中國信息戰的基礎 Fundamentals of Chinese Information Warfare LTCOL (RET)William Hagestad II MSc Security Technologies MSc Management of Technology www.red-dragonrising.com hagestadwt@red-dragonrising.com Red-DragonRising.com© “21st Century Chinese Cyber Warfare” “二十一世紀中國 網絡戰” ISBN: 9781849283342 Red-DragonRising.com© 中國信息戰的基礎 1. 2. 3. 4. 5. 6. 7. Credit where credit is due…. Current Cyber News…. People’s Republic of China “Informization” Unrestricted Warfare…war without limits Chinese Cyber Threat history Conclusions Questions Red-DragonRising.com© Masters of this domain…. Attribution where credit is due…. • Dr. James Mulvenon, Vice President, Intelligence Division and Director, Center for Intelligence Research and Analysis, Defense Group, Inc. • Mark Stokes, Executive Director, Project 2049 Institute • Timothy Thomas, LTC US Army RET Red-DragonRising.com© Current China Cyber News • Chinese Firewall Maker, Hangzhou DPTech Technologies booted from Microsoft Sharing Program – 3 MAY 2012, SC Magazine • “US & the PRC must work to avoid cyber conflict” – SECDEF Panetta…8 MAY 2012 REUTERS • Huawei aims efforts at market leaders Cisco, HP et al….10 MAY 2012, Network Computing • PRC-Philippines Hacking War…10 MAY 2012 Council on Foreign Relations Red-DragonRising.com© Current China Cyber News • 10 MAY 2012 Philippines News Agency (PNA), Philippine government's news wire service defaced by hackers suspected to be from China Red-DragonRising.com© Rules of Engagement (ROE) 1) Nothing is what it appears 2) 中國 literally means the middle kingdom 3) The People’s Liberation Army (中国人民解放军) controls everything 4) Capitalist economically, communism remains the political bedrock 5) ‘Keep your friends close but enemies closer’ ~ Sun Tzu 6) Mandarin Chinese an easy language – Brilliant Cryptography…… 7) Kinetic military capability not yet fully developed 8) Numerology is important – 8th Route Army Red-DragonRising.com© Red-DragonRising.com© Who is China? Red-DragonRising.com© Bottom Line Up Front The BLUF 1. The People´s Liberation Army (PLA) is pursuing the means to seize and occupy the “information high ground”; 2. The rapid development of a comprehensive C4ISR (Command, Control, Computers, Communications, Information, Surveillance & Reconnaiscance) infrastructure, is a focus of PLA efforts currently underway; 3. PLA is trying to unify disparate information systems to enable coordination between geographically dispersed units in order to attain near total situational awareness of the battlespace while limiting an adversary’s ability to do the same; 4. PLA is trying to reach information dominance early and using it to enable and support other PLA operations throughout a conflict; 5. Tactical level employment of computer network attack (CNA) tools used with sufficient precision can achieve dramatic strategic outcomes with the potential to alter a campaign &, conversely, as the PLA deploys more sophisticated information systems growing increasingly reliant upon them for successful military operations, it must also protect itself from the same network vulnerabilities as its high-tech adversaries; 6. PLA is augmenting its developing computer network operations (CNO) capabilities by relying on inputs from China’s commercial IT industry, academia, and civilian and military research institutions; 7. Huawei, Zhongxing (ZTE), and Datang maintain relationships with the PRC government; In summary - recent developments in Chinese computer network operations applications & research and development point to a nation fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace as another means of meeting military and civilian goals for national development. Computer network operations have assumed a strategic significance for the Chinese leadership that moves beyond solely military applications and is being broadly applied to assist with long term strategy for China’s national development. “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage” NORTHRUP GRUMMAN March 7, 2012 Red-DragonRising.com© Chinese Methodology? • Chinese web “bots” performing reconnaissance, gathering info on web content; • PRC “bots” so intrusive, servers scanned IOT determine server’s purpose and functions… • Majority of Internet traffic from the People’s Republic of China, and included both…. – Hits on servers (short pings on new servers); and, – Detailed examination looking for ports or access points… Red-DragonRising.com© Chinese motivation? • Fear of 外國人 …foreigners…. • Self-preservation and, • Hegemony (霸权)….. – A perfect description of the Communist Party of China (CPC)…..implied power of the Chinese state subordinates every element of modern Chinese Society……including threats by….. Falun Gong…..Blind Dissidents…disaffected citizens….Regime Change Red-DragonRising.com© 中國人民解放軍 Information Warfare (IW) “To achieve victory we must as far as possible make the enemy blind and deaf by sealing his eyes and ears, and drive his commanders to distraction by creating confusion in their minds.” 毛泽东 Mao Tse-Tung Red-DragonRising.com© Official Statement of Chinese IW • 19 JUL 2010 – 解放军报 (PLA daily) ‘ordered by President Hu Jintao to handle cyber threats as China enters the information age, and to strengthen the nation's cyber-infrastructure’ • General Staff Directorate’s (GSD) Cyber Warfare ‘Princelings’ General Zhang Qinsheng 章沁生 General Chen Bingde 陈炳德 General Ma Xiaotian 马晓天 Vice Admiral Sun Jianguo 孙建国 Major General Hou Shu sen 侯树森 解放军报(PLA Daily), July 19, 2010; [Online] Available at: http://english.peopledaily.com.cn/200007/21/eng20000721_46068.html Red-DragonRising.com© PLA Cyber Tacticians • Major General Hu Xiaofeng, Deputy Director, National Defense University, Department of Information Warfare and Training Command • Professor Meng Xiangqing, National Defense University Institute for Strategic Studies “Goal is to achieve a strategic objective” “You have to meet my political conditions or your government will be toppled, or you promise to meet some of my political conditions.” 黑暗訪問者, 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/ Red-DragonRising.com© 中 国 人 民 解 放 军 信 息 保 障 基 地 Red-DragonRising.com© 制信息权 Information Dominance….. Precise attack vectors of制信息权 1) 2) 3) 4) 5) 6) 7) 8) 9) 10) planting information mines conducting information reconnaissance changing network data releasing information bombs dumping information garbage disseminating propaganda applying information deception releasing clone information organizing information defense establishing network spy stations Richard A. Clarke and Robert K. Knake, Cyber War. The Next Threat to National Security and What to Do about It, New York, HarperCollins Publishers 2010, pp. 47 – 64 8 - Pillars of Chinese Warfare (超限战) 8 Principles of "beyond-limits combined war” in Unrestricted Warfare 1) 2) 3) 4) 5) 6) 7) 8) Omni directionality Synchrony Limited objectives Unlimited measures Asymmetry Minimal consumption Multidimensional coordination Adjustment and control of the entire process Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version) Tell me more about these Chinese hackers…. Red-DragonRising.com© 中國共產黨 - CPC • Codified cyber warfare in 2010 • “protect national infrastructure from external cyber threats” – President Hu Jin tao • President Hu’s successor Xi Jin ping …. CPC + PLA x information technology superiority = China’s worldwide dominance Red-DragonRising.com© 人民解放军- PLA • 500 BC Sun-Tzu’s Art of War – basis • Sun Ping’s Military Methods • 1995 - Major General Wang Pufeng – founding father of Chinese Information Warfare (IW) • 1999 - War Without Limits – PLAAF Senior Colonel’s Qiao Liang & Wang Xiangsui • 2002 - PLA's IW strategy spearheaded by Major General Dai Qingmin Red-DragonRising.com© 國有企業 – State Owned Enterprises • China Telecom – owned by the CPC, operated by the PLA • Huawei – owned by former PLA officer direct links to the PLA however NOT the CPC • ZTE – based in Shenzhen, Guangdong Province • China Petroleum & Chemical Corp • SinoChem • China National Petroleum Corp • China National Pharmaceutical Group Red-DragonRising.com© 黑客 - Hacktivists • Originally supported by CPC & PLA – Now uncontrollable….Golden Shield Project • Reinforce PRC’s nationalism via the web – Taiwan, the renegade Chinese Province – Punishing Japan for WWII war crimes – Codera’s anti-Chinese web rhetoric Red-DragonRising.com© Red-DragonRising.com© Chinese Perspective…. 16 AUG 2011 - People’s Tribune Magazine (人民论坛杂志) publishes several articles… Four are very troublesome for the U.S……. – “A Sovereign Country Must Have Strong Defense” by Min Dahong, director of the Network & Digital Media Research Office @ China Academy of Social Sciences; – “America’s ‘Pandora’s Box’ Cyber Strategy Confuses the World” by Shen Yi Fudan University’s Department of International Politics; – “Cyber Power ‘Shuffles the Cards’: How China Can Overtake the Competition” by Tang Lan, Institute of Information and Social Development Studies at the China Institute of Contemporary International Relations; and – “How to Construct China’s Cyber Defenses” by Liu Zengliang, from the PLA National Defense University Red-DragonRising.com© http://www.rmlt.com.cn/qikan/2011-08-16/ 13+ Years Chinese Cyber Activity • 1995 – Major General Wang Pufeng describes attacking via Internet 1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar 1997 – “War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels May 03, 2001 China warns of massive hack attacks 2002 - “informatization”信息化 campaign begins Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress 2003 - Titan Rain泰坦雨 US DoD & Government websites targeted 2004 – Japan targeted by Chinese over disputed Daiyu Islands 2007 – GhostNet 幽灵网 Global CnC network with IP addresses in People’s Republic of China 2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and malicious attachments and links in e-mail messages. 2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - the Chinese army is using Internet spyware to steal confidential information 2009 - Operation Aurora 操作极光 International Energy Industry targeted 2009 – Night Dragon夜龙 Global multinationals attacked via Internet 2010 – Article - Should we be afraid of Chinese hackers?...Or lost cyber war? 2011 -US needs to get better at preventing foreign access to advanced technology - GAO watchdogs find holes in high-tech access, licensing rules 2011 – Chinese military CCTv-7 demonstrates GUI Hacking of University of Alabama 2011 – Office of the National Counterintelligence Executive (ONCIX) Report indicates both China & Russia target corporate intellectual property 2011 – Operation Shady RAT FIVE year campaign of economic & intelligence data exfiltration 2012 – “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage” NORTHRUP GRUMMAN March 7, 2012 2012 – Chinese Technology Policy & Cyber Offensive Operations - April 2012 – China & Philippines engage in mutual cyber attacks over Scarborough Shoals - April Red-DragonRising.com© Conclusions 1) 2) 3) 4) 5) 6) Hegemony drives use information warfare in the cyber realm; Cyber-warfare is state sponsored; yet direct attribution is an illusion…. People’s Liberation Army plans cyber-warfare – defensively & offensively; Cultural, economic, historical & linguistic thread drives Chinese cyber-warfare; The CPC, although advocating citizen hacking, can no longer control it; Commercial enterprises worldwide are permeable to Chinese cyber hacking in all its form & methods – Nortel Case Study; 7) Chinese written malware, RATs, Botnets are undiscoverable…. 8) Mandarin Chinese (complex and simple) is an exceptional form of cryptography…not to mention Classical / Literary Chinese…. 9) All commercial IPS are ineffective against Chinese based attacks; 10)People’s Republic of China cyber-warfare threat is serious & will only become much worse….. 11)Diplomatic initiatives with a show of U.S. military force in ASIA PAC…only option? Red-DragonRising.com© Short & Long Term Moves Short & Long Term Focus on addressing high risks of the Chinese Cyber Threat Strategy/Move Who What/Why How BS = Business Strategy CS = Corporate Strategy IS = Innovation Strategy GS = Government Strategy When Cost BS, CS, IS & GS Define specific Economic Targets US Dept of Commerce – International Undersecretary What are most likely targets of economic espionage Work with commercial industry to assist defining possible loss of business if they lost their intellectual property to China Immediately, then quarterly Minimal BS, CS & GS – Educate employees about possibility of data exfiltration Business & Corporate leadership – Chief Security Officers Awareness of persistent threat of economical cyber war Design educational awareness programs to address identifying, reporting and mitigating foreign information exfiltration threats Immediately, then monthly Nominal BS, CS & IS – Create a universal defense-in-depth policy ICW security software & hardware manufacturers Protect critical infrastructure against Chinese Cyber Threats Design a defense-in-depth standard that protects Critical Economic & National Infrastructure Immediately, then ongoing Nominal to very expensive GS – Liaise & dialogue w/Chinese Government US Department of State, Depart ment of Defense, USAID Mutual understanding of the cyber threat – define it Develop official dialogue to define, explain and set conditions for defining the cyber threat mutually Immediately, then quarterly and semiannually Nominal Red-DragonRising.com© References 1) Cyber Silhouettes: Shadows Over Information Operations, Timothy Thomas, Foreign Military Studies Office (FSMO), Fort Leavenworth, Kansas 2) Decoding the Virtual Dragon, Timothy Thomas, Foreign Military Studies Office (FSMO), Fort Leavenworth, Kansas 3) The Chinese People’s Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure, Mark A. Stokes, Jenny Lin and L.C. Russell Hsiao, Project 2049 Institute Red-DragonRising.com© “21st Century Chinese Cyber Warfare” “二十一世紀中國 網絡戰” Available : ISBN: 9781849283342 Red-DragonRising.com© 謝謝您 謝謝您的時間今天 有沒有問題? Red-DragonRising.com©