominance
Red-DragonRising.com©
人民解放军- PLA
• 500 BC Sun-Tzu’s Art of War – basis
• Sun Ping’s Military Methods
• 1995 - Major General Wang Pufeng – founding
father of Chinese Information Warfare (IW)
• 1999 - War Without Limits – PLAAF Senior
Colonel’s Qiao Liang & Wang Xiangsui
• 2002 - PLA's IW strategy spearheaded by
Major General Dai Qingmin
Red-DragonRising.com©
國有企業 –
State Owned Enterprises
• China Telecom – owned by the CPC, operated
by the PLA
• Huawei – owned by former PLA officer direct
links to the PLA however NOT the CPC
• ZTE – based in Shenzhen, Guangdong Province
• China Petroleum & Chemical Corp
• SinoChem
• China National Petroleum Corp
• China National Pharmaceutical Group
Red-DragonRising.com©
黑客 - Hacktivists
• Originally supported by CPC & PLA
– Now uncontrollable….Golden Shield Project
• Reinforce PRC’s nationalism via the web
– Taiwan, the renegade Chinese Province
– Punishing Japan for WWII war crimes
– Codera’s anti-Chinese web rhetoric
Red-DragonRising.com©
Red-DragonRising.com©
Chinese Perspective….
 16 AUG 2011 - People’s Tribune Magazine (人民论坛杂志) publishes several
articles…
 Four are very troublesome for the U.S…….
– “A Sovereign Country Must Have Strong Defense” by Min Dahong, director
of the Network & Digital Media Research Office @ China Academy of Social
Sciences;
– “America’s ‘Pandora’s Box’ Cyber Strategy Confuses the World” by Shen Yi Fudan University’s Department of International Politics;
– “Cyber Power ‘Shuffles the Cards’: How China Can Overtake the
Competition” by Tang Lan, Institute of Information and Social Development
Studies at the China Institute of Contemporary International Relations; and
– “How to Construct China’s Cyber Defenses” by Liu Zengliang, from the PLA
National Defense University
Red-DragonRising.com©
http://www.rmlt.com.cn/qikan/2011-08-16/
13+ Years Chinese Cyber Activity

















•
1995 – Major General Wang Pufeng describes attacking via Internet
1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar
1997 – “War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels
May 03, 2001 China warns of massive hack attacks
2002 - “informatization”信息化 campaign begins Chinese Communist Party (CCP) General Secretary and
Central Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress
2003 - Titan Rain泰坦雨 US DoD & Government websites targeted
2004 – Japan targeted by Chinese over disputed Daiyu Islands
2007 – GhostNet 幽灵网 Global CnC network with IP addresses in People’s Republic of China
2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and
malicious attachments and links in e-mail messages.
2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - the
Chinese army is using Internet spyware to steal confidential information
2009 - Operation Aurora 操作极光 International Energy Industry targeted
2009 – Night Dragon夜龙 Global multinationals attacked via Internet
2010 – Article - Should we be afraid of Chinese hackers?...Or lost cyber war?
2011 -US needs to get better at preventing foreign access to advanced technology
- GAO watchdogs find holes in high-tech access, licensing rules
2011 – Chinese military CCTv-7 demonstrates GUI Hacking of University of Alabama
2011 – Office of the National Counterintelligence Executive (ONCIX) Report indicates both China & Russia
target corporate intellectual property
2011 – Operation Shady RAT FIVE year campaign of economic & intelligence data exfiltration
2012 – “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber
Espionage” NORTHRUP GRUMMAN March 7, 2012


2012 – Chinese Technology Policy & Cyber Offensive Operations - April
2012 – China & Philippines engage in mutual cyber attacks over Scarborough Shoals - April
Red-DragonRising.com©
Conclusions
1)
2)
3)
4)
5)
6)
Hegemony drives use information warfare in the cyber realm;
Cyber-warfare is state sponsored; yet direct attribution is an illusion….
People’s Liberation Army plans cyber-warfare – defensively & offensively;
Cultural, economic, historical & linguistic thread drives Chinese cyber-warfare;
The CPC, although advocating citizen hacking, can no longer control it;
Commercial enterprises worldwide are permeable to Chinese cyber hacking in
all its form & methods – Nortel Case Study;
7) Chinese written malware, RATs, Botnets are undiscoverable….
8) Mandarin Chinese (complex and simple) is an exceptional form of
cryptography…not to mention Classical / Literary Chinese….
9) All commercial IPS are ineffective against Chinese based attacks;
10)People’s Republic of China cyber-warfare threat is serious & will only become
much worse…..
11)Diplomatic initiatives with a show of U.S. military force in ASIA PAC…only
option?
Red-DragonRising.com©
Short & Long Term Moves
Short & Long Term Focus on addressing high risks of the Chinese Cyber
Threat
Strategy/Move
Who
What/Why
How
BS = Business Strategy
CS = Corporate Strategy
IS = Innovation Strategy
GS = Government Strategy
When
Cost
BS, CS, IS & GS Define specific
Economic Targets
US Dept of
Commerce –
International
Undersecretary
What are most
likely targets of
economic
espionage
Work with commercial industry
to assist defining possible loss of
business if they lost their
intellectual property to China
Immediately, then
quarterly
Minimal
BS, CS & GS –
Educate
employees about
possibility of data
exfiltration
Business &
Corporate
leadership – Chief
Security Officers
Awareness of
persistent threat
of economical
cyber war
Design educational awareness
programs to address identifying,
reporting and mitigating foreign
information exfiltration threats
Immediately, then
monthly
Nominal
BS, CS & IS –
Create a universal
defense-in-depth
policy
ICW security
software &
hardware
manufacturers
Protect critical
infrastructure
against Chinese
Cyber Threats
Design a defense-in-depth
standard that protects Critical
Economic & National
Infrastructure
Immediately, then
ongoing
Nominal to
very
expensive
GS –
Liaise & dialogue
w/Chinese
Government
US Department of
State, Depart ment
of Defense, USAID
Mutual
understanding of
the cyber threat
– define it
Develop official dialogue to
define, explain and set
conditions for defining the cyber
threat mutually
Immediately, then
quarterly and semiannually
Nominal
Red-DragonRising.com©
References
1) Cyber Silhouettes: Shadows Over Information
Operations, Timothy Thomas, Foreign Military
Studies Office (FSMO), Fort Leavenworth, Kansas
2) Decoding the Virtual Dragon, Timothy Thomas,
Foreign Military Studies Office (FSMO), Fort
Leavenworth, Kansas
3) The Chinese People’s Liberation Army Signals
Intelligence and Cyber Reconnaissance
Infrastructure, Mark A. Stokes, Jenny Lin and
L.C. Russell Hsiao, Project 2049 Institute
Red-DragonRising.com©
“21st Century Chinese
Cyber Warfare”
“二十一世紀中國
網絡戰”
Available :
ISBN: 9781849283342
Red-DragonRising.com©
謝謝您
謝謝您的時間今天
有沒有問題？
Red-DragonRising.com©