Government Computer News (GCN)
http://gcn.com
Retrieved 29Aug11
Go to original article
The smoking gun on China's U.S. cyberattacks
By John Breeden II
Aug 26, 2011
A few weeks ago I wrote a column explaining, step by step, how hackers with a Chinese IP address attacked a honeypot network in the GCN Lab that had been set up for just that purpose.
We watched the attacks take place, made notes about what the hackers
did, the techniques they used, and tracked them back to several
addresses inside China.
In the comments section that followed, a few people complained that I
had no evidence that the attack actually came from China, implying that
I was slandering them in some way. Given that the Chinese government’s
official line has always been that it respects the rule of law and would
never attack a sovereign nation in cyberspace, I can see why they would
have defenders. In truth, other than the IP address of the people who
attacked our honeypot, I had no comeback, especially since IP addresses
can be spoofed.
But now, thanks to China itself, I have proof that the People’s
Liberation Army does attack the United States, and likely does so on a
regular basis.
China’s claims of innocence have come crashing down because of an
apparent mistake in editing in a documentary on the country’s own state
TV that should never have gone live. The PLA presentation demonstrated
its military capabilities. Amid all the tanks and planes, the propaganda
piece showed a mere four seconds inside the group's cyber warfare
center.
Without narration, one has to think that the cybersecurity part of
the piece was only put into the video by accident, a technical
background shot placed between segments for a bit of extra color.
However, those four seconds are both telling and damning to the Chinese
lie that they don’t attack the United States.
Here is the incredible part: During those four seconds, we clearly
see a Chinese soldier use a drop-down list to choose from preset target
websites around the world. Then he actually attacks a website in Alabama.
In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.
Going back to my original article, the type of attack that could be
instigated with the push of a button is exactly what I said happened to
the GCN honeypot network. First, a real hacker came in and tried to
steal data. Then the second team covered his tracks. The machine shown
on the PRC TV show is probably part of that second team. It could easily
do automatic attacks of the heavy-handed kind, things like SQL
injections that every high school hacker knows about. That program and
perhaps even that machine could be the one that attacked the lab
network.
Even though all the targets shown in the four-second video were Falun
Gong sites around the world, the fact that they were in a drop-down
menu is telling and appalling. You don’t set up drop-down menus with
attack buttons unless you plan to use them. And the Chinese military did
push the attack button in the video, so apparently it has no problem
pulling the trigger.
How many of these attack lists do they have? Is there another one
with U.S. government sites listed? Is there one with corporations or
media outlets in this country?
China has proved that it does not respect our borders when it comes
to cybersecurity. Government officials, Google and other victims of
cyberattacks have blamed China before, but always with China denying
involvement and its defenders using the spoofed-IP-address defense. But
now we have the proof. This was not a video made by “evil Western
democracies” or political dissidents. This was a program created by the
Chinese government and run on the country's own state TV.
So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.
It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it.
|
