China says most cyberattacks against its infrastructure come from the U.S.

By LUIS MIRANDA | THE REAL AGENDA | MARCH 20, 2013

China also has its own proof that the United States is the main threat to its infrastructure, or so they say.

A Chinese official report states that many of the cyber attacks against China come from the United States and that the threat to the cyber security of its websites is “growing”.

According to the report, which echoes the official report cited by Xinhua news agency last year, says that hackers attacked 16,388 Chinese websites, including 1802 pages that belong to the government. This numbers, says the report, represent an increase of 21.5 and 6.1 percent year on year, respectively.

The research, conducted by the National Coordination Center for Emergency Response (CNCERT), also states that in 2012 nearly 73,000 foreign IP addresses attacked about 14.2 million Chinese servers with computer viruses like “Trojan” or “botnet”, and that these activities came, in large part from the U.S..

The same agency said it detected 22,308 phishing sites, the majority (96.2%) from foreign servers, especially the U.S. (83.2%).

CNCERT further indicates that the cyber security risks increase with the application of new technologies such as computer services in the cloud, that as they stress, complicate the fight against cyber attacks.

Therefore, the report urged Chinese institutions to increase research efforts to improve cybersecurity protection for nearly 600 million Chinese Internet users, the world’s largest community.

China and the U.S. spent months locked in a campaign of mutual accusations of cyber espionage.

Last February, a report by a U.S. company specializing in Internet security reported that many of the cyber attacks against the U.S. have their origin in a Chinese army unit.

Beijing categorically denied the charge adding that it is also the victim of numerous attacks, which have increased over the years and most of them are from the North American country.

In his first press conference as Prime Minister of China, Li Keqiang, argued that the government “does not support the hacking” and described as “baseless” U.S. allegations that the Chinese government had any involvement in the attempts to hack into American infrastructure.

On 19 February, a report by the U.S.-based company Mandiant accused the Chinese military of being behind a series of cyber attacks against businesses, institutions and infrastructure in the U.S.. That was not the first time that China received accusations of this type, although the novelty at that time was that the report localized in detail the origins of the attacks. According to Mandiant, a Chinese army building in a suburb of Shanghai was responsible for most if not all of the attacks.

U.S. says it’s ready to strike back at Chinese cyber attackers

By LUIS MIRANDA | THE REAL AGENDA | FEBRUARY 20, 2013

As The Real Agenda informed yesterday, a new report issued by internet security company Mandiant has concluded that some of the most visible cyber attacks on U.S. based companies and government entities are coming from China. This wasn’t a secret at all, since much of the equipment used in American companies and institutions are either manufactured in China or have Chinese-made components. According to experts, it is precisely through this components that the Chinese hackers may be entering sensible systems in government and large corporations such as banks and media outlets.

The accusation made by Mandiant established that the Chinese military is responsible for hacking into government and private computer systems to steal data in an attempt to get its hands on trade secrets and information about infrastructure. Today, the Obama administration is said to be weighing a list of fines and commercial punishment to stop the Chinese and any other government-sponsored cyber attack.

Research conducted by Mandiant in the last three years, shows that attacks on American government agencies, and private companies are coming directly from a Chinese-based operation in Shanghai. The existence of this entity and the purpose of its operations are well-known by the Asian government, says Mandiant.

The Associated Press reports today that American officials familiar with the U.S. plans, the White House will present a report with preliminary proposals to address the Chinese threat. It is not clear whether this proposals are real actions that the U.S. government will take, has taken already or if it is only a way to publicly show concern about the attacks while privately maneuvering in a different direction. The U.S. report will speak again about the imminent cyber threat previously described by people like Leon Panetta, who earlier this year and late in 2012 spoke about the possibility of a possible ‘cyber Pearl Harbor’.

Mandiant’s report, which apparently was requested by a group of private companies reveal that more than 140 enterprises were attacked by the People’s Liberation Army’s Unit 61398. The attacks were carried out after the hackers breached security protocols in those companies which supposedly enabled them to steal sensible information about their operations as well as private data about their customers. Along with Mandiant’s report, military experts believe that the hackers are part of China’s cyber command which works directly under orders from the Joint Chiefs of Staff. This would mean that the cyber attacks are authorized by people in important positions who work for China’s military.

“If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation,” said former FBI executive assistant director Shawn Henry to AP. Both Mandiant’s report and the U.S. government’s recognition of the alleged Chinese threat, puts even more pressure on the Americans to show firmness in their actions. Simply talking about the threat will not solve anything. The Americans will have to retaliate strongly against the hackers and / or begin direct public talks with the Chinese military in order to sort out the details of the attacks.

According to Mandiant, this division of the Chinese Army employs thousands of people modern programming techniques and network management, which means that it counts with the support of important people and government organizations. The alleged Chinese military unit has stolen hundreds of terabytes of data since its activities were first registered in 2006″.

Although many of the alleged corporate victims are based in the United States, Canadian and British companies have also been attacked. In the case of the Canadians and British, hackers have accessed and stolen information about business transactions, mergers, acquisitions, and emails from senior managers.

“We believe APT1 can continue a campaign of cyber espionage in large part because it receives direct support from the Chinese government,” says Mandiant, identifying APT1 with Unit 61398. The same way that APT1 seems to be conducting cyber espionage activities on American, Canadian and British companies and government agencies, it is clear that American intelligence and spying agencies also conduct operations to learn about what other countries are up to.

“In a state that rigorously monitors Internet use, it is highly unlikely that the Chinese government is unaware of an attack group that operates from the Pudong New Area of Shanghai,” says the Mandiant report. APT1 “systematically stole hundreds of terabytes of data from at least 141 organizations,” Mandiant said.

A report by the U.S. Congress last year said that increasingly dexterous entities backed by the Chinese government are trying to enter the U.S. systems, and called China “the most threatening player in cyberspace.” This means that the U.S. did not learn about the threat by reading Mandiant’s report, so it would be interesting to know why the Americans haven’t publicly demanded answers from the Chinese, if the threat is do evident.

The Real Agenda encourages the sharing of its original content ONLY through the tools provided at the bottom of every article. Please DON’T copy articles from The Real Agenda and redistribute by email or post to the web.

Cyberwar 2.0: DARPA’s Plan X to Attack the Web

By NOAH SHACHTMAN | WIRED | AUGUST 24, 2012

The Pentagon’s top research arm is unveiling a new, classified cyberwarfare project. But it’s not about building the next Stuxnet, Darpa swears. Instead, the just-introduced “Plan X” is designed to make online strikes a more routine part of U.S. military operations. That will make the son of Stuxnet easier to pull off — to, as Darpa puts it, “dominate the cyber battlespace.”

Darpa spent years backing research that could shore up the nation’s cyberdefenses. “Plan X” is part of a growing and fairly recent push into offensive online operations by the Pentagon agency largely responsible for the internet’s creation. In recent months, everyone from the director of Darpa on down has pushed the need to improve — and normalize — America’s ability to unleash cyberattacks against its foes.

That means building tools to help warplanners assemble and launch online strikes in a hurry. It means, under Plan X, figuring out ways to assess the damage caused by a new piece of friendly military malware before it’s unleashed. And it means putting together a sort of digital battlefield map that allows the generals to watch the fighting unfold, as former Darpa acting director Ken Gabriel told the Washington Post: “a rapid, high-order look of what the Internet looks like — of what the cyberspace looks like at any one point in time.”

It’s not quite the same as building the weapons themselves, as Darpa notes in its introduction to the five-year, $100 million effort, issued on Monday: “The Plan X program is explicitly not funding research and development efforts in vulnerability analysis or cyberweapon generation.” (Emphasis in the original.)

But it is certainly a complementary campaign. A classified kick-off meeting for interested researchers in scheduled for Sept. 20.

The American defense and intelligence establishment has been reluctant at times to authorize network attacks, for fear that their effects could spread far beyond the target computers. On the eve of the Iraq invasion of 2003, for instance, the Bush administration made plans for a massive online strike on Baghdad’s financial system before discarding the idea out of collateral damage concerns.

It’s not the only factor holding back such operations. U.S. military chiefs like National Security Agency director Gen. Keith Alexander have publicly expressed concern that America may not be able to properly respond to a national-level attack unless they’re given pre-defined battle plans and “standing rules of engagement” that would allow them to launch a counterstrike “at net speed.” Waiting more than a few moments might hurt the American ability to respond at all, these officers say.

“Plan X” aims to solve both problems simultaneously, by automatically constructing mission plans that are as easy to execute as “the auto-pilot function in modern aircraft,” but contain “formal methods to provably quantify the potential battle damage from each synthesized mission plan.”

Then, once the plan is launched, Darpa would like to have machines running on operating systems that can withstand the rigors of a full-blown online conflict: “hardened ‘battle units’ that can perform cyberwarfare functions such as battle damage monitoring, communication relay, weapon deployment, and adaptive defense.”

The ability to operate in dangerous areas, pull potential missions off-the-shelf, and assess the impact of attacks — these are all commonplace for air, sea, and land forces today. The goal of Plan X is to give network-warfare troops the same tools. “To get it to the point where it’s a part of routine military operations,” explains Jim Lewis, a long-time analyst of online operations at the Center for Strategic and International Studies.

Of course, many critics of U.S. policy believe the deployment of cyberweapons is already too routine. America’s online espionage campaign against Iran has been deeply controversial, both at home and abroad. The Russian government and its allies believe that cyberweapons ought to be banned by international treaty. Here in the U.S., there’s a fear that, by unleashing Stuxnet and other military-grade malware, the Obama administration legitimized such attacks as a tool of statecraft — and invited other nations to strike our fragile infrastructure.

The Darpa effort is being lead, fittingly, by a former hacker and defense contractor. Daniel Roelker helped start the intrusion detection company Sourcefire and the DC Black Ops unit of Raytheon SI Government Solutions. In a November 2011 presentation (.pdf), Roelker decried the current, “hacker vs. hacker” approach to online combat. It doesn’t scale well — there are only so many technically skilled people — and it’s limited in how fast it can be executed. “We don’t win wars by out-hiring an adversary, we win through technology,” he added.

Instead, Roelker continued, the U.S. needs a suite of tools to analyze the network, automate the execution of cyberattacks, and be sure of the results. At the time, he called these the “Pillars of Foundational Cyberwarfare.” Now, it’s simply known as Plan X.