09 September 2007

Sloppy and alarmist Yellow (Peril) journalism officially jumped the shark on September 8, 2007, with the following article in The Times:

The article goes like this:

Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times.

The blueprint for such an assault, drawn up by two hackers working for the People’s Liberation Army (PLA), is part of an aggressive push by Beijing to achieve “electronic dominance” over each of its global rivals by 2050, particularly the US, Britain, Russia and South Korea.

China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities early in a conflict, according to military documents and generals’ speeches that are being analysed by US intelligence officials. Describing what is in effect a new arms race, a Pentagon assessment states that China’s military regards offensive computer operations as “critical to seize the initiative” in the first stage of a war.

The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping. It also emerged this week that the Chinese military hacked into the US Defence Secretary’s computer system in June; have regularly penetrated computers in at least 10 Whitehall departments, including military files, and infiltrated German government systems this year.

OK, let’s make clear what assertions are made here, in just the headline, picture and first four paragraphs:

  • China has a cyber “army”.
  • They look like Lei Feng and other 1960s propaganda figures (with computers, presumably).
  • This information is all from a Pentagon report that was “obtained” by The Times.
  • Sun Yiming and Yang Liping wrote a plan to “cripple” US aircraft carriers using cyberattacks.
  • Sun and Yang are “hackers”. Apparently, in the Land of Serious Journalism, the word “obtained” actually means “downloaded from a public website where it has been available since May”, because the article in question appears to be China’s Nuclear Forces: Operations, Training, Doctrine, Command, Control and Campaign Planning by Larry Wortzel (mentioned by the Times as the author with matching quoted text), available at the Strategic Studies Institute of the U.S. Army War College, where Wortzel works. It mentions Sun and Yang only twice: in the introduction, and the bibliographic footnote that comes with it:

To assist the PLA in its goal of attacking deployed aircraft carrier battle groups, two PLA Air Force (PLAAF) authors, Sun Yiming and Yang Liping, have built a virtual roadmap for attacking joint U.S. data control systems and military communications. They have carefully consulted dozens of corporate web sites and military tactical data link operator guides, as well as North Atlantic Treaty Organization (NATO) and U.S. military tactical and technical manuals, to produce a virtual guidebook for electronic warfare and jamming to disrupt critical U.S. cooperative target engagement and command, control, communications, computers, and intelligence, surveillance and reconnaissance (C4ISR) data links: Tactical Data Links in Information Warfare (Xinxihua Zhanzheng Zhong de Zhanshhu Shuju Lian)

The book in question? Published in 2005, 信息化战争中的战术数据链 is available for purchase online, complete with a listing of its contents and introduction. Those contents are primarily concerned with TADIL, or Tactical Digital Information Links, used by the U.S. Navy and NATO, and the introduction states the book is there to fill the need for a book on the fundamentals and core concepts of network-centric warfare. I’d be very surprised if this book had anymore information on TADIL than I can find on GlobalSecurity.org. Indeed, in the above Larry Wortzel suggests that’s more or less what it is.

More to the point: TADIL is not on the Internet, but primarily found in high range UHF frequencies. Sun and Yang are not “hackers”, but a director and research assistant at an Air Force Institute. They did not write anything about crippling or blowing up aircraft carriers, or crippling anything for that matter. They wrote a technical manual that could maybe perhaps possibly be used to cripple something. There’s nothing about a “cyberarmy” in any of this material. And most importantly, this all has absolutely nothing to do with the recent reports of hacking in Germany, the UK and Robert Gates’ Office. So the headline, image, and nut graf are total bullshit.*

But it’s not just The Times. Apparently the AFP fact checkers thought The Times had a scoop worth regurgitating. And there’s other sloppy nonsense everywhere, mainly because everyone is tripping over themselves to get the movie plot version out, that no one is being suitably skeptical. Just consider some of the slobbering over the prospect of a new Cold War, beginning with The Guardian, where Chris Dalby invokes the dreaded Titan Rain (and in his mug shot, appears to be scanning the skies for it):

Titan Rain is now the final nail in the coffin for hopes of seeing relations with China improve.

A weighty pronouncement that I expect Dalby will have forgotten by next week, freeing him of the responsibility of retracting it when it proves to be nonsense. He never explains what Titan Rain is, or rather more accurately, was, since it was a US codename for a supposed Chinese hacker attack in 2003. Like these, it was never definitively shown to be a military operation.

The action thriller category, however, is truly elevated to an art form over at The Independent:

It’s hard to believe in the 30-degree-plus heat of Guangzhou, but this city has been named one of the epicentres of the Cold Cyber War. Instead of missiles pointing atcapital cities, and huge standing armies facing each other across ideological divides and barbed-wire fences, the only weapons in this secret war are keyboards, some sharp minds and a lot of caffeine pills.

The experts tell of how cyber spies breach supposedly unbreachable firewalls as smoothly as a skilled jewel thief, before swooping on a hard drive, snatching the secret files, and sending them to a third country, usually somewhere in Asia such as South Korea or Hong Kong. Then they make good their escape, often leaving no trace of the raid.

The secret agents and operatives are bleary-eyed computer whizzkids, cranked on cigarettes and coffee as they snoop through computer networks at Western military bases, armaments companies and aerospace giants. They hang out in online chatrooms rather than barrack rooms or smoky bars in communist enclaves, but they are just as hard to track as their Cold War counterparts.

That comes from one of our very own, journalist-who-blogs Clifford Coonan. I didn’t even include the part where he writes “Pure John Le Carré territory” as a stand alone sentence. Read it, it’s edge of your seat excitement. That is, until you reach some of the caveats in the latter part of the article, which I must give Clifford and his editor credit for including, since some of their peers never even bothered. Things like:

The webheads speculate about just how the hackers were tracked, given that the routes they took are supposedly untraceable. And they say that spammers and organised gangs using automated penetration tools are a much greater threat than the Chinese army.

Other security experts believe that China is as much a victim as it is a perpetrator in this conflict and that the Chinese are being scapegoated for what is a much wider problem.

Man, life is all like the Bourne Ultimatum and then those annoying “webheads” come and make it all grey and dull again, with their “skeptical inquiries”!

I for one have alot of questions I’d be asking if I were a correspondent in Beijing or D.C.:

  1. The Financial Times article about the Pentagon hack quoted an unnamed official. Exactly why would a U.S. official want to publicize American failures at cybersecurity? Isn’t it general practice to downplay when the bad guys win one? I smell impending budget requests. Oh, wait: “The US Air Force will soon create a cyber war-fighting command aimed at improving defensive and offensive capabilities to counter such asymmetric threats.” Hmmmm…

  2. Another official said there was a “very high level of confidence…trending towards total certainty” that it was from China. What does that mean? What method of attack was used?
  3. Angela Merkel’s office, and possibly Gates as well, was compromised by a Trojan Horse attack. Doesn’t that mean that someone in the highest levels of the German government is dumb enough to open email attachments from strangers? After all, a Trojan Horse needs to be let in first.

  4. Even in the Estonian “Cyberwar”, one attacking computer was “in Putin’s presidential administration office, the equivalent of the West Wing. But those computers were most likely hijacked in the same way US machines had been taken over — when their users opened an infected attachment or visited a site that automatically installed malware.” Botnets and malware are rife in China - in 2005, the New Yorker cited China contains 15% of the worlds zombies, another study in 2007 said 26%, another says 49% of malware sites are hosted in China. Anyone who lives here can tell you placing your USB in a Chinese computer is the digital equivalent having unprotected sex with a syphilitic prostitute. How about the accusing governments ponying up some technical details why this wasn’t malware on a government computer? Wouldn’t a pro be harder to track?

  5. Like Russia in the Estonian kerfuffle, China has alot of young nerds with strong nationalist tendencies. They don’t necessarily have to train anybody (the world’s best hackers have usually been autodidacts). Isn’t this more of COIN/4GW/Non-state actor sort of thing? Aren’t we in a world now of roving bands of Angry Young Dorks and you just need to get them pointed in the right direction on a bulletin board, no Military Organization required? Claims that some attacks are just “too sophisticated” to be done without state support seem… familiar and unconvincing.

  6. The French seem to be parsing their words carefully in revealing they’ve had attacks originating in China: ““We have proof that there is involvement with China. But I am prudent. When I say China, this does not mean the Chinese government. We don’t have any indication now that it was done by the Chinese People’s Liberation Army.” Now why would they be so clear about making that distinction?

  7. One last question: Why is it the UK newspapers who seem to be falling over themselves on this one? Or did I miss some awful fiasco in USA Today?

*Further down, the Times mentions “a [hacking] competition held [by the PLA] two years ago in Sichuan. The winner now uses a cyber nom de guerre, Wicked Rose. He went on to set up a hacking business that penetrated computers at a defence contractor for US aerospace.

I baidu’ed around for hackers named something like Wicked Rose, and couldn’t find one. But I did find, oddly enough, Withered Rose (凋凌玫瑰), who lives in Chengdu, has a hacking business, and is the right age (23). Did the Times source have a lisp???

Now playing: Golden Earring - Twilight Zone
via FoxyTunes

blog comments powered by Disqus