The killers' mace of the dark visitors

JBH22

New Member
Joined
Jul 29, 2010
Messages
6,554
Likes
18,090
In February 1999, the PLA Literature and Arts Publishing House in Beijing released a fascinating book written by Qiao Liang and Wang Xiangsui, two Senior Colonels of the People's Liberation Army. The title of the book was Unrestricted Warfare [available on Lancers Publishers website]1.

The two Chinese officers prophesized the 'destruction of rules' in future warfare. They wrote: "The direct result of the destruction of rules is that the domains delineated by visible or invisible boundaries which are acknowledged by the international community lose effectiveness. This is because all principals without national power who employ non-military warfare actions to declare war against the international community all use means that go beyond nations, regions and measures."

Interestingly they gave some examples: "Whether it is the intrusions of hackers, a major explosion at the World Trade Center, or a bombing attack by bin Laden, all of these greatly exceed the frequency bandwidths understood by the American military, "¦they [the US] have never taken into consideration and have even refused to consider means that are contrary to tradition and to select measures of operation other than military means."

Everyone knows what happened two years later in New York on 9/11. It is only after the attack on the Twin Towers that the US, (and India as well) began considering other modes of warfare.

The two Colonels explained their theory on future warfare and described the new actors on tomorrow's battlefield: "Visible national boundaries, invisible Internet space, international law, national law, behavioral norms, and ethical principles, have absolutely no restraining effects on them. "¦When carrying out war with these people, there is no declaration of war, no fixed battlefield, no face to-face fighting and killing, and in the majority of situations, there will be no gunpowder smoke, gun fire, and spilling of blood. However, the destruction and injuries encountered by the international community are in no way less than those of a military war."

The research of Qiao and Wang was the result of their study of the US decisive victory over Saddam Hussein during the first Gulf War of 1990-1991. The main question that Unrestricted Warfare tries to answer is how a technologically less advanced nation can overcome its inferiority and defeat the enemy (or at least inflict '10,000 cuts').

The Colonels noted: "During a short period of over ten years, they [the new warriors] were transformed from being persons of nameless origins to world public nuisances, with the chief among them being computer hackers. The popularization of personal computers, and especially the formation of the Internet, has resulted in the malicious acts of hackers increasingly endangering the existing social order. The hackers we speak of here refer to those network killers who steal information, delete and change files, release viruses, transfer capital, and destroy programs on the network. In order to differentiate them from the non-malicious hackers, we should perhaps call the former 'network bandits' or 'network tyrants' which would be much more accurate. Their powers of destroying the present world are shocking."

During the following years, the writings of the two Colonels motivated thousands in China. The PLA was itself probably inspired by this innocuous sentence: "the struggle for victory will take place on a battlefield [and] beyond the battlefield." It became an integral part of China's war plans.

The ancient Art of War propounded by Sun Tzu in the 6th century BC was re-actualized by the Colonels: "there is no means which cannot be used in the war; and there is no territory and method which cannot be used in combination. The applicability of the actions of war to the trend of globalization is manifested in the word 'beyond'. This word is sufficient to mean using one to apply to ten thousand, but what we mean by ten thousand methods combined as one is precisely covered by the word 'beyond'.

For the authors of Unrestricted Warfare, a 'combined method' is first and foremost a way of thinking and only later a method.

Very few nations have been able to grasp this way of thinking. Though in recent months some Indian security experts have been taken it more seriously, it is usually not 'the Indian way' of doing things.

The writings of Qiao and Wang came back to mind when I read that the website of the French embassy in Beijing was blocked for several days due to a massive cyber attack. It happened a few days after President Nicolas Sarkozy's meeting with the Dalai Lama in Gdansk, Poland. A French diplomat had told AFP on December 11: "The server was attacked for several days, saturated by massive requests for a connection, mostly coming at night."

China played down the incident. Liu Jianchao, China's Foreign Ministry spokesman told the foreign correspondents: "We have not seen any questions or concerns raised by France. When reporting or covering this issue, the media should base their reports on solid proof and not target China". Though it is a relatively minor incident compared to some more serious intrusions such as in the Pentagon's server, it shows the Chinese mindset.

The Chinese Army was quick to implement the Colonels new warfare methods. In August 2001, the China Brief of the Jamestown Foundation2 reported: "It is increasingly evident that China's People's Liberation Army (PLA) is devoting considerable resources to the research and development of advanced high-technology weaponry. "¦this effort warrants vigilance by the United States because there is the potential that China could achieve technical breakthroughs that would enable them to exceed certain U.S. military capabilities."

In 1999, the Chinese President Jiang Zemin had requested the Central Military Commission "to give him Assassins' Maces to bring victory over Taiwan".

As explained by the China Brief. "The Assassins' Mace concept is from ancient Chinese statecraft, in which warring nobles sought secret weapons that would attack their enemies' vital weaknesses and bring about their rapid military collapse."

This was part of the Revolution in Military Affairs (RMA) in China. The RMA means that advances in information technology, combined with other military technical progresses, can provide new deadly weapons to weaker states, without resorting to nuclear devices.

It is in this context that the Dark Visitors appeared on the Chinese stage. Today they have become one of the most serious threats to the national security of the United States "¦and India.

While India takes it easy, the awareness of the issue has drastically increased during the past few years in the West. Take the US elections. According to reports emanating from the FBI and the US Secret Service, the computer networks of Barak Obama and John McCain were attacked during the presidential campaign. Newsweek quoted a FBI agent telling Obama's managers: "A serious amount of files have been loaded off your system."

Though both camps had reported that hackers 'from an undisclosed foreign location' targeted their network during the summer, nobody openly dared to say that China was responsible for the attacks. The objective of the hackers seems to have been to collect documents related to the candidates' future policies.

The recurrence of this type of wild hacking however worries many security experts. In December 2007, the US Commerce Secretary Carlos Gutierrez traveled to Beijing for discussion with Chinese officials. In May 2008, the National Journal Magazine in an article China's Cyber-Militia3 alleged that Gutierrez was also targeted: "spyware programs designed to clandestinely remove information from personal computers and other electronic equipment were discovered on devices used by [the US Secretary]."

According to the US magazine, these spyware programs are "designed to open communication channels to an outside system, and to download the contents of the infected devices at regular intervals."

When the National Journal interviewed Rich Mills, the US Commerce Department spokesman, Rich did not confirm or deny the reports



In its 2008 Report to the US Congress, the U.S.-China Economic and Security Review Commission4 mentions China's cyber operations program. It is quite frightening. To quote the report: "US computer security authorities detected a series of cyber intrusions in 2002 into unclassified US military, government, and government contractor Web sites and computer systems. This large-scale operation, code named Titan Rain by the US government, was attributed to China. Targeted locations included the US Army Information Systems Engineering Command, the Naval Ocean Systems Center, the Missile Defense Agency, and Sandia National Laboratories.

Major General William Lord from the US Air Force Office of War-fighting Integration, speaking at an information technology conference, said that China downloaded 10 to 20 terabytes of data. For comparison, the entire print collection of the Library of Congress contains approximately 10 terabytes of data. In addition to seeking to acquire important information about military and government activities, the operation conducted reconnaissance of the US command and control system, gaining information that could be used for future targeting. The US Strategic Command reported that in 2007, the Department of Defense estimated that five million computers experienced 43,880 incidents of malicious activity from all sources — a 31 percent increase over the previous year."

The attacks are not confined to the United States. In May 2008, it was reported that Chinese hackers had broken into the computer network of the Indian Ministry of External Affairs (MEA).

As The Financial Express put it: "The bad guys are at it again and with increasing ferocity, attacking anything and everything." This time, it was against India.

The motives of Chinese hackers usually include commercial and military intelligence gathering and the setting up of sleeper spies in the computer networks ready for future strikes. An official of the informatics division at the MEA confidently told the Financial Express: "The hackers attempted to hack in, but were not successful."

The government refused to specify who the hackers were, but the IP addresses left behind suggested that the attack originated from China. As the attacks coincided with the unrest in Tibet, many observers believe that the hackers were trying to find out the Tibet policy of the MEA before the Olympic Games. Apparently, the Chinese hackers cracked the security code of a computer network in Beijing and possibly accessed official (encrypted or not) emails in which policy matters may have been discussed.

As usual, Delhi tried to downplay the incident.

A French cryptologist with a military background working for the French Laboratory of Virology and Operational Cryptology recently told Le Monde that according to him Internet security is increasingly uncontrollable. He compares Internet freedom to the democratic system which is best amongst bad systems. When asked if the informatics weapon can become a weapon of deterrence, he replied that contrary to the nuclear weapon, these weapons can be acquired by everyone: "All the ingredients of a catastrophic scenario (economic war between concurrent companies or inter-State wars) are today present. Experts do not ask if this catastrophe is going to happen, but only when."
 

JBH22

New Member
Joined
Jul 29, 2010
Messages
6,554
Likes
18,090
The Dark Visitors

In this new war scenario, the Chinese hackers, also called the Dark Visitors, have taken the lead, probably due to the high degree of nationalism present in China today.

A new book, The Dark Visitors5 by Scott J. Henderson answers many questions on the origin and motivation of the hackers in China. The author first gives a history of the hacking business in China with a few individuals in the late 1990s; he details the emergence of 'celebrated' (in China at least) groups such as the Honker Union of China and Red Hacker Alliance. He then analyses in detail their methodology, hierarchy, 'who they are', their exploits and the content of their sites (which teach hacking to the public).

Wan Tao, the leader of China Eagle Union hacker group, also known as the 'Godfather' of Chinese hackers, explains the distinction between regular hackers and the famed Red Hackers: "Years ago, it was OK to be a hacker, when it simply referred to someone who would break into systems. But over the past decade, the attributes of hackers have become somewhat darker. Chinese hackers coined the word 'Red Hacker', which means someone is a patriotic hacker. Unlike our Western counterparts, Chinese hackers tend to get more involved with politics because most of them are young, passionate and patriotic."

The most fascinating (and frightening) aspects of the Chinese hackers is that they are individuals with only loose links to the government. Henderson explains: "One of the unique aspects of the Chinese hacker organization is their nationalism, which is in stark contrast to the loner/anarchist culture many associate with the stereotypical Western hacker. They are especially active during periods of political conflict with other nations." This sense of patriotism and their own 'code' make them act for China's national honor and never hack inside China.

Two distinct groups are today working in China: one is a civilian 'independent' organization (such as the Red Hacker Alliance) and the other, the official one, the PLA.

When the question is put to Henderson about "tasking, oversight, and control of the organization", his answer is simple, "[the hackers] are not a branch of the government or the military". They are just an "independent confederation of patriotic youth dedicated to defending China against what it perceives as threats to national pride".

In his in-depth study, he has not found any evidence of direct government control. However, the Chinese society does not function with the same parameters as the West [or India]. The Chinese government considers its citizens as "an integral part of Comprehensive National Power and a vital component to national security".
Not A Method, A Way Of Thinking

At a time when India is thundering against its neighbour and threatening Islamabad with dire consequences if action is not taken against the 'non-state' actors who perpetrated the Mumbai terrorist attacks, can we imagine ten of thousands of Indian IT engineers providing regular inputs to the Indian intelligence agencies and undertaking some of its dirty work to tackle terrorism in Pakistan?

Would they attack Pakistani or Chinese networks to get to know the thinking of the leaders of these countries or their plans for forthcoming negotiations or simply to make them understand that support to terrorism has a price? Certainly not!

As the Chinese Senior Colonels pointed out, it is more a way of thinking (and acting) than a technology or a method. This mindset is simply not present in India where intelligence is a government preserve which can not be delegated to non-state players.

The National Technical Research Organisation (NTRO), the nodal agency for technical intelligence set up in 2003 on the recommendation of the Kargil Review Committee is the only organization (with or sometimes against the RA&W) to look after these things.

Though the objective of the NTRO (with agencies such as the National Institute of Cryptology Research, National Information Infrastructure Protection Centre under its umbrella) was to focus on technical intelligence, surveillance and to look after the security of networks maintained by BARC, DRDO and ISRO, the organization has its own 'bureaucratic' problems.

A year ago, an official privy to NTRO operations told DNA: "It's easy for hackers to break into certain systems in India because the government has not felt the need to secure every system."

India Today also reported on the difficulties facing the new agencies: "As a member of the Kargil Review Committee's technical task force on intelligence, M.K. Narayanan was one of the most enthusiastic proponents of the idea of a technical intelligence organisation. Today, he seems either unwilling to or unable to get the agency off the ground." He even refused to respond to a questionnaire sent by India Today.6

While in India, most believe that the 'Dark Visitors' type of scenario can only be inspired by a Bollywood script, it is not the case in the United States where businessmen and diplomats have repeatedly been 'visited'; as they arrive in China, they discover that their Chinese counterparts know everything about their plans.

Also read: Transformation of the Chinese Military

According to an article China's Electronic Long-Range Reconnaissance written by Lt Col Timothy Thomas and published in December 2008 in Military Review7: "Since 2005, Chinese cyber attacks against US systems have increased at an alarming rate." He however adds: "The term 'attack' carries unwanted connotations; these unwarranted incursions are more likely reconnaissance missions to collect intelligence"¦ to spot vulnerabilities or plant trap-doors in our systems".

Interestingly during the last few years, the PLA's tactic has undergone a shift from 'active defense', (never attacking someone first, but being ready to respond if attacked) to 'active offense' which means to undertake "cyber reconnaissance, cyber-stratagem, and computer exploitation activities" before a conflict. Thomas expounds: "IO [Information Operation] tactics and techniques allow more emphasis on the principle of offense than on traditional warfare. A weaker force, for example, can inflict much damage on a superior force with a properly timed and precisely defined asymmetric information attack. China portrays itself regularly as the weaker side of the U.S.-Chinese relationship. It thinks that offensive operations"¦ are key to victory."

The PLA has no problem with using the Chinese war theory 'attack with a borrowed sword' which means using thousands of individual hackers who can be co-opted as the need be without the risk of the government being caught red-handed.

The U.S.-China Economic and Security Review Commission concluded its report of China's cyber operations, by stating: "In operationalizing this cyber strategy, authors of China's military doctrine have articulated five key elements".

* Defense. Many Chinese authors believe the United States already is carrying out offensive cyber espionage and exploitation against China. China therefore must protect its own assets first in order to preserve the capability to go on the offensive.
* Early use. PLA analysts believe that in many cases a vulnerable U.S. system could be unplugged in anticipation of a cyber attack. Therefore, for an attack to be truly effective, it must be launched early in a conflict before the adversary has time fully to protect itself.
* Information operations. Cyber operations can be used to manipulate an adversary's perception of the crisis, such as by planting misinformation. This could obviate the need for a conventional confrontation or advantageously shape an adversary's response.
* Attacking an enemy's weaknesses. China's strategists believe the United States is dependent on information technology and that this dependency constitutes an exploitable weakness.
* Preemption. Many PLA strategists believe there is a first mover advantage in both conventional and cyber operations against the United States. Therefore, in order to succeed, they should strike first."

Well, that is 'active offense'. In India, we are told that the NTRO is working on some projects for hack-proofing official sites, but it will probably remain Computer Network Defense (CND) defined as "actions to protect information systems and computer networks, and to monitor for, analyze, detect, and respond to unauthorized activity within those networks."

In other words, 'active defense only'. Like in many other defense sectors, China is already far ahead.

http://www.indiandefencereview.com/IDR-Updates/The-killers-mace-of-the-dark-visitors.html
 

Articles

Top