A 14-page ‘restricted’ report prepared by the British intelligence agency MI5’s Centre for the Protection of National Infrastructure has recently come to light.
The report describes how China has attacked British defence, energy, communications and manufacturing companies in a concerted hacking crusade. It also details how undercover intelligence officers from the People’s Liberation Army (PLA) and the Ministry of Public Security approached UK businessmen at trade fairs and exhibitions, offering them ‘lavish hospitality’ and presenting nice ‘gifts’. Unfortunately for the recipients of the famed Chinese hospitality, the gifted cameras and memory sticks, tokens of Chinese friendship, contained electronic Trojan bugs which could enable hackers to remotely access their computers. According to the MI5 report, the Chinese government “represents one of the most significant espionage threats to the UK”.
China was also accused of ‘bugging and burgling’ UK business executives and setting up ‘honeytraps to later blackmail them’.
One thought that techniques like the one used against John Profumo, a British Defence Minister during the Cold War had been relegated to the dustbin of history and were only good for third rate Hollywood scripts, but the MI5 report says that “Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to co-operate with them.”
But today, cyber attacks by Chinese hackers are causing a lot more concern than these ‘honeytraps’. The public became aware of this new type of warfare after Google announced that it would reconsider working in China: the US search engine giant had been the victim of wild attacks originating from China. The attacks involved not only involve Google, but more than 30 companies whose servers were compromised by hackers; this included several human rights groups and some prominent Chinese dissidents. What provoked Google to react in such a sudden manner was the high sophistication of the attack. The attackers seem to have employed some techniques never seen before.
Ron Deibert and Rafal Rohozinski who worked on Tracking Ghostnet (a 10-month assessment of alleged Chinese cyberspying of diplomatic missions, ministries of foreign affairs, and international organizations) explained in the Christian Science Monitor: “As principal investigators in the Information Warfare Monitor, a project formed in 2002 to investigate and analyze the exercise of power in cyberspace, we have seen many of these types of attacks first hand in our research, and have followed closely those examined by other researchers.”
They believe that the Google attacks were unusual not only in ‘scope or sophistication’, but also ‘in terms of the high-profile nature of the victims’. According to cyber watchers, “targeted cyber attacks such as these will grow in frequency as cyberspace becomes more heavily contested. …solutions won’t be easy".
This is the general opinion among experts, who also point to criminal organizations “thriving in the hidden ecosystems of cyberspace, profiting from cyberattacks, cybercrime, and cyberfraud”.
What about India?
Before leaving for his new assignment in West Bengal, former National Security Advisor M.K. Narayanan declared that China had ‘unleashed cyber aggression against India’. In an interview, he admitted that Chinese hackers had tried to penetrate the Prime Minister’s Office. The former NSA said that his office and other government departments were targeted on December 15 (the same day as Google and other US companies). The attack came through e-mail attachments containing a ‘Trojan’ virus which allows the hacker to penetrate the server and help himself to sensitive files. Officials had to be asked not to log into the server until the threat could be eliminated.
“This was not the first instance of an attempt to hack into our computers,” Narayanan told the journalist.
“People seem to be fairly sure it was the Chinese. It is difficult to find the exact source but this is the main suspicion. It seems well founded.”
Hardly a month later, The Tribune reported that “computer networks at sensitive establishments have experienced a second wave of cyber attacks from foreign-based hackers. Sources in the intelligence reveal that fresh attacks began on January 28 and about 25 computers were targeted.”
The attacked computers belonged to the National Security Council (NSC) Secretariat and the National Security Advisory Board (NSAB). The source of information was an official at the National Technical Research Organisation (NTRO) which is supposed to deal with cyber attacks.
According to the same source, even the Cabinet Secretary has been a victim: “Initial investigations revealed that 30 computers, including eight from the PMO, were compromised. This also involved two persons not on the regular posted strength of the PMO, prompting intelligence agencies to believe that the cyber attacks were backed by a high level of human intelligence, providing the whereabouts of key individuals and their portfolios and e-mail addresses. Others who came under attack from cyber space included the chairman of the Joint Intelligence Committee, chief of the Naval Staff, deputy chief of Naval Staff, PM’s special envoy, the three military intelligence services and establishments of the BSF and CRPF in Jammu and Kashmir.”
Again the Chinese ‘signature’ was suspected. The NTRO has apparently formed a rapid reaction team to deal with such attacks. They claim that their reaction time is about an hour-and-a-half. Experts consulted, however, dismiss this as pure wishful thinking, as attacks are now very sophisticated and not easy to notice.
But let us go back some years. In February 1999, the PLA Literature and Arts Publishing House in Beijing released a fascinating book written by Qiao Liang and Wang Xiangsui, two Senior Colonels of the People’s Liberation Army. The title of the book was Unrestricted Warfare.
The two Chinese officers prophesized the ‘destruction of rules’ in future warfare. They wrote: “The direct result of the destruction of rules is that the domains delineated by visible or invisible boundaries which are acknowledged by the international community lose effectiveness. This is because all principals without national power who employ non-military warfare actions to declare war against the international community all use means that go beyond nations, regions and measures.”
Interestingly they gave some examples: “Whether it is the intrusions of hackers, a major explosion at the World Trade Center, or a bombing attack by bin Laden, all of these greatly exceed the frequency bandwidths understood by the American military, …they [the US] have never taken into consideration and have even refused to consider means that are contrary to tradition and to select measures of operation other than military means.”
One of the reasons behind this thinking has been the arm-dealers lobby striving to sell military ‘hardware’.
But the Art of War is changing fast, very fast.
Many believe that the exhibitors at the Defexpo India 2010 in Delhi’s Pragati Maidan, were only ‘showcasing Land and Naval Systems’ of yesterday. The War of Tomorrow is being prepared behind some computer monitors in Sichuan or Hainan.
In an eye-opening article titled Cyber Warriors published in The Atlantic, James Fallows wrote that it was “rare to hear US military or diplomatic officials talk about war with China as a plausible threat” in the conventional sense of the term. “Yes, circumstances could change, and someday there could be a consensus to ‘take on the U.S.’ But the more you hear about the details, the harder it is to worry seriously about that now,” he says. However, it is different with a cyber war: “After conducting this round of interviews, I now lose sleep over something I’d generally ignored: the possibility of a ‘cyberwar’ that could involve attacks from China — but, alarmingly, could also be launched by any number of other states and organizations.”
The recent shutting down of the Black Hawk Safety Net, the largest hacker training center in Hubei Province is only an eye-wash, smaller centers working in close collaboration with the People's Liberation Army will stay open and hacking will continue as before.
A few months ago, in a report prepared for the US China Economic and Security Review Commission, Northrop Grumman presented a list of electronic intrusions and disruptions originating from China since 1999. The conclusion was that in most cases it was difficult to say whether the activity was amateur or government-planned, but: “The depth of resources necessary to sustain the scope of computer network exploitation targeting the US and many countries around the world coupled with the extremely focused targeting of defense engineering data, US military operational information, and China-related policy information is beyond the capabilities or profile of virtually all organized cybercriminal enterprises and is difficult at best without some type of state-sponsorship.”
The Chinese State is clearly identified in these attacks.
Another conclusion of the Report is: “The breadth of targets and range of potential ‘customers’ of this data suggests the existence of a collection management infrastructure or other oversight to effectively control the range of activities underway, sometimes nearly simultaneously.”
It will probably take 10 years for the NTRO to prepare such a report and 10 more to make it public. Here, as in infrastructure development, India is far, far behind China. While it will take several more years to complete a deal for 126 Multi Role Combat Aircrafts (for some 11 billion dollars), for a much smaller budget, the Chinese will have found ways to neutralize the electronics of these planes.
But there is worse. In a forthcoming novel, Directive 51, John Barne envisages the collapse of the world ‘financial life’ (most of our ‘assets’ being kept inside some banks’ computer systems), the halt of most manufacturing systems, the evaporation of the technical knowledge and legions of other consequences. A truly frightening thought.
Let us hope that the Indian Government wakes up to the threat, and NRTO will truly be able to respond in one hour.
Also see: India not ready for cyberwar | The other Indo-Pak war | Video: China, India cyber war | UK report warns of increased cyber-related attacks| Google and China's "red" hackers | More by Claude Arpi
Born in France, Claude Arpi's quest began 36 years ago with a journey to the Himalayas. Since then he has been a student of the history of Tibet, China and the subcontinent. He is the author of numerous English and French books. His book, Dharamsala and Beijing: the negotiations that never were (Lancers Publishers) was recently released. His writings can be found on his blog.