Chinese Warfare

中國信息戰的基 礎 Fundamentals of Chinese Information Warfare LTCOL (RET)William Hagestad II MSc Security Technologies MSc Management of Technology www.red-dragonrising.com [email protected] Red-DragonRising.com©

“21st Century Chinese Cyber Warfare”

“ 二十一世紀中國 網絡戰”

ISBN: 9781849283342 Red-DragonRising.com©

中國信息戰的基礎 1.Credit where credit is due…. 2.Current Cyber News…. 3.People’s Republic of China “Informization” 4.Unrestricted Warfare…war without limits 5.Chinese Cyber Threat history 6.Conclusions Red-DragonRising.com©

Masters of this domain…. Attribution where credit is due…. • Dr. James Mulvenon, Vice President, Intelligence Division and Director, Center for Intelligence Research and Analysis, Defense Group, Inc. • Mark Stokes, Executive Director, Project 2049 Institute • Timothy Thomas, LTC US Army RET Red-DragonRising.com©

Current China Cyber News

• Chinese Firewall Maker, Hangzhou DPTech Technologies booted from Microsoft Sharing Program – 3 MAY 2012, SC Magazine • “US & the PRC must work to avoid cyber conflict” – SECDEF Panetta…8 MAY 2012 REUTERS • Huawei aims efforts at market leaders Cisco, HP et al….10 MAY 2012, Network Computing • PRC-Philippines Hacking War…10 MAY 2012 Council on Foreign Relations

Red-DragonRising.com©

Current China Cyber News • 10 MAY 2012 Philippines News Agency (PNA), Philippine government's news wire service defaced by hackers suspected to be from China

Red-DragonRising.com©

Rules of Engagement (ROE) 1) Nothing is what it appears 2) 中國 literally means the middle kingdom 3) The People’s Liberation Army ( 中国人 民解放军 ) controls everything 4) Capitalist economically, communism remains the political bedrock 5) ‘Keep your friends close but enemies closer’ ~ Sun Tzu 6) Mandarin Chinese an easy language – Brilliant Cryptography…… 7) Kinetic military capability not yet fully developed Red-DragonRising.com©

Red-DragonRising.com©

Who is China?

Red-DragonRising.com©

Bottom Line Up Front The BLUF

1. The People´s Liberation Army (PLA) is pursuing the means to seize and occupy the “information high ground”; 2. The rapid development of a comprehensive C4ISR (Command, Control, Computers, Communications, Information, Surveillance & Reconnaiscance) infrastructure, is a focus of PLA efforts currently underway; 3. PLA is trying to unify disparate information systems to enable coordination between geographically dispersed units in order to attain near total situational awareness of the battlespace while limiting an adversary’s ability to do the same; 4. PLA is trying to reach information dominance early and using it to enable and support other PLA operations throughout a conflict; 5. Tactical level employment of computer network attack (CNA) tools used with sufficient precision can achieve dramatic strategic outcomes with the potential to alter a campaign &, conversely, as the PLA deploys more sophisticated information systems growing increasingly reliant upon them for successful military operations, it must also protect itself from the same network vulnerabilities as its high-tech adversaries; 6. PLA is augmenting its developing computer network operations (CNO) capabilities by relying on inputs from China’s commercial IT industry, academia, and civilian and military research institutions; 7. Huawei, Zhongxing (ZTE), and Datang maintain relationships with the PRC government; In summary - recent developments in Chinese computer network operations applications & research and development point to a nation fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace as another means of meeting military and civilian goals for national development. 

Computer network operations have assumed a strategic significance for the Chinese leadership that moves beyond solely “Occupying the Information High Ground: Chinese Capabilities for Computer military isEspionage” being broadly applied to assist Networkapplications Operations andand Cyber NORTHRUP GRUMMAN March with 7, Red-DragonRising.com©

Chinese Methodology? • Chinese web “bots” performing reconnaissance, gathering info on web content; • PRC “bots” so intrusive, servers scanned IOT determine server’s purpose and functions… • Majority of Internet traffic from the People’s Republic of China, and included both…. – Hits on servers (short pings on new servers); and, – Detailed examination looking for ports or access points… Red-DragonRising.com©

Chinese motivation? Fear of 外國人 … foreigners….

• • Self-preservation and, • Hegemony ( 霸权 )…..

– A perfect description of the Communist Party of China (CPC) …..implied power of the Chinese state subordinates every element of modern Chinese Society…… including threats by….. Falun Gong…..Blind Dissidents… disaffected citizens….Regime Change Red-DragonRising.com©

中國人民解放軍 Information Warfare (IW) “To achieve victory we must as far as possible make the enemy blind and deaf by sealing his eyes and ears, and drive his commanders to distraction by creating confusion in their minds.” 毛泽东 Mao Tse-Tung

Red-DragonRising.com©

Official Statement of Chinese IW • 19 JUL 2010 – 解放军报 (PLA daily) ‘ordered by

President Hu Jintao to handle cyber threats as China enters the information age, and to strengthen the nation's cyberinfrastructure’ • General Staff Directorate’s (GSD) Cyber Warfare ‘Princelings’ General Zhang Qinsheng 章沁生 General Chen Bingde 陈炳德 General Ma Xiaotian 马晓天 Vice Admiral Sun Jianguo 孙建国 Major General Hou Shu sen 侯树森 解放军报 (PLA Daily), July 19, 2010; [Online] Available at: http:// english.peopledaily.com.cn/200007/21/eng20000721_46068.html Red-DragonRising.com©

PLA Cyber Tacticians • Major General Hu Xiaofeng, Deputy Director, National Defense University, Department of Information Warfare and Training Command

• Professor Meng Xiangqing, National Defense University Institute for Strategic Studies

“Goal is to achieve a strategic objective” “You have to meet my political conditions or your government will be toppled, or you promise to meet some of my political 黑暗訪問者 , 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/ Red-DragonRising.com©

中国人民解 放军信息保 障基地 Red-DragonRising.com©

制信息权 Information Dominance….. Precise attack vectors of 制信 息权 1) planting information mines 2) conducting information reconnaissance 3) changing network data 4) releasing information bombs 5) dumping information garbage 6) disseminating propaganda 7) applying information deception 8) releasing clone information 9) organizing information defense 10) establishing network spy stations Richard A. Clarke and Robert K. Knake, Cyber War. The Next Threat to National Security and What to Do about It, New York, HarperCollins Publishers 2010, pp. 47 – 64

8 - Pillars of Chinese Warfare ( 超限战 8 Principles of ) "beyond-limits combined war” in Unrestricted Warfare 1) Omni directionality 2) Synchrony 3) Limited objectives 4) Unlimited measures 5) Asymmetry 6) Minimal consumption 7) Multidimensional coordination 8) Adjustment and control of the entire process Unrestricted Warfare, Qiao Liang and Wang Xiangsui, Beijing: PLA Literature and Arts Publishing House, February 1999 (Simplified Mandarin Chinese version)

Tell me more about these Chinese hackers…. Red-DragonRising.com©

中國共產黨 - CPC • Codified cyber warfare in 2010 • “protect national infrastructure from external cyber threats” – President Hu Jin tao • President Hu’s successor Xi Jin ping ….

CPC + PLA x information technology superiority = China’s Red-DragonRising.com©

人民解放军 - PLA • 500 BC Sun-Tzu’s Art of War – basis • Sun Ping’s Military Methods • 1995 - Major General Wang Pufeng – founding father of Chinese Information Warfare (IW) • 1999 - War Without Limits – PLAAF Senior Colonel’s Qiao Liang & Wang Xiangsui • 2002 - PLA's IW strategy spearheaded by Major General Dai Red-DragonRising.com©

國有企業 – State Owned Enterprises • China Telecom – owned by the CPC, operated by the PLA • Huawei – owned by former PLA officer direct links to the PLA however NOT the CPC • ZTE – based in Shenzhen, Guangdong Province • China Petroleum & Chemical Corp • SinoChem • China National Petroleum Corp • China National Pharmaceutical Group Red-DragonRising.com©

黑客 - Hacktivists • Originally supported by CPC & PLA – Now uncontrollable….Golden Shield Project

• Reinforce PRC’s nationalism via the web – Taiwan, the renegade Chinese Province – Punishing Japan for WWII war crimes – Codera’s anti-Chinese web rhetoric

Red-DragonRising.com©

Red-DragonRising.com©

Chinese Perspective….  16 AUG 2011 - People’s Tribune Magazine ( 人民论坛杂志 ) publishes several articles…  Four are very troublesome for the U.S……. – “A Sovereign Country Must Have Strong Defense” by Min Dahong, director of the Network & Digital Media Research Office @ China Academy of Social Sciences; – “ America’s ‘Pandora’s Box’ Cyber Strategy Confuses th e World ” by Shen Yi - Fudan University’s Department of International Politics; – “Cyber Power ‘Shuffles the Cards’: How China Can Overtake t he Competition ” by Tang Lan, Institute of Information and Social http://www.rmlt.com.cn/qikan/201 Red-DragonRising.com©

1-08-16/

             

   •  

13+ Years Chinese Cyber Activity

1995 – Major General Wang Pufeng describes attacking via Internet 1997 – Major General Wang Baocun’s 10 Features of Chinese InfoWar 1997 – “War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels May 03, 2001 China warns of massive hack attacks 2002 - “informatization” 信息化 campaign begins Chinese Communist Party (CCP) General Secretary and Central Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress 2003 - Titan Rain 泰坦雨 US DoD & Government websites targeted 2004 – Japan targeted by Chinese over disputed Daiyu Islands 2007 – GhostNet 幽灵网 Global CnC network with IP addresses in People’s Republic of China 2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and malicious attachments and links in e-mail messages. 2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - the Chinese army is using Internet spyware to steal confidential information 2009 - Operation Aurora 操作极光 International Energy Industry targeted 2009 – Night Dragon 夜龙 Global multinationals attacked via Internet 2010 – Article - Should we be afraid of Chinese hackers?...Or lost cyber war? 2011 -US needs to get better at preventing foreign access to advanced technology - GAO watchdogs find holes in high-tech access, licensing rules 2011 – Chinese military CCTv-7 demonstrates GUI Hacking of University of Alabama 2011 – Office of the National Counterintelligence Executive (ONCIX) Report indicates both China & Russia target corporate intellectual property 2011 – Operation Shady RAT FIVE year campaign of economic & intelligence data exfiltration 2012 – “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage” NORTHRUP GRUMMAN March 7, 2012 2012 – Chinese Technology Policy & Cyber Offensive Operations - April 2012 – China & Philippines engage in mutual cyber attacks over Scarborough Shoals - April Red-DragonRising.com©

Conclusions 1) Hegemony drives use information warfare in the cyber realm; 2) Cyber-warfare is state sponsored; yet direct attribution is an illusion…. 3) People’s Liberation Army plans cyber-warfare – defensively & offensively; 4) Cultural, economic, historical & linguistic thread drives Chinese cyber-warfare; 5) The CPC, although advocating citizen hacking, can no longer control it; 6) Commercial enterprises worldwide are permeable to Chinese cyber hacking in all its form & methods – Nortel Case Study; 7) Chinese written malware, RATs, Botnets are undiscoverable…. 8) Mandarin Chinese (complex and simple) is an exceptional form of cryptography…not to mention Classical / Literary Chinese…. 9) All commercial IPS are ineffective against Chinese based attacks; 10) People’s Republic of China cyber-warfare threat is serious & will only become much worse….. 11) Diplomatic initiatives with a show of U.S. military force in ASIA PAC…only option?

Red-DragonRising.com©

Short & Long Term Moves Short & Long Term Focus on addressing high risks of the Chinese Cyber Threat Strategy/M ove

Who

What/Why

How

BS = Business Strategy CS = Corporate Strategy IS = Innovation Strategy When Cost GS = Government Strategy

BS, CS, IS & GS Define specific Economic Targets

US Dept of Commerce – International Undersecreta ry

What are most likely targets of economic espionage

Work with commercial industry to assist defining possible loss of business if they lost their intellectual property to China

Immediately, then quarterly

Minimal

BS, CS & GS – Educate employees about possibility of data exfiltration

Business & Corporate leadership – Chief Security Officers

Awareness of persistent threat of economical cyber war

Design educational awareness programs to address identifying, reporting and mitigating foreign information exfiltration threats

Immediately, then monthly

Nominal

BS, CS & IS – Create a universal defense-indepth policy

ICW security software & hardware manufacturer s

Protect critical Design a defense-ininfrastructur depth standard that e against protects Critical Chinese Economic & National Cyber Infrastructure ThreatsRed-DragonRising.com©

Immediately, then ongoing

Nominal to very expensi ve

References 1) Cyber Silhouettes: Shadows Over Information Operations, Timothy Thomas, Foreign Military Studies Office (FSMO), Fort Leavenworth, Kansas 2) Decoding the Virtual Dragon, Timothy Thomas, Foreign Military Studies Office (FSMO), Fort Leavenworth, Kansas 3) The Chinese People’s Liberation Army Signals Intelligence and Cyber Reconnaissance Infrastructure, Mark A. Stokes, Jenny Lin and L.C. Russell Hsiao, Project 2049 Institute

Red-DragonRising.com©

“21st Century Chinese Cyber Warfare”

“ 二十一世紀中國 網絡戰” Available : ISBN: 9781849283342 Red-DragonRising.com©

謝謝您 謝謝您的時間今天 有沒有問題？ Red-DragonRising.com©