China's hacking skills in spotlight

When suspected Chinese hackers penetrated the Pentagon this summer, reports downplayed the cyberattack. The hackers hit a secure Pentagon system known as NIPRNet — but it carries only unclassified information and general e-mail, Department of Defense officials said.

Yet a central aim of the Chinese hackers may not have been top secrets, but a probe of the Pentagon network structure itself, some analysts argue.

The NIPRNet (Non-classified Internet Protocol Router Network) is crucial in the quick deployment of U.S. forces should China attack Taiwan. By crippling a Pentagon network used to call U.S. forces, China gains crucial hours and minutes in a lightning attack designed to force a Taiwan surrender, experts say.

China's presumed infiltration underscores an ever bolder and more advanced capability by its cybershock troops. Today, of an estimated 120 countries working on cyberwarfare, China, seeking great power status, has emerged as a leader.

"The Chinese are the first to use cyberattacks for political and military goals," says James Mulvenon, an expert on China's military and director of the Center for Intelligence and Research in Washington. "Whether it is battlefield preparation or hacking networks connected to the German chancellor, they are the first state actor to jump feet first into 21st-century cyberwarfare technology. This is clearly becoming a more serious and open problem."

China is hardly the only state conducting cyberespionage. "Everybody is hacking everybody," says Johannes Ullrich, an expert with the SANS Technology Institute, pointing to Israeli hacks against the U.S., and French hacks against European Union partners. But aspects of the Chinese approach worry him. "The part I am most afraid of is staging probes inside key industries. It's almost like sleeper cells."

In recent weeks, China stands accused not only of the Pentagon attack, but also of daily striking German federal ministries and British government offices. After an investigation in May, German officials told Der Spiegel magazine that 60 percent of all cyberattacks on German systems come from China. Most originate in the cities of Lanzhou and Beijing, and in Guangdong Province, centers of high-tech military operations.

German Chancellor Angela Merkel publicly raised the issue with Chinese Premier Wen Jiabao in Beijing last month. Wen did not deny China's activity, but said it should stop. President Bush, before his meeting with Chinese President Hu Jintao in Sydney, Australia, at the APEC summit earlier this month, stated that respect of computer "systems" is "what we expect from people with whom we trade."

But China's cyberstrategy is deemed murkier and more widespread. The tenaciousness of Chinese hackers, whose skills were once derided by U.S. cyberexperts, has begun to sink in to Western states and their intelligence services.

In cyberparlance, black hats are hackers whose professional life is spent trying to attack other systems. White hats are those who defend against attacks. But China is regarded as having a substantial number of hackers in the gray middle — cutting-edge technopatriots loosely affiliated with the Chinese government, but who are not formal agents of the state.

This allows many Chinese hackers to exist in a zone of deniability. To be sure, provability and deniability are central in cyberwarfare. The most difficult problem is how to prove who hacks a system.

Sometimes the Chinese "will brag about their exploits, and other times they'll disclaim them entirely, blaming unknown rogue individuals," says Bill Woodcock, research director at Packet Clearing House, a nonprofit research institute that focuses on Internet security and stability.

Of particular alarm for Washington and other world capitals are so-called "zero-day attacks" — cyberpenetrations that look for software flaws to exploit. This is not an uncommon pastime for hackers. But in China's case, suspicion falls on professional hackers, says Sami Saydjari, a Defense Department computer-security veteran who now heads a firm called Cyber Defense Agency in Wisconsin.

The Chinese maintain "very strong controls over their Internet, and it's highly unlikely there are hacker groups that have any substantial level of capability they don't control," says Saydjari.

Analysts say China constantly probes U.S. military networks. But attributing this conclusively to the People's Liberation Army (PLA), fingered by German officials in Der Spiegel, is almost impossible. To trace attacks to their source requires the help of those who control each link, or router.

Cyberpenetration runs the gamut, from simple to sophisticated. There's a simple "Trojan horse attack," for example, said to be used against the German chancellery. Hackers send what appears to be a legitimate e-mail. When opened, it installs malicious software that allows hackers to open files in a private network, or disrupt it.

Beijing's control showed in September 2003, when the company that administers dot-com and dot-net domain names made unilateral changes to the Internet's functioning. System administrators around the world scrambled to make piecemeal fixes.

"The domain-name system was broken for more than two weeks for the rest of the world, but after a brief interruption, it got mysteriously unbroken inside China after eight days," says Woodcock.

PLA doctrine explicitly states that information-technology disruption is part of "asymmetric" warfare. The U.S. is more vulnerable than China to a cyberattack, says Saydjari, because of its greater reliance on high-tech, networked systems.

The PLA's "People's War" doctrine argues that all able-minded People's Republic computer users have a responsibility to fight for China with their laptops, says Woodcock. He argues that Beijing might call on ethnic Chinese hackers in any part of the world, hoping they might help. Even nonhackers might be asked to participate in "denial of service" attacks — a weapon to shut down enemy Web sites that requires massive numbers of computers.

"The power of numbers is on their side," Woodcock says. China has the largest denial-of-service capability in the world, he says, a concern to private-sector companies as well.

So far, China doesn't seem to be organizing such attacks, says Ullrich. During the EP-3 spy-plane spat between the U.S. and China in early 2001, some Chinese youths launched denial-of-service attacks, but the government curtailed them.

For several years, China has focused most of its military research and production on a high-tech air and missile-attack force to overwhelm Taiwan — hence, China's probe of the Pentagon NIPRNet.

"They want to be able to attack the Net. They don't need a supersexy penetration program," Mulvenon argues. "They just bomb the Net itself. They disrupt the deployment of our military, simultaneously saturate Taiwan, delay the U.S. arrival, and Taiwan capitulates. It's what they talk about."