China emerges as leader in cyberwarfare
In recent weeks, China has been accused of hacking the Pentagon as well as British and German government offices.
(Page 3 of 3)
Proving cyberattacks involves what Mulvenon calls the "Tarzana, California, problem." How does one know an attack "isn't coming from a kid in Tarzana who is bouncing off a Chinese server?" Mulvenon asks. "You don't. You can't predicate a response based on perfect knowledge of the attacker. But we think that correlation is causation. That is, 'Who benefits?' The best-case analysis is to correlate attacks with what Chinese have always said and written their goals are, which makes them by far the most likely suspect."Skip to next paragraph
Subscribe Today to the Monitor
Cyberpenetration runs the gamut, from simple to sophisticated. There's a simple "Trojan horse attack," for example, said to be used against the German chancellery. Hackers send what appears to be a legitimate e-mail. When opened, it installs malicious software that allows hackers to open files in a private network, or disrupt it. A Trojan horse is not surprising in an unclassified system, says Saydjari. "But some of the attacks attributed to China have been quite sophisticated."
Beijing's control showed in September 2003, when the company that administers .com and .net domain names made unilateral changes to the Internet's functioning. System administrators around the world scrambled to make piecemeal fixes.
"The domain-name system was broken for more than two weeks for the rest of the world, but after a brief interruption, it got mysteriously … unbroken inside China after eight days," says Mr. Woodcock.
PLA doctrine explicitly states that information-technology disruption is part of "asymmetric" warfare. The US is more vulnerable than China to a cyberattack, says Saydjari, because of its greater reliance on high-tech, networked systems.
The PLA's "People's War" doctrine argues that all able-minded People's Republic computer users have a responsibility to fight for China with their laptops, says Woodcock. He argues that Beijing might call on ethnic Chinese hackers in any part of the world, hoping they might help. Even nonhackers might be asked to participate in "denial of service" (DoS) attacks – a weapon to shut down enemy websites that requires massive numbers of computers to accomplish. "The power of numbers is on their side," Woodcock says. China has the largest DoS capability in the world, he says, a concern to private-sector companies as well.
So far, China doesn't seem to be organizing DoS attacks, says Mr. Ullrich. During the EP-3 spy plane spat between the US and China in early 2001, some Chinese youths launched DoS attacks. But the government curtailed the attacks.
For several years, China has focused most of its military research and production on a high-tech air and missile-attack force – to overwhelm Taiwan. Hence, China's probe of the Pentagon NIPRNet. "They want to be able to attack the Net. They don't need a supersexy penetration program," Mulvenon argues. "They just bomb the Net itself. They disrupt the deployment of our military, simultaneously saturate Taiwan, delay the US arrival, and Taiwan capitulates. It's what they talk about."