CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
Date: Thursday, April 25 @ 03:05:42 EDT
Topic: Cyber Warfare
April 25, 2002
Defense: Analysts fear government and private efforts to sabotage federal Internet sites.
By ERIC LICHTBLAU, Times Staff Writer
WASHINGTON -- U.S. intelligence officials believe the Chinese military is working to launch wide-scale cyber-attacks on American and Taiwanese computer networks, including Internet-linked military systems considered vulnerable to sabotage, according to a classified CIA report.
Moreover, U.S. authorities are bracing for a possible wave of hacking attacks by Chinese students against the United States in coming weeks, according to the analysis. The confidential alert, which was reviewed by The Times, was sent to intelligence officials a week ago.
Although U.S. officials have voiced concerns about individual hackers in China who have defaced federal and private Web sites, the United States has resisted publicly linking the Chinese government to those attacks or to broader cyber-style warfare.
The new CIA report, however, makes clear that U.S. intelligence analysts have become increasingly concerned that authorities in Beijing are actively planning to damage and disrupt U.S. computer systems through the use of Internet hacking and computer viruses.
Although the assessment concludes that China has not yet acquired the technical sophistication to do broad damage to U.S. and Taiwanese systems, it maintains that this is the "intended goal" of the People's Liberation Army in China. "The mission of Chinese special forces includes physical sabotage" of vulnerable systems, the report says--which some analysts said is driven by China's hostility toward Taiwan.
The Chinese Embassy in Washington insisted Wednesday, however, that Beijing is only conducting computer research that is strictly defensive in nature.
"It is not the Chinese government's policy to disrupt the computer system of any other country," said Larry Wu, an official in the embassy's science and technology section.
"We do research on the security of computers, of course--self-defense to understand how a hacker can get into our computer systems so we can defend it," he said. "But China has never assumed an offensive stance with regards to computer technology."
But several specialists in Chinese security and military affairs said the CIA's conclusions jibe with their own observations about China's research into offensive-minded cyber-tools.
"We should be very worried about this issue," said James Mulvenon, a China analyst at the Rand Corp. think tank who has done extensive studies into Chinese computer capabilities.
Taiwan, which China regards as a renegade province, appears to be the driving force behind the Chinese interest in hacking and viruses, Mulvenon said. Under one scenario, if China were to make good on its long-standing threat to invade Taiwan, the Chinese military could then seek to deploy widespread computer disruptions against American and Taiwanese military systems to slow any effort by U.S. forces to intervene in Taiwan's defense, he said.
The issue threatens to inflame what are invariably tense relations between the United States and the Communist regime in China, relations already frayed by a volley of charges and counter charges during the last several years over alleged nuclear, military and political espionage.
Relations hit a low point last year after a U.S. spy plane collided with a Chinese jet fighter, triggering an international standoff over the return of the plane's 24 Navy crewmen. China detained the crew members for 11 days and returned the disassembled plane months later.
Recent months have seen a warming in relations as the Bush administration secured China's cooperation in the war on terrorism. But China has become upset by what it sees as the White House's increasingly favorable overtures toward Taiwan.
The CIA's assessment discusses Taiwan and the United States, revealing that U.S. intelligence officials believe both are targets of the Chinese military.
"The People's Liberation Army does not yet have the capability to carry out its intended goal of disrupting Taiwanese military and civilian infrastructures or U.S. military logistics using computer virus attacks," said the CIA's report, which was included in a broader national security assessment that authorities distributed to intelligence officials.
"China's virus attack capabilities are similar to those of sophisticated hackers and are limited to temporary disruption of sectors that use the Internet," the CIA review said. "A Chinese virus attack is capable of reaching e-mail communications, lap tops brought into China, and U.S. Internet-based military computers."
A U.S. intelligence official who was briefed on the issue but asked not to be identified said analysts believe that, although the most sensitive U.S. military databases are secure from hackers and viruses, Internet-based military systems that are used for communications with bases around the world and with outside military vendors could be vulnerable.
"These aren't the keys to the kingdom we're talking about," the official said. "There's no danger that the Chinese are going to hack into our nuclear launch codes, but there is the danger they could gather useful intelligence from penetrating some of the less sensitive networks that the Department of Defense utilizes all over the world."
Recent U.S. intelligence indicates, the official said, "that the Chinese government is actively and aggressively working on their cyber-war capability. They have a lot of people and a lot of brainpower, and they're smart enough to appreciate that a significant aspect of any future armed conflict is going to be cyber in nature."
Another government official who asked not to be identified cautioned, however, that the immediate threat posed by Chinese computer disruptions is fairly limited.
"This is something we're certainly concerned about. But in terms of their being able to disrupt Taiwan or U.S. military and civilian infrastructure, they can't do it yet. That's the story."
The concept of nations launching cyber-attacks against their enemies is a relatively new phenomenon, but it is drawing rising concern from U.S. authorities as they assess vulnerability in the national computer infrastructure. In an effort to beef up security, budget planners are projecting an increase of more than 50% next year in overall computer security, bringing the total to more than $4 billion.
The CIA report does not reveal how intelligence analysts arrived at their conclusions, and Jonathan Pollack, chairman of the strategic research department at the Naval War College, cautioned that there are still many unanswered questions about China's plans.
"China is still an issue that worries Americans deeply, and sometimes the intelligence community gets a head of steam on these things and can go off on tangents that may not be substantiated," he said.
Last year, the spy plane confrontation triggered an avalanche of about 1,200 attacks against U.S. government and commercial Web sites that were disrupted or defaced. Many of the attacks appeared to have been generated by students in China, with private hackers leaving patriotic pro-China messages or vowing revenge for the death of a Chinese pilot in the plane collision. Several hundred attacks on Chinese Web sites were blamed on American hackers, although some U.S. technology experts discounted that explanation.
The CIA assessment said China's "nonstate hacking community continues to pose the most immediate threat to U.S. computer networks."
It went on to warn that hackers in China "appear to be organizing for cyber-attacks again this spring, particularly during student breaks early next month and around the anniversary of the EP-3 [surveillance plane] incident."
The anniversary of the EP-3 collision passed uneventfully this month. But private security groups say they too have picked up on possible Chinese-based attacks in coming weeks--tied to the plane episode as well as China's national youth day on May 4 and the May 8 anniversary of the U.S.'s accidental bombing of the Chinese Embassy in Belgrade in 1999.
"We're warning our people about it and making sure everyone has their Web sites updated with the proper patches" to guard against denial-of-service attacks and other hacking, said Michael Cheek, director of intelligence for iDefense, a security intelligence service that has government and corporate clients around the world.
The U.S. intelligence official said that analysts suspect last year's hackings had the "tacit blessing," and even perhaps the active involvement, of the Chinese government.
Indeed, a report due out next month from Mulvenon and the Rand Corp., which does research for the U.S. government, will allege that the Chinese government was directly involved in at least one round of hack attacks.
After a spate of attacks against Web sites in the United States, Australia, Canada and England maintained by the Falun Gong religious movement--which China considers an "evil cult"--Mulvenon said his investigation unearthed evidence showing that at least one U.S. attack originated with the Chinese Ministry of Public Security.
"It's very clear to us that this was the ministry's doing, and it was a deliberate attempt to smear Falun Gong," he said.
Original LA Times Story Here