Information Warfare: Expensive, Disruptive And Embarrassing

Archives

November 22, 2018: In October 2018 the United States indicted nine Chinese citizens for Internet-based espionage that took place between 2010 and 2015 as part of an effort to steal technical data on high-performance jet engines. The indictment detailed how China had established a large Internet hacking operation in Jiangsu Province where the local MSS (Ministry of State Security) provided cover for the organization that became known in Internet security circles as the JSSD (Jiangsu branch of the MSS). Worldwide Internet security operations (government and commercial) noted that an unusually large number of hacking efforts could be traced back to a few locations in Jiangsu Province. The recent indictment named names of men who are apparently not in custody but could be arrested (as one was in 2017 and extradited to the U.S. earlier in 2018 for another case). The jet engine data theft effort was centered around a French company operating in Jiangsu Province as a joint venture with a Chinese firm to enable China to manufacture more advanced large engines for airliners. JSSD used Chinese employees of the French firm to insert JSSD malware (hacker software) in the French firms’ network and from there the malware spread to networks of numerous American and French aerospace firms that worked with each other. The effort was discovered when an American firm doing business with the French and American aerospace companies involved discovered the malware and reported it. Most other firms infected by the JSSD effort found similar malware and it soon became obvious why the Chinese effort to develop the techniques to manufacture large commercial jet engines was progressing so rapidly. They were stealing large quantities of key manufacturing procedures as well as details of the many specific techniques and technologies, especially trade secrets, software and other key elements of the manufacturing processes. These revelations make it easier to sue Chinese firms for trying to export equipment (jet engines and Chinese designed and built airliners) made possible by the stolen data. The litigation will, at the very least, block sales or deliveries of these engines and aircraft, which China is now producing and marketing.

The Chinese have been stealing similar data on military jet engines and aircraft but have been careful not to try exporting it. Much of the stolen military jet engine and aircraft data came from the Russians who have been threatening the Chinese over this since the late 1990s. As a safety measure, the Chinese kept most of the stolen Russian tech in China. Same with the growing quantities of Western military tech they have stolen. But for the commercial aircraft and engines to succeed they have to operate outside the country, even if they belong to Chinese airliners. That makes the Chinese firms more vulnerable to expensive, disruptive and embarrassing litigation. Western countries are increasingly naming Chinese involved in this Internet espionage so they can be arrested if they leave China. Often indictments are delayed to lull the guilty into a false sense of security and belief that it is safe to travel outside of China. A growing number of these Chinese Cyber War operatives are being arrested that way, then indicted and prosecuted.

For China, this is all the price of success as China has been enormously successful at stealing and using foreign technology. The Chinese efforts and success have been an open secret for over a decade. Thus it was not surprising when, in 2015, after years of denying any involvement in Cyber War espionage or having organized units (like JSSD) for that sort of thing, China suddenly admitted that it was all true. This was all laid out in the March 2015 issue of a Chinese military publication (The Science of Military Strategy). This unclassified journal comes out about once a year and makes it possible for all Chinese military and political leaders to freely discuss new military strategies. The 2015 edition went into a lot of detail about Chinese Cyber War operations. Most of these details were already known for those who could read Western media. Many details of Chinese Cyber War activities are published in the West if only to warn as many organizations as possible of the nature and seriousness of the threat. Apparently, the Chinese leadership decided that the secrecy about their Cyber War activities was being stripped away by foreigners anyway so why bother continuing to deny. Publish and take a victory lap.

Since the 1990s China has continued to expand its enormous Internet Army (as it is called in China). Not all these programs are successful. For example, since 2011 there has been an effort to force companies to organize their Internet savvy employees into a cyber-militia and inspire these geeks to find ways to protect the firm's networks. But by 2013 it was clear this project was not turning out exactly as expected, as many of the volunteers had become successful, but unpopular, censors. It’s now widely accepted that one of the most annoying things for the new Chinese middle class is the censorship (especially on the Internet). The most annoying censorship is the online version that is carried out by paid and volunteer censors at your company or in your neighborhood. This use of “local activists” to control discussions and inform on possible troublemakers (or worse, like spies or criminals) is an old Chinese custom and one that was highly refined by 20th century communists (first the Russians, who passed it on to their Chinese comrades). The old-school informer network suffered a lot of desertions and other damage during three decades of economic freedom. But the government has been diligent about rebuilding the informer and censor network online, where it’s easier for the busybodies to remain anonymous and safe from retribution. The online informers are also useful for keeping an eye on foreign businesses.

Internal and external espionage is one of the main reasons the Chinese government took an interest in the Internet back in the 1990s. This resulted in nearly two decades of effort to mobilize the Chinese people as an Internet army. It was in the late 1990s that the Chinese Defense Ministry established the "NET Force." This was initially a research organization, which was to measure China's vulnerability to attacks via the Internet. Soon this led to examining the vulnerability of other countries, especially the United States, Japan, and South Korea (all nations that were heavy Internet users). NET Force has continued to grow, aided by plenty of volunteers.

In 1999, NET Force organized an irregular civilian militia, the "Red Hackers Union" (RHU). These are several hundred thousand patriotic Chinese programmers and Internet engineers who wished to assist the motherland and put the hurt, via the Internet, on those who threaten or insult China. The RHU began spontaneously (in response to American bombs accidentally hitting the Chinese embassy in Serbia in 1999), but the government gradually assumed some control, without turning the voluntary organization into another bureaucracy. Various ministries have liaison officers who basically keep in touch with what the RHU is up to (mostly the usual geek chatter) and intervene only to "suggest" that certain key RHU members back off from certain subjects or activities. Such "suggestions" carry great weight in China, where people who misbehave on the web are very publicly prosecuted and sent to jail. For those RHU opinion-leaders and ace hackers that cooperate, there are all manner of benefits for their careers, not to mention some leniency if they get into some trouble with the authorities. Many government officials fear the RHU, believing that it could easily turn into a "counter-revolutionary force." So far, the Defense Ministry and NET Force officials have convinced the senior politicians that they have the RHU and its successors under control. Some of the key hackers involved with the recent American jet engine indictments were recruited because of RHU activities. A decade ago the hackers (or “honkers” after the Chinese word for “visitor”) became folk heroes and the opportunity to join your company’s contingent of the “Online Red Army” appealed to many as a chance to be like the honkers. For some, it was also an opportunity to turn pro and join elite outfits like the JSSD.

The Chinese military also has a growing number of formal Cyber War units, as well as military sponsored college level Cyber War courses. Western Internet security companies, in the course of protecting their customers, have identified a growing number of Chinese hacking organizations. Some work directly for the military, secret police or other government agencies. These Cyber War units, plus the volunteer organizations and Golden Shield bureaucrats apparently work closely with each other and have provided China with a formidable Cyber War capability. NET Force, with only a few thousand personnel, appears to be the controlling organization for all this. With the help of RHU and Golden Shield, they can mobilize formidable attacks, as well as great defensive potential. No other nation has anything like it and in 2015 the Chinese were openly bragging about it.