Chinese Hackers

Time Magazine article on Chinese hackers:

But reports in Chinese newspapers suggest that the establishment of a cybermilitia is well under way. In recent years, for example, the military has engaged in nationwide recruiting campaigns to try to discover the nation's most talented hackers. The campaigns are conducted through competitions that feature large cash prizes, with the PLA advertising the challenges in local newspapers.

Tan is a successful graduate of this system. He earned $4,000 in prize money from hacker competitions, enough to make him worthy of a glowing profile in Sichuan University's campus newspaper. Tan told the paper that he was at his happiest "when he succeeds in gaining control of a server" and described a highly organized selection and training process that aspiring cybermilitiamen (no cyberwomen, apparently) undertake. The story details the links between the hackers and the military. "On July 25, 2005," it said, "Sichuan Military Command Communication Department located [Tan] through personal information published online and instructed him to participate in the network attack/defense training organized by the provincial military command, in preparation for the coming Chengdu Military Command Network Attack/Defense Competition in September." (The State Council Information Office didn't respond to questions about Tan, and China's Foreign Ministry denies knowing about him.)

With the help of experts from Sichuan University, the story continued, Tan's team won the competition and then had a month of intense training organized by the provincial military command, simulating attacks, designing hacking tools and drafting network-infiltration strategies. Tan was then chosen to represent the Sichuan Military Command in competition with other provinces. His team won again, after which, the iDefense reports say, he founded the NCPH and acquired an unidentified benefactor ("most likely the PLA") to subsidize the group's activities to the tune of $271 a month.

Posted on December 14, 2007 at 11:08 AM • 28 Comments

Comments

AlanDecember 14, 2007 12:07 PM

Thats certainly the way to build an offensive force, even if they don't seem to be 100% on deniability. They don't say what these "hacking competitions" involved though.

MarkDecember 14, 2007 12:23 PM

It is more than a little ironic, is it not, that in providing not some imaginary hobgoblin but a real and credible third party threat - a threat that we have no option but to counter and thus which forces us to distribute widely the necessary defensive training and tools - it is the government of totalitarian China that offers the best hope for the defence of liberty from our own governments.

JohnDecember 14, 2007 1:32 PM

Good for China!

Too bad the word got out.

Though, I'd be shocked if, when the real story comes out, we don't learn that the Chinese had to develop this capability to defend themselves against the US NSA and other "black" organizations within the US Military...

Clive RobinsonDecember 14, 2007 1:32 PM

@ Mark,

I would like to say that it was "ever thus" based on the "Barbarians at the gates" idea. However in recent times things have changed and it is the "barbarians within" that need the most watching.

AnonymousDecember 14, 2007 1:46 PM

From p.1 of the article:

"O.K., so what does the NCPH, which Tan founded in 2004 when he was a student at Sichuan University of Science and Engineering, actually do? The answer starts out vague, but eventually pride gets the better of the young men. They acknowledge that the group first got its reputation by hacking 40% of the hacker associations' websites in China. That was during their "young and hotheaded college days," as Fisherman puts it. The NCPH is also famous for the remote-network-control programs they wrote and offered for download."

From p.2 of the article:

"'On July 25, 2005,' it said, 'Sichuan Military Command Communication Department located [Tan] through personal information published online and instructed him to participate in the network attack/defense training organized by the provincial military command, in preparation for the coming Chengdu Military Command Network Attack/Defense Competition in September.'"

If we believe this, does this indicate that Tan may be partially motivated by a compromise factor?

http://en.wikipedia.org/wiki/MICE_%28espionage%29

nzrussDecember 14, 2007 1:55 PM

On the flip-side - In the USA we have stories of kids with these skills charged with crimes - just for 'looking'. Using someone else's wi-fi can land you in hot water, and this type of skill-set and behavior is seen as a threat and discouraged...

Harry the linguistically correctDecember 14, 2007 2:14 PM

Linguistic beef: TIME says "aspiring cybermilitiamen (no cyberwomen, apparently)"

This is almost certainly a mistranslation and Time's snideness is unwarranted.

In this context a Chinese would say "cybermilitiapersons" or use the word for militia which, like ours, does not indicate gender.

The Chinese usually use the gender-neutral equivalent of "person" ("ren" in Pinyin) rather than the gender-specific words ("nan" man OR "nu" woman). Whereas in English "man" could mean either "person" or "male person."

David HarmonDecember 14, 2007 2:17 PM

NZRuss: In fact, a lot of the first few hackers who got prosecuted were "drafted" into working for the FBI et al. I suspect that's exactly why the FBI is still so screwed up about cybersecurity....

(Wizards make lousy slaves. and to all intents and purposes, this stuff is "magic" on several counts.)

fotofloDecember 15, 2007 6:23 AM

Oddly, America, with the strongest military in the world, doesn't seem to have an elite team of hackers maybe it should learn something for the Chinese.

The Islamic terrorist movement has a steady stream of recruits coming from websites around the the world. If our war on terror were truly managed right, the US would aim its sites at these highly effective propaganda war machines.

I am not advocating censorship (or the war) here, I am just saying that if the US were fighting it right, (which maybe i would have supported years ago, before it became World War III), they would simply take out these sites. Simple DOS attacks would probably be enough to take down a large portion of the terrorist information machine.

FredDecember 15, 2007 7:16 AM

@John ~ Good for China? I'd be pleased to find out that you're not living in the US. The atrocities from the Chinese outnumber and outdo anything the US has done. How dare you? I hope you wake up some day.

Bruce SchneierDecember 15, 2007 7:53 AM

"America, with the strongest military in the world, doesn't seem to have an elite team of hackers maybe it should learn something for the Chinese."

I don't believe that. We're certainly not as public with our military hackers as China is, but I can't imagine that the U.S. military isn't building up a sizable cyberwar capability -- both offensive and defensive.

Anon123December 15, 2007 12:00 PM

Couple x-ref's come to mind. In the Bruce-suggested Malcolm Gladwell's "Blink" there's the story of a military scenario which was re-done to make it appear the guys with all the big toys "won". But take it a step further, Zinn's book "A People's History of the United States". Here it shown time and again that the US is going to keep the upper hand, at whatever costs.

Gotta agree with Bruce, why would the dweebs let anyone else win this one? (flashing back to Mad Magazine's Spy -vs- Spy cartoons ...)

Ok, thin-slice it without the fear, do you really think those big-buck boys are gonna give up all their Ka-Ching?

ScepticDecember 15, 2007 2:07 PM

@Bruce

"I don't believe that. We're certainly not as public with our military hackers as China is, but I can't imagine that the U.S. military isn't building up a sizable cyberwar capability -- both offensive and defensive."

I have my doubts. Due to China's blend of totalitarian control over it's society mixed with free market finance, it is able to use capitalist techniques like cash prize competitions, combined with powerful nationalism, to develop best of breed hacker schools. I suspect it's difficult to get the kind of experience the best Chinese hacker have without risk of prosecution by American or European law enforcement agencies. China can deny allegations of cyberspace attacks because the Chinese government keeps a very tight grip on the country's political organs. American hackers attempting the same against China would quickly be outed by parties with different agendas in their own country. Undoubtedly there are good cyberspace warriors in the American army but are they the best?

MarkDecember 15, 2007 6:21 PM

@ Sceptic
"Due to China's blend of totalitarian control over it's society mixed with free market finance, it is able to use capitalist techniques like cash prize competitions, combined with powerful nationalism, to develop best of breed hacker schools."

Not to mention the vast difference in population size, a preference for male babies that has lead to some 30m or so extra young males, a higher mean IQ, and more limited alternative options, all of which, were they to be tapped effectively, would mean far more elite hackers than the US can muster.


"I suspect it's difficult to get the kind of experience the best Chinese hacker have without risk of prosecution by American or European law enforcement agencies."
Indeed, to which I refer the honourable gentleman to the comment I made some hours ago.

Kadin2048December 17, 2007 12:18 AM

I'd really *like* to believe that the U.S. government has a secret stable of top hackers, in some nondescript office building somewhere, but I really don't think so.

If you had to pick a single word to sum up the government, it's "mediocre." The only areas where the government or government agencies are the best are where they're the *only* ones doing the job. In those cases they're the best by default -- and that means they don't have to compete with the private sector for brainpower.

But look at any government agency which has a twin in the private sector and the government operation will almost inevitably be a paragon of ineptitude and waste, staffed by second-raters and time-servers.

So while there may be agencies claiming to be involved in "cyberwar," I see no reason to assume that any of them are the mysterious ultra-secret/badass bunch of hackers that some people seem to believe in. If such a division existed, it would probably be over budget, behind schedule, and 10 years out of date: just like the rest of the government.

fotofloDecember 17, 2007 2:23 AM

Being a US citizen, I would like to believe that the US has a powerful defensive "cybermilitary," but my original question still stands, why haven't they taken out all the terrorist websites?

Also, being a resident of China (working at a Singaporean IT Security Company in Beijing) I would like to respond to Fred: Living outside the US is both a blessing and a curse. People here are and feel much safer then in America. There is no war propaganda, no constant fear of search, if not seizure, and the police presence is much lower here.... as long as you don't raise your voice.

matt palmerDecember 17, 2007 4:16 AM

@fotoflo

I assume they haven't taken out the terrorist web sites, as they are extremely useful.

Visiting those sites can be used in evidence against someone (it certainly has in the UK, not sure about the US). They can also be used to spread disinformation.

And a visible enemy is also easier to win public support for the "war" against it. Or am I being too cynical...?

gregDecember 17, 2007 7:15 AM

All this kid expert hackers crap stinks of a movie plot to me. Die Hard 4 to be specific.

This is not the movies.

AnonymousDecember 17, 2007 7:45 AM

@Fred: "Atrocities" is great sensationalism, bravo for taking the high road in your reply. All I know is that the US was never brought to task for the Indian / Philippine campaigns, not to mention the the support America used to provide to several rather nasty regimes. We're not done with the "War Against Terror" and we don't have transparency as to how we're treating "terrorists", so I wouldn't get too high on that horse just yet...

notpegrDecember 17, 2007 10:24 AM

But China will not keep any gains to the point required to harm anyone. China largely has no philosophy apart from that of personal gain. The government is corrupt, as are all governments. But without a uniting philosophy, all individuals will work toward their best interests, with no trust for authority, government, employer, etc.

The world's only fear of China is that they collectively find a cause to unite them.

Before you discount what I have said, take ten minutes and Google "China" on Google news...

HALDecember 17, 2007 12:18 PM

Maybe they'll relaunch Napster and create another national security scare. First they kill our music business and then start giving away free DVD downloads and Hollywood goes up in smoke. Oh boy.

godzilla808December 20, 2007 1:13 PM

@fotoflo:

Taking out a "terrorist" site that is hosted in another country would likely be seen as an act of war. So, if that country isn't currently part of one of the US's ongoing wars, would it really be worth starting *another* war to take down a site that would just be up and running again within hours anyway? That's called "whack-a-mole". A more valuable approach: infiltrate and observe.

GEGEHUADecember 20, 2007 1:57 PM

Chinese Military Hackers Attack Foreign Government Computers?
By Xu Wu

Xu Wu is assistant professor of strategic media and public relations at Arizona State University and author of Chinese Cyber Nationalism: Evolution, Characteristics, and Implications.

First Germany, then United States, then France, then Australia. One after another, countries join the chorus accusing that China’s People’s Liberation Army (PLA) was behind the recent malicious attempts to hack into foreign governments’ computer systems. Although by no means bullet-proof, most of the reports, or at least their normally anonymous sources, hinted two “facts��?: first, these hacking activities were carried out by Chinese military or its affiliated agencies; second, the Chinese government, or more specifically, some top-level officials, knew about and support these operations. Although not a computer expert, I found both the premises, and the logic, not to mention the conclusion, are problematic.

Suppose, (1) that these hacking activities did occur as accused—let’s ignore the suspicious two- to three-month time lag between the crime and the disclosure; (2) that this kind of online activities is universally rejected, forbidden, loathed, and demeaned, and no civilized country on the earth will engage in this type of low-class, immoral information-gathering intrusions; (3) that these attempts did originate physically from China—(let us just pretend the above conditions are all met, for the sake of discussions)—I still could not figure out how they pinpointed China’s military as the guilty party and blamed the Chinese government for the wrongdoing.

Here are my reasons, from the technologically amateurish to the politically incorrect.

First, every morning while sitting before my office computer and checking my online inbox, I have to delete those admirably persistent spam e-mails, normally with a weird name and address. The online administrator at my institution has promised and updated many times the filtering software, but, on average, I still receive more trash e-mails than the useful ones. If the spam spreaders can somehow find a way to evade the cat-and-mouse cyber chase and hide their identities, I don’t know why the “quasi-formidable��? Chinese military cyber geeks can not hide. If they are technologically savvy enough to break into some of the most sophisticated computer systems in the world, shouldn’t they know how to use proxy software and other hacking tools to erase the trace?

Second, even if the perpetrators are indeed Chinese citizens living inside China (Guangzhou and Lanzhou, to be more specific), how can the accusers identify with certainty that those perpetrators were PLA agents, operating with the support of the government? Why couldn’t they be a small group of technologically savvy “cyber nationalists��? who initiated these rampant and bald moves? Let us not forget, there are over 140 million online users in China, half of them using broadband fast-speed Internet surfing online. If you still think this scenario is unlikely, take a look at several “historical��? events occurred not so long ago. In May 1999, when the news broke that Chinese Embassy in Belgrade was bombed by a U.S. B-2 stealth bomber, a group of self-organized Chinese hackers defaced the website of the U.S. Embassy in China within 12 hours, and knocked out of service the White House’s official website, the first time in its history. Two years later, when diplomats from China and United States were busy tangling on the most appropriate way to say “sorry��? over the spy-plane collision incident, an estimated number of 80,000 Chinese hackers participated in the so-called “Red May Self-Defense Cyber Warfare,��? fighting with an unknown number of American hackers. Several thousands of business, educational, governmental, even military websites on both sides fell prey to this unprecedented massive cyber-nationalistic anger. In a summary report, New York Times reporter even named this online conflict the “World Wide Web War I.��?

It has become a thinking pattern among many Western observers that anything happened in China was the result of Chinese government’s or PLA’s calculated maneuver. Even this assumption seems reasonable twenty years ago, it is fairly outdated nowadays, given the breathtaking development and diversification in China’s economic, societal, cultural, and even political decision-making sectors. A couple of months ago, two Chinese young scholars in different occasions voiced their personal opinions on China’s huge foreign reserve. Because their position was different from the official line, a rain of protests, accusations, warnings, demands were filed in front of Chinese government’s doorsteps. If an American economist can have his or her different view on financial policy, why can’t a Chinese scholar? If opposing China’s political policy belongs to the “freedom of speech,��? why opposing China’s monetary policy becomes a “foolhardy��? troublemaker?

An interesting analogy can also be made between these online hacking incidents and the ongoing safety issues involving the “made-in-China��? products. Yes, those defective products were made in China, but they were not made by the “Chinese government.��? Although the government shares the burden of enforcing high-quality regulations, it is those tens of thousands of manufacturers or even those American importers who should be blamed for the lack of quality control and inspection. Also, although the label says “made-in-China,��? it is, to a large extent, only assembled in China. In other words, just like those evasive online hackers, unless you catch them blood in hands, who knows where they are from, who they are, and what they are doing for?


SerbenFebruary 14, 2008 12:22 PM

Currently there are plenty notifications of Chinese cyber attacks in the Web. But all the messages are dispersed and not coherent with the fact that there are the same IP addresses from which cyber-tentacles are protruding up to ports 1026-1027 of thousands computers worldwide nowadays.
Some incomprehensible menace is radiated from the city of Qiqihar (Heilongjiang Province). It has been detected by the IP Information service of www.dnsstuff.com through verifying addresses 221.208.208.92, 221.208.208.94, 221.208.208.100 etc.
The menace is incomprehensible because of the addresses belonging to the CNCGC (large-scale Chinese telecommunication corporation especially established to serve the forthcoming Olympic Games in China) and because of its silence in response to the requests to stop the hack attacks. So, the last ones are continued.
What’s going on? We have to take into account that Chinese hackers cracked a Pentagon computer system; France and England also had China-caused cybernetic losses and declared the official protests. But China responded apart with own pronounced intention to conquer the world-wide cyberspace by 2050 year.
So far a pool of Chinese powerful computers bluntly executes the penetration probe on thousands and thousands computers which are ordinary, not loaded with any top secret information, beating these swoops with their firewalls for the time present off …
It may be surmised that the Chinese persistently develop and test their hardware and/or software innovations in order to suppress the Web communications on the day “X��?.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..