Article 43

 

Saturday, March 10, 2012

Bad Moon Rising Part 49 - How China Can Do Us In II

bmr1.jpg

Could China easily take down US military’s air-refueling logistics in a cyberwar?

ByEllen Messmer
Network World
March 9, 2012

A lengthy report prepared for the U.S. government about China’s high-tech buildup to prepare for CYBERWAR includes speculation about how a potential conflict with the U.S. would unfold—and how it might only take a few freelance Chinese civilian hackers working on behalf of China’s People’s Liberation Army (PLA) to sow deadly disruptions in the U.S. military logistics supply chain.

As told, if there’s a conflict between the U.S. and China related to Taiwan, “Chinese offensive network operations targeting the U.S. logistics chain need not focus exclusively on U.S. assets, infrastructure or territory to create circumstances that could impede U.S. combat effectiveness,” writethe report’s authors, Bryan Krekel, Patton Adams and George Bakos, all of whom are information security analysts with Northrop Grumman. The report, “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage,” focuses primarily on facts about China’s cyberwar planning but also speculates on what might happen in any cyberwar. It’s suggested that China would make a pre-emptive cyberstrike weeks ahead of any purely physical confrontation.

The report’s authors say China’s People’s Liberation Army are calling this “paralysis warfare” which aims at disrupting critical supply lines, logistics and command-and-control systems to support U.S. military operations well in advance of an obvious conflict occurring.

“Unlike traditional air or ballistic missile strikes, network attack and exploitation in particular can be initiated prior to the start of traditional hostilities without being a de-facto [Casus belli] and if done properly, can be implanted with little or no attribution back to China,” the report says. It notes that a 2007 PLA-published book, “Informationized Joint Operations,” asserts that enemy command and control networks and logistics systems will be among the first elements targeted by integrated network electronic forces under control of the PLA. The report details many disruption methods, including use of BIOS attacks to destroy motherboard HARDWARE components, known in the Chinese cyberwar arsenal today.

The report’s authors speculate that what the U.S. military calls the U.S. Transportation Command (TRANSCOM) systems would be considered good targets for disruption because they also provide trusted network access to military logistics systems.

Since an estimated 90% of TRANSCOM’s distribution and deployment transactions are handled via unclassified commercial and Department of Defense networks, according to the report, this means Chinese hackers would also be going after civilian-sector companies in TRANSCOM. (The report points out that TRANSCOM combatant commander Gen. William Fraser noted in Senate testimony just last month there has been a 30% annual increase in network penetration attempts against TRANSCOM networks.)

“If the Chinese computer-network espionage team is able to compromise the civilian contractor network via even a rudimentary spear-phishing campaign, they will likely attempt to use valid employee network credentials, e.g. certificates, passwords, user names, and most significantly, network permissions; these elements provide all of the same access as the legitimate user to immediately begin navigating around the contractor network to compromise other machines and establish a command-and-control network before attempting to identify high-value data to penetrate TRANSCOM networks directly from the contractor’s now compromised system,” the report says.

The net result, the Northrop Grumman information security analysts speculate, is that Chinese hackers “would in effect have complete control over these critical logistics providers’ networks.”

As Chinese teams would move into TRANSCOM networks they “may have dual missions assigned to them.” These, theoretically, would be collecting intelligence about U.S. military needs and intentions; also, “a data destruct mission to corrupt commercial or military databases supporting sea and airlift for TRANSCOM prior to the start of a Chinese assault on Taiwan or other military operation.”

Contractors might not even be able to get into their own systems anymore.

The authors describe how this could be done to disrupt the air-refueling mission for U.S. forces by compromising the TRANSCOM Air Mobility Command which owns the Air Refueling Management System, described as a Web-based application that integrates data from multiple related databases supporting different aspects of the refueling mission. Chinese hacking teams could scan “the Internet-facing application searching for any of thousands of potential vulnerabilities that could be exploited with often longstanding, simple techniques such as structured query language (SQL) injection or cross-site scripting.”

The authors of the “Occupying the Information High Ground” report contend that successfully carrying out this type of cyberwar tactic would not even require China’s official PLA militia units trained in cyberwar. It could be done by “purely civilian freelance operators (elite hackers) with an existing relationship with the Chinese Ministry of Public Security or Ministry of State Security.”

The report concludes: “The strategic impact to the United States of this small tactical scale operation would be disproportionately severe relative to effort and resources expended on the Chinese side, achieving a strategic level outcome that Chinese military writings on information warfare routinely laud as one of the primary benefits of a well-planned computer-network operations campaign.”

The report then points to the October 2011 data breach at RSA, the security division of EMC, as an example of reconnaissance of this type, where critical information about RSA’s SecurID authentication product was stolen. (Without naming China, RSA Executive Chairman Art Coviello has blamed the break-in on a “nation-state,” noting that the intent was to use the stolen SecurID information to break into RSA customers.)

In alluding to the SecurID-related data theft, the report says that “this operation resulted in the loss of all information necessary to crack the encryption on any RSA device in use anywhere in the world.” Further, “the adversary used the data stolen from RSA months earlier to compromise Lockheed Martin employee credentials and gain access to the company’s network. Adversaries leveraging the information stolen from RSA succeeded in penetrating an extremely well instrumented, well-protected network staff by highly skilled information security professionals with a mature cyber intelligence and network defense capability.”

Disruptions could also occur to the U.S. electrical supply, the authors say. Because the Chinese government has sponsored research on “attack-induced cascading power failures” related to the U.S. POWER GRID, the authors say if tensions between China and the U.S. ever heat up to the point of possible military confrontation over Taiwan, it will be no surprise to see “multiple large-scale network or power-grid failures, seemingly unrelated to rising tensions with China” which could “force a U.S. president and his national security team to divert time or resources to manage the domestic emergency.”

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

SOURCE

---

Joint ventures by US tech firms with China pose cyberwar risk: report
Commission singles out Huawei-Symantec joint venture as example of risk

ByEllen Messmer
Network World
March 8, 2012

Should conflict occur, China’s cyberwar plans target the U.S., and today’s Chinese joint ventures with U.S. manufacturers in hardware, software and TELECOMMUNICATIONS create a “potential vector” for the People’s Liberation Army (PLA) to exploit and compromise, says a report from the U.S.-China Economic and Security Review Commission sent to Capitol Hill today.

The report, “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage,” was researched under mandate by Congress when it first formed the external Washington, D.C.-based U.S.-China Economic and Security Review Commission to undertake ongoing research about relations between the two countries. The report, written by information security analysts from Northrop Grumman, says that leaders in the Chinese People’s Liberation Army (PLA) “have embraced the idea that successful warfighting is predicated on the ability to exert control over an adversary’s information and information systems, often preemptively.”

The report claims China is actively planning out how it could attack U.S. military operations. The report also notes that at least 50 civilian universities in China are receiving funding aimed at developing cyberwar capabilities for the military under at least five established national grant programs.

A cyberstrike could occur in advance of any physical military confrontation, the report states. “Chinese commanders may elect to use deep access to critical U.S. networks carrying logistics and command and control data to collect highly valuable real-time intelligence or to corrupt the data without destroying the networks or hardware.”

The report says evidence it has compiled, mainly from PLA, Chinese government and non-proprietary sources, shows that China does want to be prepared to launch a cyberwar strike on the U.S. in the event of a conflict. The report goes on to claim that joint venture relationships between Chinese and non-Chinese hardware, software and telecom providers represent a “risk” from the U.S. point of view.

The report notes that possible tampering could occur in hardware such as routers and switches from China. And it states, “Deliberate modifications of semiconductors upstream of final product assembly and delivery could have subtle or catastrophic effects. An adversary with the capability to gain covert access and monitoring of sensitive systems could degrade a system’s mission effectiveness, insert false information or instructions to cause premature failure or complete remote control or destruction of the targeted system.”

Collaboration between U.S. and Chinese information security firms, according to the report, “has raised concerns over the potential for illicit access to sensitive network vulnerability data at a time when the volume of reporting about Chinese computer network exploitation activities directed against U.S. commercial and government entities remains steady.”

he report takes a dim view of partnerships between “U.S. or other Western information security firms and Chinese IT and high-tech firms,” saying there are risks “primarily related to the loss of intellectual property and erosion of long-term competitiveness, the same threats faced by many U.S. companies in other sectors entering partnerships in China.”

The report singles out the joint venture between Huawei Shenzhen Technology Company Ltd. and Symantec, under which for almost four years Symantec shared its security and storage technologies with Huawei to include in its telecom equipment. Symantec CEO Enrique Salem announced the joint venture had ended in November 2011, saying the two companies had decided it would be best to consolidate the venture under one owner. Huawei, which bought out Symantec for $530 million, still licenses Symantec’s technologies.

“Partnering with an American or other Western anti-virus vendor does not necessarily allow the Chinese partner to obtain signature data earlier than legitimate participation in industry consortia such as the Microsoft Virus Information Alliance, but it may provide the Chinese partner with deeper access to U.S. markets over the long term,” the report said.

Huawei is the large China-based telecom equipment and service provider which has been seeking to expand business in the U.S. the past few years even as the atmosphere has grown more tense as several U.S. companies, including Google, have spoken of cyber-espionage carried out by what appeared to be attacks out of China.

Without official explanation, Huawei has found itself blocked by the U.S. Department of Commerce from participating in a U.S. project to build a wireless network for emergency personnel, police and firefighters. In addition, Huawei has found itself struggling with its involvement with Iran, where it has sold network gear, but recently said it would no longer supply Iran after its contracts there end.

Neither Symantec nor Huawei had immediate comment regarding the report. However, William Plummer, vice president of external communications at Huawei, who spoke with Network World last week about these topics, says assertions made in a Wall Street Journal story late last year that Huawei was helping Iran conduct cyber-surveillance against its citizens, especially dissidents, simply isn’t true.

Plummer said Huawei’s telecom equipment does have the equivalent of a backdoor for government use, but it is the same kind that is mandated in equipment by the U.S. under the Communications Assistance for Law Enforcement (CALEA) laws in the U.S. This kind of interface is there for governments around the world, he notes.

“Every government on this planet has a shared concern about security,” Plummer said. He said Huawei, which did $32 billion in business last year, is not part of the Chinese government, although its founder, Ren Zhengfei, is an ex-Army officer in the PLA. However, a number of U.S. lawmakers are pushing to investigate Huawei and its ties to Iran, especially as concerns the WSJ’s allegations of tracking of wireless mobile use in Iran.

In general, cyber-espionage is a fact of life today, Plummer acknowledged. Based on his own experience in the U.S. foreign service, he noted, “I believe there’s hacking of all sorts” by Russia, China and the U.S.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

SOURCE

Bad Moon Rising
Part 1 - Part 2 - Part 3 - Part 4 - Part 5
Part 6 - Part 7 - Part 8 - Part 9 - Part 10
Part 11 - Part 12 - Part 13 - Part 14 - Part 15
Part 16 - Part 17 - Part 18 - Part 19 - Part 20
Part 21 - Part 22 - Part 23 - Part 24 - Part 25
Part 26 - Part 27 - Part 28 - Part 29 - Part 30
Part 31 - Part 32 - Part 33 - Part 34 - Part 35
Part 36 - Part 37 - Part 38 - Part 39 - Part 40
Part 41 - Part 42 - Part 43 - Part 44 - Part 45
Part 46 - Part 47 - Part 48 - Part 49 - Part 50
Part 51 - Part 52 - Part 53 - Part 54 - Part 55
Part 56

Posted by Elvis on 03/10/12 •
Section Bad Moon Rising
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 1 of 1 pages

Statistics

Total page hits 9307152
Page rendered in 2.0032 seconds
41 queries executed
Debug mode is off
Total Entries: 3175
Total Comments: 337
Most Recent Entry: 07/04/2019 10:13 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 10
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

Love takes off masks that we fear we cannot live without and know we cannot live within. - Anonymous

Search


Advanced Search

Sections

Calendar

July 2019
S M T W T F S
 1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Must Read

Most recent entries

RSS Feeds

Today's News

ARS Technica

External Links

Elvis Picks

BLS Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights