Join our Mailing List

"On my part, I remain committed to the process of dialogue. It is my firm belief that dialogue and a willingness to look with honesty and clarity at the reality of Tibet can lead us to a viable solution."

Has China virtually won?

April 6, 2009

Michael Smith
The National (UAE)
April 4, 2009

Canadian researchers have found Chinese spyware
in computers in 103 countries, while the UK
government has been warned by intelligence chiefs
that its communications network is vulnerable to
a Chinese attack. In cyber warfare, China is leading the way.

A new arena has been added to the theatre of war
-- cyberspace. In a world where reliance on
information technology underpins civil and
military life, the cookie can be as deadly as the bullet.

Targeting computer systems and software allows an
enemy to steal vital intelligence, but it can
also give it the ability to close down a
country’s utilities and bring normal life to a shuddering halt.

China is emerging as the most aggressive power on
this virtual battleground and the scale of its
ambitions can be measured by last week’s
revelations about GhostNet, an international spy
network that has reached inside more than 100 countries.

Canadian researchers commissioned by officials
working for the Dalai Lama, Tibet’s spiritual
leader, found 1,295 computers in 103 countries
affected by spyware that allowed Chinese hackers
to reach inside the computers and even control their activity.

Iran’s foreign ministry was among a number
targeted by the system, which routinely harvested
classified information from the computers of governments around the world.

The foreign ministries of Bangladesh, Latvia,
Indonesia, the Philippines, Brunei, Barbados and
Bhutan were also spied on, as were various
embassies of India, South Korea, Indonesia,
Romania, Cyprus, Malta, Thailand, Taiwan, Portugal, Germany and Pakistan.

And yesterday it was disclosed that Chinese spies
had tried to infiltrate the e-mail and mobile
phone communications of Kevin Rudd, the
Australian prime minister , during a visit to Beijing last year.

The existence of such spyware is not new. Anyone
buying a personal computer or laptop normally
buys security software to protect it from
computer viruses and criminals seeking to steal
identities and passwords. But what was most
worrying about the Chinese spyware was that it
was detected by only 11 out of 34 antivirus products.

The researchers, from the Ottawa-based think-tank
SecDev Group and the Munk Centre for
International Studies at the University of
Toronto, concluded that: “The computers of
diplomats, military attachés, private assistants,
secretaries to prime ministers, journalists and
others are under the concealed control of unknown assailants.”

The operation is thought to be the most extensive
cyber-espionage network uncovered so far, with
more than a dozen new computers attacked every week.

Yet this is only the tip of the iceberg so far as
the Chinese ability to use advanced technology to
collect intelligence is concerned.

Computers successfully attacked by Chinese
hackers in the past two years include those in
the offices of Angela Merkel, the German chancellor.

In May 2007, the German internal security
service, the federal office for the protection of
the constitution, found that computers in the
foreign, economics and research ministries had
also been targeted, with large amounts of classified information stolen.

Later that year it emerged that computers in the
offices of Robert Gates, the US defence
secretary, had been hacked into and the Chinese
had also attacked British foreign office computers.

Jonathan Evans, the head of the British security
service MI5, wrote to 300 British companies
warning them that the Chinese were actively hacking into their computers.

A Pentagon report on China’s military
capabilities published on March 25 said the
Chinese hackers continued their work last year,
with not only the Pentagon’s computers attacked
but also those of other US government offices and
the Belgian and Indian governments as well.

China is not alone in this. Russia is also
implicated. During increasing tension between
Estonia’s Russian minority and the remainder of
the population in 2007, Estonia’s computer
systems were brought to a standstill by a series of mass cyber attacks.

The jury is out on whether these were
co-ordinated by any Russian government
organisation, as is also the case with a similar
series of attacks that crippled Georgian
government systems during last August’s Russian
invasion. But they do at least appear to have been sanctioned.

Nor are governments the only organisations
capable of such attacks, as was shown in
September last year, by criminals who stole
information from financial servers in the UAE to
make fraudulent credit and debit card purchases in the US.

Perhaps the most worrying report came from
British intelligence chiefs, who on Jan 28
briefed ministers that the entire UK
telecommunications network had been left vulnerable to Chinese attack.

"The Chinese state will have an increasing
ability over the next few years to shut down
large parts of the UK’s telecommunications
infrastructure if they chose to,” the top ­secret Cabinet Office report said.

The British national telecoms company BT signed a
deal in 2005 with the Chinese company Huawei to
provide key components for its new nationwide
communications network. These could be
manipulated by China to take control of the
system, the intelligence chiefs said. China could
remote-control a complete shutdown not only of
the UK’s telecommunications system but also the
power, water and food supplies that depended
heavily on the use of computers communicating over the BT network.

There could already be bits of the network that
contained elements, just waiting, like Cold War
sleeper agents, for the moment they were needed
to enable China to shut it down, the British
intelligence chiefs said. China was already able
to make "covert modifications" or to "compromise
equipment in ways that are very hard to detect"
and that might later "remotely disrupt or even
permanently disable the network."

Both BT and the British government refuse to comment on the reports.

As all this sounds like something out of a
science fiction film, it is worth seeking an
expert opinion. John Tindle is professor in
telecommunications engineering at the University
of Sunderland. There were all sorts of software
or hardware that could sit in a network waiting
to be activated, Prof Tindle said, but hardware
would be relatively easy to detect. Control software was the real threat.

"Potentially it’s possible," he said. A small
piece of control software could be hidden in the
network and be impossible to detect until it was told to close the system down.

"You can send a signal to that device, which
could have been doing nothing until you activate it."

Nor does there appear to be an effective
antidote. Technical modifications suggested to BT
by UK government computer security experts
reduced the threat from hackers, organised
criminals and most "hostile adversaries," the British intelligence chiefs said.

But they concluded that: "Despite modifications
to the network architecture and continuing
investigations into the equipment, we believe
that the mitigating measures are not effective
against deliberate attack by China."

The genesis of this astonishing evidence of
Chinese supremacy in cyber warfare stems from
March 1986 when China’s leaders realised that
they had fallen behind both the West and Japan in
the technological advances of the 1970s and 80s.

Four of the country’s leading scientists wrote to
the leadership warning that China risked becoming
a second-rate country. Technology was the key to
rapid economic development and achieving China’s
ambitions as a world superpower, they said.

Deng Xiaoping, the country’s then leader, ordered
changes to the way in which the Chinese
military-industrial complex operated, switching
it from a centrally controlled research and
development system to a western-style approach.

New companies were to be set up, operating
internationally in the free market, using modern
technology to achieve maximum profit, and feeding
back the new technology into China’s defensive systems.

The new system was known as Programme 863, from
the date in which the edict was made, the third
month of 1986. One of the first Chinese
technology companies set up under Programme 863
was Huawei. The name signifies a concept
translated either as "China Achievement" or simply "For China."

It was set up in 1988 by its current president
Ren Zhengfei, a former director of the People’s
Liberation Army (PLA) Information Engineering
Academy, which is responsible for telecoms research for the Chinese military.

The 65-year-old is said to model himself on Mao
Tse-tung. He openly describes his company’s
corporate ethos as being based on a communist
culture and fosters what he describes as the
"wolf spirit" in his employees, emphasising the
wolf’s unrelenting will in attack.

China’s military strategists devised plans to
compensate for China’s inability to match
America’s might by using armies of hackers to
attack the computers on which US weaponry depended.

"Thanks to modern technology, such as the
development of information carriers and the
internet, many can now take part in fighting
without even having to step out of the door,'
said Wei Jincheng, a military planner, in the
Liberation Army Daily newspaper in 1996.

The country’s 300 million internet users could be
used to hack into and disrupt the US computer
systems. "Anybody who understands computers can
become a ‘fighter’ on the network," Wei said,
anticipating GhostNet. "The public can participate."

Meanwhile, Chinese technology companies led by
Huawei were starting to break into the world
market. Huawei soon found itself accused of
reverse engineering other companies’ parts to improve its own.

Cisco, the US market leader in telecommunications
systems, sued Huawei in 2003, claiming it had
infringed its copyright, but the case was settled
out of court, with Huawei withdrawing the suspect parts from sale in the US.

Huawei’s success is in fact now based on its own
extensive research and development, all of which
is fed back into China to benefit the military
and improve its technological capabilities.

The company insists that it is entirely
independent and owned by its employees, with no
surviving links to the Chinese military.

But three separate and authoritative reports, by
the Rand Corporation in 2005, British
intelligence in January this year and by the
Pentagon last month, all allege continued strong links to the PLA.

The relationship is best described in the Rand
report, which says: "Huawei maintains deep ties
with the Chinese military, which serves a
multifaceted role as an important customer, as
well as Huawei’s political patron and research and development partner.

"Both the government and the military tout Huawei
as a national champion, and the company is
currently China’s largest, fastest-growing, and
most impressive telecommunications-equipment manufacturer."

The speed of that growth has been spectacular. In
little more than 20 years, Huawei has grown into
one of the world’s top three telecom companies
with projected sales this year of US$30 billion (Dh110bn).

Significantly, the one market that has so far
eluded Huawei is the United States. An attempt to
merge with the US technology company 3Com, which
provides the Pentagon with computer security
systems, was blocked by the US government on security grounds.

But Huawei has done very well in the Gulf region.
Etisalat in the UAE, STC in Saudi Arabia, MDC in
Kuwaiti, Batelco in Qatar, and Omnitel in Oman,
have all used Huawei to set up their optical
fibre telecom networks, all using the same
components as in the UK communications network
that has so worried British intelligence chiefs.

Despite Britain’s doomsday warnings, this does
not mean that any of the networks using Huawei
components are in imminent danger of being shut down by China.

China needs to maintain good relations with as
many markets as possible and the British
intelligence reports made clear that the risk of
it using the Huawei parts to shut down the UK
telecommunications system was currently "low."

The real threat lies in exactly the same place as
the threat from GhostNet. The main role of the
hackers working for the GhostNet is to collect
intelligence. It is this that most worries
Britain’s intelligence chiefs and should be of
concern to their counterparts in the Gulf states.

It would be very easy for China to use the Huawei
components to collect data moving between
government departments and send it to its own
computers, without those using the links ever knowing.

According to Professor Tindle: "You can install
something relatively small into a network that
could capture all the data and send it on. You
are obviously relying on the vendors not to be unscrupulous.

"If you have someone who was unscrupulous they
could send it on. It’s technically possible for
the vendor to send that data wherever they want.”

The British intelligence reports suggest that
China is that unscrupulous. "The access that the
Chinese state potentially has through its
influence on the manufacturers of
telecommunications equipment -- in particular,
Huawei -- leaves a significant vulnerability in UK networks," one report said.

"The Chinese state would be able to make covert
modifications to the hardware and software on the
equipment which would give them additional covert
functionality that could be used for intelligence gathering."

It is that "significant vulnerability" that
concerns Britain’s intelligence chiefs. They know
that if they had that opportunity, they would use
it, and the evidence of GhostNet tells them the Chinese would, too.

Michael Smith is the Defence Editor of The Sunday
Times and the author of a number of books on
espionage, including The Spying Game

CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank