Chinaâs cyber army is preparing to march on America, says Pentagon
Chinese military hackers have prepared a detailed plan to disable Americaâs aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.
The blueprint for such an assault, drawn up by two hackers working for the Peopleâs Liberation Army (PLA), is part of an aggressive push by Beijing to achieve âelectronic dominanceâ over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.
Chinaâs ambitions extend to crippling an enemyâs financial, military and communications capabilities early in a conflict, according to military documents and generalsâ speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that Chinaâs military regards offensive computer operations as âcritical to seize the initiativeâ in the first stage of a war.
The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping. It also emerged this week that the Chinese military hacked into the US Defence Secretaryâs computer system in June; have regularly penetrated computers in at least 10 Whitehall departments, including military files, and infiltrated German government systems this year.
Cyber attacks by China have become so frequent and aggressive that President Bush, without referring directly to Beijing, said this week that âa lot of our systems are vulnerable to attackâ. He indicated that he would raise the subject with Hu Jintao, the Chinese President, when they met in Sydney at the Apec summit. Mr Hu denied that China was responsible for the attack on Robert Gates, the US Defence Secretary.
Larry M. Wortzel, the author of the US Army War College report, said: âThe thing that should give us pause is that in many Chinese military manuals they identify the US as the country they are most likely to go to war with. They are moving very rapidly to master this new form of warfare.â The two PLA hackers produced a âvirtual guidebook for electronic warfare and jammingâ after studying dozens of US and Nato manuals on military tactics, according to the document.
The Pentagon logged more than 79,000 attempted intrusions in 2005. About 1,300 were successful, including the penetration of computers linked to the Armyâs 101st and 82nd Airborne Divisions and the 4th Infantry Division. In August and September of that year Chinese hackers penetrated US State Department computers in several parts of the world. Hundreds of computers had to be replaced or taken offline for months. Chinese hackers also disrupted the US Naval War Collegeâs network in November, forcing the college to shut down its computer systems for several weeks. The Pentagon uses more than 5 million computers on 100,000 networks in 65 countries.
Jim Melnick, a recently retired Pentagon computer network analyst, told The Times that the Chinese military holds hacking competitions to identify and recruit talented members for its cyber army.
He described a competition held two years ago in Sichuan province, southwest China. The winner now uses a cyber nom de guerre, Wicked Rose. He went on to set up a hacking business that penetrated computers at a defence contractor for US aerospace. Mr Melnick said that the PLA probably outsourced its hacking efforts to such individuals. âThese guys are very good,â he said. âWe donât know for sure that Wicked Rose and people like him work for the PLA. But it seems logical. And it also allows the Chinese leadership to have plausible deniability.â
In February a massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation. Pro-Russian hackers attacked numerous sites to protest against the controversial removal in Estonia of a Russian memorial to victims of the Second World War. The attacks brought down government websites, a major bank and telephone networks.
Linton Wells, the chief computer networks official at the Pentagon, said that the Estonia attacks âmay well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern societyâ.
After the attacks, computer security experts from Nato, the EU, US and Israel arrived in the capital, Tallinn, to study its effects.
Sami Saydjari, who has been working on cyber defence systems for the Pentagon since the 1980s, told Congress in testimony on April 25 that a mass cyber attack could leave 70 per cent of the US without electrical power for six months.
He told The Times that all major nations â including China â were scrambling to defend against, and working out ways to cause, âmaximum strategic damageâ by taking out banking systems, power grids and communications networks. He said that there were at least a thousand attempted attacks every hour on American computers. âChina is aggressive in this,â he said.
Programmed to attack
Malware: a âTrojan horseâ programme, which hides a âmalicious codeâ behind an innocent document, can collect usernames and passwords for e-mail accounts. It can download programmes and relay attacks against other computers. An infected computer can be controlled by the attacker and directed to carry out functions normally available only to the system owner.
Hacking: increasingly a method of attack used by countries determined to use electronic means to gain access to secrets. Government computers in Britain have a network intrusion detection system, which monitors traffic and alerts officials to âmisuse or anomalous behaviourâ.
Botnets: compromised networks that an attacker can exploit. Deliberate programming errors in software can easily pass undetected. Attackers can exploit the errors to take control of a computer. Botnets can be used for stealing information or to collect credit card numbers by âsniffingâ or logging the strokes of a victimâs keyboard.
Keystroke loggers: they record the sequence of key strokes that a user types in. Logging devices can be fitted inside the computer itself.
Denial of service attacks: overloading a computer system so that it can no longer function. This is the method allegedly used by the Russians to disrupt the Estonian government computers in May.
Phishing and spoofing: designed to trick an organisationâs customers into imparting confidential information such as passwords, personal data or banking details. Those using this method impersonate a âtrusted sourceâ such as a bank or IT helpdesk to persuade the victim to hand over confidential information. (Michael Evans)