IAC 2024 - IA Fast Track to Search Focused AI Solutions
China and Russia's Strategies in the Cyber Arena
1. UNDERSTANDING
CHINA AND
RUSSIA’S CYBER
STRATEGIES
MR. TIMOTHY L. THOMAS
FMSO, MAY 2010
2. Where are these Countries Most
Active in the Cyber Arena?
• China—through the actual use of
cyber reconnaissance and soft
power
• Russia—through the development of
policy issues and equipment
3.
4.
5. Points of Emphasis for China
• The Google Affair—Stealing code
versus influencing values and
damaging the Party’s image
• Chinese hackers—who are they?
• System sabotage warfare
• Offensive actions
• Strategic deception
6. Context Works against China…
• Northrop Grumman Report of a US company that
had information expertly exfiltrated from its files
• US military testimony before Congress, attacks on
Lockheed Martin
• Two Canadian reports: Ghost Net and Shadow
Network
• Accusations from a host of countries (Germany,
Israel, Japan, South Korea, India, UK, France,
Australia, etc.)
• Google hacks along with hacks of 26 largest
companies in California (Intel, Yahoo, Symantec,
Juniper Networks, Northrop Grumman, Dow
Chemical, Adobe, etc.)
7. The Google Affair:
Follow the “Gu Ge” to
Freedom
• Code stolen from Google and from
“the 26 top companies in California.”
Allen Paller of the SANS Institute
stated that the chances of these
companies NOT being 100%
compromised is zero.
• Legal-public affairs-psyop
• Two pronged strategy—electronic
reconnaissance and soft power
8. The Google Affair (Aurora):
Jiaotong/Lanxiang Origination
Points
• Jiaotong University has alliances with Duke
and the University of Michigan, and with
Microsoft and Cisco Systems.
• “Reliable clues” suggest Jiaotong was involved
in the attacks on Google and other companies
in California. Jiaotong spokesman stated
school officials were shocked and indignant at
the allegations.
• Received funding from Project 863, has a
School of Information Security Engineering,
and has PLA ties according to the school’s
website.
9. China’s Information Technology
Security Plan 863 (www.863.org.cn)
• Security for electric commerce systems
• Network media information security
technology
• Network security management and
measurement technology
• Information protection technology
• Information topic 306—intelligent
computers
10. The Google Affair (Aurora):
Jiaotong/Lanxiang Origination
Points (cont.)
• Lanxiang—boasts it has the world’s largest
computer laboratory; school records (on web
site) indicate they send many graduates to the
army who become the army’s backbone; Mr.
Shao, the school’s dean, says the computer
science department’s graduates are recruited
by the local military garrison but that these
students are incapable of hacking into Google
• Lanxiang spokeswoman Zhou said such
speculation is ridiculous as the school has no
ties with the military at all
11. Chinese Commentary on
Google
• Huang Xueping, Def Min Spokesman (25 Feb): such
claims are baseless, irresponsible, and hyped with
ulterior motives--PA
• Li Daguang, NDU (9 March): Some Western powers
may have adopted a strategy to sabotage China’s IT
development; high profile criticism is a preemptive
strike on China--PSYOP
• Li Yizhong, Minister of Industry and Information
Tech (12 March): Google must obey China’s laws.
China opposes hacking--LEGAL
12. Chinese Commentary on
Google
• Chinese government has said that Google’s claims
are groundless (instead of “we’ll investigate”);
Where were the “counterpropaganda” accusations
before the Google incident?
13. Chinese 22 March Counter
Propaganda Commentary
on Google
• Google provides US intelligence with a record of its
search engine results; Google was the 4th largest
contributor to Pres Barack Obama’s campaign
• Google is not in the game for commercial reasons
but is trying to change Chinese society by imposing
American values
• Some Pentagon security experts are from Google
(Sumit Agarwal is now a Deputy Assistant Sec of
Defense for Public Affairs Outreach and Social
Issues)
14. Chinese Instructions (25 March) on
How to Report on Google--PA
• For Chief editors and managers: Only use Central Gov
main media (website) content; reposting must not
change title; do not produce relevant topic pages,
discussion sessions, and related investigative
reporting; forums and blogs are not permitted to hold
discussion or investigation on Google; clean up text
attacking the Party, State, Gov agencies, and Internet
policies or sites supporting Google; and monitor
Google information and incidents.
15. Chinese Instructions on How to
Report on Google (cont.)
• Monitoring and Control Group: immediately follow-up
and control actions in above directions; do not
participate in Google’s information releases; do not
report that Google is exerting pressure on China; and
do not provide materials for Google to attack relevant
policies.
16. Losttemp33
• An email used in Ghostnet (Tibet)
turned up in the Shadows probe
(India) as well. It is from
losttemp33@hotmail and was
associated with Xfocus and Isbase,
two popular Chinese hacking
forums. Losttemp33 possibly was a
student of master hackers Glacier
and Sunwear. The individual is
believed to have studied at
University of Electronic Science and
Technology at Chengdu.
17. Glacier-no photo available
• 1. Real Name: Huang Xin (黄鑫黄鑫)
黄鑫
• 2. 冰河)
冰河
Online Name: Glacier (冰河
• 3. Organization: www.xfocus.org,
http://blog.xfocus.net/index.php?blogId=15
• 4. Age: 29 (In 2007)
• 5. Known Hacks: Developed the Glacier
Trojan, China’s most popular. Created X-scan
• 6. Summary: Graduated from Xi’an Electronic
Sci-Tech University. Married to Chinese female
hacker Wollf. In 2006, he was 28 years old and a
resident of Guangxi. Godfather of the Chinese
Trojan.
• 7. DarkVisitorLinks:
18.
19. Military Theory Includes
Concepts such as System
Sabotage and Offensive
Reconnaissance that Fits
with Traditional Chinese
Theory
• Win victory before the first battle
• Strategic deception
20. System Sabotage
• The key point to “system sabotage” is in
“gaining control, precision strikes for
maximum damage, and paralyzing the
enemy to subjugate his will.”
• To make system sabotage effective, we
need to establish a basic mode of thinking
where we “destroy before conducting war,
using destruction to aid in the fight.”
• Destruction can come about through
reconnaissance of computer networks,
through cognitive attacks that destroy will
power, etc.
21. 1996 Book Deceptive Strategy
(Chai Yuchiu)
Contains 30 Chapters
• Roles, necessity, philosophical foundations,
psychological laws, general principles,
systems, operational art, creativity is the life,
mistakes in, and skills for mastery
• Deceptive strategy thought process,
deceptive strategy and religious superstition
22. Dai—Direct IW
Offense/Attack
• Computer network
reconnaissance is
the prerequisite for
seizing victory in
warfare. It helps to
choose opportune
moments, places,
and measures for
attack.
23. Methods
• Focus on collecting
technical
parameters and
specific properties
of all categories of
information weapon
systems and
electronic
information
products
24. Where are these Countries Most
Active in the Cyber Arena?
• China—through the actual use of
cyber reconnaissance and soft
power to control the capability to
“win victory before the first battle”
25. Russia’s Cyberstrategy
Timothy L. Thomas
Work: 913-684-5957, fax 913-684-5960;
tim.l.thomas@us.army.mil
Foreign Military Studies Office
Fort Leavenworth, Kansas
Graphics by Cathy Elliott
Center for Army Lessons Learned
26. Overview of Russian Cyber
Issues
• Development of policy
• Development of theory
(info-tech, info-psych)
27.
28. Other Documents
• United Nations suggestions
• 2000—Information Security Policy of Russia
• Feb 2008—Governmental Commission for the
Implementation of Information Technologies in the
Work of National Agencies and Agencies of Local
Self-Government.
• Electronic Russia and Electronic Government—to
be completed by the end of 2010—doubtful at this
point
29.
30. Russia and Network-Centric War
Col Yu. Gorbachev, 2006
• Network war is also called cyberwar (a component
of IO that includes CNA and CND). It may use EW
assets (directed energy equipment, weapons,
etc.), information weapons, and diverse electronic
and computer defense assets.
• NCW, on the other hand, is a new form and
method for the command and control of the armed
forces with the use of integrated information
space in near real-time mode.
31. Russia and Network-Centric War
Gorbachev (cont.)
• Russia should transform its EW
service into information and EW
troops, because the US has
information war agencies and forces
pursuing information wars that are
based on EW forces
32. Russia and Network-Centric War
Gorbachev (cont.)
• Russia must immediately work on creating
information weapons and directed energy
weapons “capable of disrupting the
operation of automated databases and
computer networks and disabling the main
enemy command and control and
reconnaissance components.”
33.
34. Strategic Deterrence in the Theater
of Information Warfare
Sergei Modestov
• Information warfare’s threats create another
possibility for strategic deterrence (besides
nuclear and conventional), which is “strategic
deterrence in the theater of information warfare
by means of the threat of large-scale targeted
impact on the information resource objects of
a likely adversary.”
35.
36. Russia versus
China
• Russia—provide a story that
encourages the turtle to take
off his shell
• China—the mouse and the
bell
37.
38. A Russian Information
Weapon Definition
According to Rastorguyev
An information weapon A means directed at
activating (or blocking) information system
processes in which the subject using the
weapons has an interest. An information weapon
can be any technical, biological, or social means
or system that is used for the purposeful
production, processing, transmitting, presenting
or blocking of data and or processes that work
with the data.
39. Rastorguyev on IW and IO in
2002
Rastorguyev defined IW as “a battle
between states involving the use of
exclusively information weapons in the
sphere of information models.” The
final objective of an information
weapon’s effect is the knowledge of a
specific information system and the
purposeful use of that knowledge to
distort the model of the victim’s world.
Rastorguyev defined an information
operation as “a sequence of actions to
use an information weapon to achieve
an assigned task”
40.
41. Where are these Countries Most
Active in the Cyber Arena?
• Russia—through the development of
policy issues and equipment to
support command and control
issues
42. Timothy Lee Thomas
Foreign Military Studies Office (FMSO)
Phone: 913-684-5957
Fax: 913-684-5960
Tim.l.thomas@us.army.mil
http://fmso.leavenworth.army.mil