Presd1 17
Upcoming SlideShare
Loading in...5
×
 

Presd1 17

on

  • 1,397 views

 

Statistics

Views

Total Views
1,397
Views on SlideShare
1,397
Embed Views
0

Actions

Likes
2
Downloads
25
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Thanks
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Presd1 17 Presd1 17 Presentation Transcript

  • UNDERSTANDING CHINA AND RUSSIA’S CYBER STRATEGIES MR. TIMOTHY L. THOMAS FMSO, MAY 2010
  • Where are these Countries Most Active in the Cyber Arena? • China—through the actual use of cyber reconnaissance and soft power • Russia—through the development of policy issues and equipment
  • Points of Emphasis for China • The Google Affair—Stealing code versus influencing values and damaging the Party’s image • Chinese hackers—who are they? • System sabotage warfare • Offensive actions • Strategic deception
  • Context Works against China… • Northrop Grumman Report of a US company that had information expertly exfiltrated from its files • US military testimony before Congress, attacks on Lockheed Martin • Two Canadian reports: Ghost Net and Shadow Network • Accusations from a host of countries (Germany, Israel, Japan, South Korea, India, UK, France, Australia, etc.) • Google hacks along with hacks of 26 largest companies in California (Intel, Yahoo, Symantec, Juniper Networks, Northrop Grumman, Dow Chemical, Adobe, etc.)
  • The Google Affair: Follow the “Gu Ge” to Freedom • Code stolen from Google and from “the 26 top companies in California.” Allen Paller of the SANS Institute stated that the chances of these companies NOT being 100% compromised is zero. • Legal-public affairs-psyop • Two pronged strategy—electronic reconnaissance and soft power
  • The Google Affair (Aurora): Jiaotong/Lanxiang Origination Points • Jiaotong University has alliances with Duke and the University of Michigan, and with Microsoft and Cisco Systems. • “Reliable clues” suggest Jiaotong was involved in the attacks on Google and other companies in California. Jiaotong spokesman stated school officials were shocked and indignant at the allegations. • Received funding from Project 863, has a School of Information Security Engineering, and has PLA ties according to the school’s website.
  • China’s Information Technology Security Plan 863 (www.863.org.cn) • Security for electric commerce systems • Network media information security technology • Network security management and measurement technology • Information protection technology • Information topic 306—intelligent computers
  • The Google Affair (Aurora): Jiaotong/Lanxiang Origination Points (cont.) • Lanxiang—boasts it has the world’s largest computer laboratory; school records (on web site) indicate they send many graduates to the army who become the army’s backbone; Mr. Shao, the school’s dean, says the computer science department’s graduates are recruited by the local military garrison but that these students are incapable of hacking into Google • Lanxiang spokeswoman Zhou said such speculation is ridiculous as the school has no ties with the military at all
  • Chinese Commentary on Google • Huang Xueping, Def Min Spokesman (25 Feb): such claims are baseless, irresponsible, and hyped with ulterior motives--PA • Li Daguang, NDU (9 March): Some Western powers may have adopted a strategy to sabotage China’s IT development; high profile criticism is a preemptive strike on China--PSYOP • Li Yizhong, Minister of Industry and Information Tech (12 March): Google must obey China’s laws. China opposes hacking--LEGAL
  • Chinese Commentary on Google • Chinese government has said that Google’s claims are groundless (instead of “we’ll investigate”); Where were the “counterpropaganda” accusations before the Google incident?
  • Chinese 22 March Counter Propaganda Commentary on Google • Google provides US intelligence with a record of its search engine results; Google was the 4th largest contributor to Pres Barack Obama’s campaign • Google is not in the game for commercial reasons but is trying to change Chinese society by imposing American values • Some Pentagon security experts are from Google (Sumit Agarwal is now a Deputy Assistant Sec of Defense for Public Affairs Outreach and Social Issues)
  • Chinese Instructions (25 March) on How to Report on Google--PA • For Chief editors and managers: Only use Central Gov main media (website) content; reposting must not change title; do not produce relevant topic pages, discussion sessions, and related investigative reporting; forums and blogs are not permitted to hold discussion or investigation on Google; clean up text attacking the Party, State, Gov agencies, and Internet policies or sites supporting Google; and monitor Google information and incidents.
  • Chinese Instructions on How to Report on Google (cont.) • Monitoring and Control Group: immediately follow-up and control actions in above directions; do not participate in Google’s information releases; do not report that Google is exerting pressure on China; and do not provide materials for Google to attack relevant policies.
  • Losttemp33 • An email used in Ghostnet (Tibet) turned up in the Shadows probe (India) as well. It is from losttemp33@hotmail and was associated with Xfocus and Isbase, two popular Chinese hacking forums. Losttemp33 possibly was a student of master hackers Glacier and Sunwear. The individual is believed to have studied at University of Electronic Science and Technology at Chengdu.
  • Glacier-no photo available • 1. Real Name: Huang Xin (黄鑫黄鑫) 黄鑫 • 2. 冰河) 冰河 Online Name: Glacier (冰河 • 3. Organization: www.xfocus.org, http://blog.xfocus.net/index.php?blogId=15 • 4. Age: 29 (In 2007) • 5. Known Hacks: Developed the Glacier Trojan, China’s most popular. Created X-scan • 6. Summary: Graduated from Xi’an Electronic Sci-Tech University. Married to Chinese female hacker Wollf. In 2006, he was 28 years old and a resident of Guangxi. Godfather of the Chinese Trojan. • 7. DarkVisitorLinks:
  • Military Theory Includes Concepts such as System Sabotage and Offensive Reconnaissance that Fits with Traditional Chinese Theory • Win victory before the first battle • Strategic deception
  • System Sabotage • The key point to “system sabotage” is in “gaining control, precision strikes for maximum damage, and paralyzing the enemy to subjugate his will.” • To make system sabotage effective, we need to establish a basic mode of thinking where we “destroy before conducting war, using destruction to aid in the fight.” • Destruction can come about through reconnaissance of computer networks, through cognitive attacks that destroy will power, etc.
  • 1996 Book Deceptive Strategy (Chai Yuchiu) Contains 30 Chapters • Roles, necessity, philosophical foundations, psychological laws, general principles, systems, operational art, creativity is the life, mistakes in, and skills for mastery • Deceptive strategy thought process, deceptive strategy and religious superstition
  • Dai—Direct IW Offense/Attack • Computer network reconnaissance is the prerequisite for seizing victory in warfare. It helps to choose opportune moments, places, and measures for attack.
  • Methods • Focus on collecting technical parameters and specific properties of all categories of information weapon systems and electronic information products
  • Where are these Countries Most Active in the Cyber Arena? • China—through the actual use of cyber reconnaissance and soft power to control the capability to “win victory before the first battle”
  • Russia’s Cyberstrategy Timothy L. Thomas Work: 913-684-5957, fax 913-684-5960; tim.l.thomas@us.army.mil Foreign Military Studies Office Fort Leavenworth, Kansas Graphics by Cathy Elliott Center for Army Lessons Learned
  • Overview of Russian Cyber Issues • Development of policy • Development of theory (info-tech, info-psych)
  • Other Documents • United Nations suggestions • 2000—Information Security Policy of Russia • Feb 2008—Governmental Commission for the Implementation of Information Technologies in the Work of National Agencies and Agencies of Local Self-Government. • Electronic Russia and Electronic Government—to be completed by the end of 2010—doubtful at this point
  • Russia and Network-Centric War Col Yu. Gorbachev, 2006 • Network war is also called cyberwar (a component of IO that includes CNA and CND). It may use EW assets (directed energy equipment, weapons, etc.), information weapons, and diverse electronic and computer defense assets. • NCW, on the other hand, is a new form and method for the command and control of the armed forces with the use of integrated information space in near real-time mode.
  • Russia and Network-Centric War Gorbachev (cont.) • Russia should transform its EW service into information and EW troops, because the US has information war agencies and forces pursuing information wars that are based on EW forces
  • Russia and Network-Centric War Gorbachev (cont.) • Russia must immediately work on creating information weapons and directed energy weapons “capable of disrupting the operation of automated databases and computer networks and disabling the main enemy command and control and reconnaissance components.”
  • Strategic Deterrence in the Theater of Information Warfare Sergei Modestov • Information warfare’s threats create another possibility for strategic deterrence (besides nuclear and conventional), which is “strategic deterrence in the theater of information warfare by means of the threat of large-scale targeted impact on the information resource objects of a likely adversary.”
  • Russia versus China • Russia—provide a story that encourages the turtle to take off his shell • China—the mouse and the bell
  • A Russian Information Weapon Definition According to Rastorguyev An information weapon A means directed at activating (or blocking) information system processes in which the subject using the weapons has an interest. An information weapon can be any technical, biological, or social means or system that is used for the purposeful production, processing, transmitting, presenting or blocking of data and or processes that work with the data.
  • Rastorguyev on IW and IO in 2002 Rastorguyev defined IW as “a battle between states involving the use of exclusively information weapons in the sphere of information models.” The final objective of an information weapon’s effect is the knowledge of a specific information system and the purposeful use of that knowledge to distort the model of the victim’s world. Rastorguyev defined an information operation as “a sequence of actions to use an information weapon to achieve an assigned task”
  • Where are these Countries Most Active in the Cyber Arena? • Russia—through the development of policy issues and equipment to support command and control issues
  • Timothy Lee Thomas Foreign Military Studies Office (FMSO) Phone: 913-684-5957 Fax: 913-684-5960 Tim.l.thomas@us.army.mil http://fmso.leavenworth.army.mil