PLA Roles:
- Defend countries against foreign invasions
- Maintain internal security and stability
- Engage in economic development of the country
Name of formal information warfare strategy?
Integrated Network Electronic Warfare
What is the Five Year Plan?
2011-2015
What is the Blue Army?
May 2011, small group with highly developed skills.
China Goals
Political: economic and technological superiority
Political: Ensure there is one political voice
Military: Disable enemy communication; eliminate enemies’ ability to obtain, control, and use information.
China Doctrine
President Hu Jintao official proclamation that PLA is to conduct cyber warfare in name of Chinese self-preservation.
Role of State
Largely considered to be state-sponsored hacking
Role of Universities
state-controlled universities “recruit” individuals and give training. Universities such as Science and Engineering University is tied to military.
People’s Liberation Army (PLA)
Military Centers associated with cyber attacks:
- General Staff Department
- 4th Department
- General Staff Department 3rd Department
- Technical Reconnaissance Bureaus
- Information Warfare Militia Units (2002)
State Sponsored (actors in):
- Universities
- PLA
- State-owned Enterprises
- Hacktivists
Role of State-owned Enterprises
- Direct & indirect ties to PLA
- Cyber espionage used to gain economic advantage
Role of Hacktivists & 4 types of operations
- not directly controlled by govn’t
- motives orig. aligned with government’s
- Orig targets: Taiwan & Japan
- 4 types of operations
- virtual sit-ins and blockades
- automated e-mail bombs
- web hacks and computer break-ins
- viruses and worms
China History: Earliest
date back as far as 2001; doctrine goes back into 1990s.
China History: 2002
global energy industry attacked
China History: 2006
Air Force was tracking several individuals / groups.
China History: 2010
Establishment of Chinese Cyber Command
Titan Rain
Nov 1 2004 - Dec 14 2005
Source: Guangdong province of China
Targets: US government systems
- US DISA, Naval Ocean Systems Center, US Army Space and Strategic Defense, US Army Information Systems Engineering Command.
State-owned Enterprises: the numbers
- 150 corporations that report directly to central government
- ~154,000 business where government has controlling interest through subsidiary relationships.
- SOEs with links: Huawei Technologies Co Ltd & Zhongxing Telecom Ltd (ZTE)
Lenovo purchased by IBM in May 2005.
PLA & Hactivists
PLA using hacker community for clandestine attacks
Hactivist Toolsets
- spam, phishing, spoofing
- pharming
- DoS, DDoS
- Viruses, Trojans, Worms, Malware (other), Spyware
- BotNets
Advanced Persistent Threat
- originally term used by US Air Force in 2006 to discuss specific actors in Asia-Pacific region
- More publicly in 2008-2009 conferences
- mainstream in 2010 with Operation Aurora.
- Attacks from foreign < 2006.
- Shift in meaning from specific atacker/actor to attack with specific characteristics with no attribution
Cloppert’s Kill Chain
2009 Desire to break chain as far to the left as possible. Defensive / protective measures vs clean-up costs - Reconnaissance - Weaponization - Delivery - Exploitation - C2 - Exfiltration
-> not effective for all characteristics of life cycle. (btw C2 & exfil lots of activity)
Modified Kill Chain
- expands Cloppert’s Kill Chain to draw attention to lateral movement across network (iterative process).
Same External (minus exfil + initial installation)
Repeat internal
Persistence
Mission Fulfillment
APT Group One
Tin Snake
- since 2004
- 2007 started malware (trojans, viruses)
- 2008 selling electronics but not shipping
- 2010 campaigns to penetrate US industries and defense contractors
- Windows and Unix
- keyloggers, domain parking, port relay tools
- scam / hacking cycles
