MS Risk Blog

China’s Offensive Cyber Warfare

Posted on in China, Cyber title_rule

Hacking is has been a rising trend within the PRC since the Internet entered the country in 1994 and on November 8th 2012 the Chinese president officially announced, “China will speed up full military IT applications”. China alone accounts for the largest national population of Internet users—some 300 million, nearly one-fifth of the global number. Ever since the 90’s, creation of a lot of hacking groups: The Green Corps, The Hong Kong Blonds and the most famous recent one: the Red Honker Union They created an important hacking culture in China. Some evidences link civilian hackers to the government and the States’ creation of a cyber army. Since 1998, according to Timothy Thomas of the U.S Foreign Military Studies Office, the Chinese army has even recruited civilians into its ‘net militia units’ (Militia Information Technology Battalions), the most famous being the unit 61398.

The State cyber army: unit 61398

As everything on the Internet, it is always difficult to prove the origin of a cyber attack. Nevertheless, the company Mandiant has investigated since 2004 the cyber capacity of China, especially through the unit 61398 considered as a part of the Communist Party of China under the Central Military Commission in the GSD 3rd department (2nd Bureau). Since 2006, a rising number of cyber attacks are believed to have come from this unit and most of them targeted the U.S.

The four most important sectors attacked are: Information Technology, Transportation, High-Tech Electronics and Financial Services. China seems to base its cyber warfare on a method often referred as “Acupuncture warfare”: based on attacking critical IT nodes or pressure points, this method capitalizes on optimizing effects on adversary vulnerabilities and follows the principle of acupuncture practiced for medicine—identifying points that serve as “a tunnel, or access route, to the deeper circulatory channels within”. One application of this theory would be finding the key choke points or supply chain vulnerabilities for an enemy military deployments and influencing them by attacking the supporting civilian infrastructure.

Intents and motivation of the cyber attacks

The first reason for China’s cyber offensive is to gain increased military knowledge through cyber espionage: China also has an interest in accelerating its military development since it is still behind the West, especially the U.S. who often has the lead for new military technology. Different cyber attacks can be quoted as examples, the most famous being the “Titain Rain” in 2007: a massive cyber attack against United States defence contractor computer networks (10 to 20 terabytes including Lockheed Martin and NASA) believed to come from China. Furthermore, numerous attackers originating in China have been accused of infiltrating government computers of numerous countries: the United States, Britain, France, Germany, South Korea, and Taiwan.

A second motivation is to make economic gains by stealing technological process. China’s general technological level is also behind that of the United States, which gives it an increased incentive for industrial espionage in order to achieve economic advantage. Numerous attacks believed to come from China supported this theory: the theft of data from U.S. network security company RSA Security in 2011. Moreover, in December 2007, the director-general of the British Security Service (MI5) informed 300 major UK companies that they were under constant attack from “Chinese state organisations”.

One of the last reasons for China to use cyber offensive is to deter other States by infiltrating their critical infrastructure. It puts the other States on notice that any technological edge it believes it enjoys will not be functional in a conflict with China. It also reminds China’s restive domestic audience that unfettered technological advancement alone does not bring security. Deterrence and possible military actions for this reason could be launching probes to identify vulnerabilities that could be exploited in armed conflict. Two main examples of this reason is Operation Aurora in 2009 where the U.S company Google’s source code has been stolen along with the attack of Denial of service on the White House website in 1999 after the U.S attacked the Chinese Embassy.

The characteristics of cyber warfare

China’s offensive cyber: information warfare

Fitting in the Sun Tzu’s spirit of the need of information, China focus on cyber capabilities as part of its strategy of national asymmetric warfare. The Chinese military and their civilian oversees have hit upon a military strategy that aims all at once to close the gap between U.S. and Chinese technological-military prowess. Hence, China considers the cyber domain to be a battle arena.

Tagged as: