Sunday, December 05, 2010

China's propaganda chief ordered Google hack

China once again came under the spotlight today after newly released cables were published by Wikileaks and a string of media outlets. The latest revelations point to China's cyberattacks on Google and other western interests and focuses particularly on the China's propaganda chief Li Changchun [李长春] who is said to have ordered the attacks on Google.

The Guardian, the New York Times and El Pais [Spanish] reported Sunday how Li Changchun [李长春] had been taken aback after conducting Google searches for himself only to discover "results critical of him." [BBC]

One cable, dated early this year, quoted a Chinese person with family connections to the elite as saying that Li himself directed an attack on Google's servers in the United States, though that claim has been called into question. In an interview with The New York Times, the person cited in the cable said that Li personally oversaw a campaign against Google's operations in China but the person did not know who directed the hacking attack.

The attacks which took place in late 2009 and made public by Google on January 12th this year, were very sophisticated and gained access to sensitive intellectual property, violating company e-mails from some Chinese dissidents Gmail accounts. It later emerged that at least thirty other US strategic enterprises in the sectors of defense, chemical and information technology were attacked in the same wave of hacking attacks. These included Intel, Northrop Grumman, Motorola, Dow Chemicals and Adobe Systems. The offensive, called Operation Aurora, used different techniques to gain access to source code and confidential information, but many experts felt in the weeks after that they were the work of the same author.

Google made an announcement that it would not comply any longer with self-censorship of its search engine based in mainland China and eventually withdrew to the less restricted Special Administrative Region of Hong Kong.

According to the cabled dated May 18th, Li also took steps to punish Google commercially. The propaganda chief ordered three big state-owned Chinese telecommunications companies to stop doing business with Google. Li also demanded that Google executives remove any link between its sanitized Chinese website and its main international one, which he deemed "an illegal site".

The irony is that Li's concern over his appearing on a Google search has resulted in his becoming even more well known and perhaps criticized.

Other cyberattacks

There were also suggestions that China may have also sent malicious emails during the June 2009 climate change talks between the United States and China. A warning was distributed by the secretary of state's office referring to an e-mail "spear phishing" attack directed at five State Department employees in the Division of Ocean Affairs of the Office of the Special Envoy for Climate Change.

The messages, which purported to have come from a National Journal columnist, had the subject line "China and Climate Change." The e-mail contained a PDF file that was intended to install a malicious software program known as Poison Ivy, which was meant to give an intruder complete control of the victim's computer [Guardian / Der Spiegel / Le Monde - French].

While this attack could not be specifically attributed to China, cables do point to China having made repeated and often successful hacking attacks on the US government, private enterprises and Western allies as far back as 2002. According to the cables, at least one previously unreported 2008 attack, which US investigators code-named Byzantine Candor, yielded more than 50 megabytes of email messages along with a complete list of user names and passwords from a US government agency [Al Jazeera].

China has a large hacking community and it is widely believed many are under the employ of the government. One cable dated 29th June 2009 refers to CNITSEC [China Information Technology Security Center] enterprises which it said had "recruited Chinese hackers in support of nationally-funded network attack scientific research projects." From June 2002 to March 2003, TOPSEC employed a known Chinese hacker, Lin Yong (a.k.a. Lion and owner of the Honker Union of China), as a senior security service engineer to manage security service and training, the cable said. Venus Tech, another CNITSEC enterprise privy to the GSP, is also known to affiliate with XFocus, one of the few Chinese hacker groups known to develop exploits to new vulnerabilities in a short period of time, as evidenced in the 2003 release of Blaster Worm.

Collusion between govt, private sector & hackers

Cables reveal a complex chain of networks from Government through companies to individual hackers and hacking communities . He Weidong graduated from the Huazhong University of Management Engineering in 1987 and founded the security company Tianrongxin, a.k.a. Beijing TOPSEC Network Security Technology Company, Ltd in November 1995. TOPSEC is a China Information Technology Security Center (CNITSEC) enterprise and has grown to become China's largest provider of information security products and services. TOPSEC is credited with launching China's first indigenous firewall in 1996, as well as other information technology (IT) security products to China's market, to include virtual private networks, intrusion detection systems, filtering gateways, and security auditing and management systems. Additionally, in September 2000, Weidong founded the company Tianweichengxin, a.k.a. iTrusChina, which became the first experimental enterprise to develop business Public Key Infrastructure/Certification Authority services approved by China's Ministry of Industry and Information Technology.

But the cable noted that CNITSEC is responsible for overseeing the PRC's Information Technology (IT) security certification program. It operates and maintains the National Evaluation and Certification Scheme for IT security and performs tests for information security products. In 2003, the CNITSEC signed a Government Security Program (GSP) international agreement with Microsoft that allowed select companies such as TOPSEC access to Microsoft source code in order to secure the Windows platform.

While links between top Chinese companies and the PRC are not uncommon, the details in the cable illustrates the PRC's use of its "private sector" in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information. As evidenced with TOPSEC, there is a strong possibility the PRC is harvesting the talents of its private sector in order to bolster offensive and defensive computer network operations capabilities, the cable states [El Pais - Spanish].

Speaking on CNN's GPS programme hosted by Zakaria Fareed, The Financial Times' US managing editor Gillian Tett said there were "few surprises" in the published cables, so far. In as much as the communiques only confirm what many already suspected, this is perhaps true. Yet some of the detail is providing stronger evidence to confirm the truth behind what were only suspicions before. 

Reaction to leaks

China has avoided commenting on the content of the cables to date. Jiang Yu, China's Foreign Ministry spokeswoman, speaking in Beijing this week said, "I do not want to comment on the absurd comments on the website. China's position on the relevant issues is consistent, and everybody knows it." As further revelations are published China may find itself unable to stay quiet.

The media was also relatively quite too concerning the latest published cables. Al Jazeera gave the story the greatest prominence after a story on elections in the Ivory Coast and forest fires in Israel. The story was briefly mentioned on other news stations but coverage amounted to only a few seconds. Sky News placed the item fifth down the list of headlines after spy claims connected to British politician Mike Hancock's assistant, air strikes in Spain, student fees and the arrest of Asil Nadeer. France 24 gave less than 30 seconds to the story following in depth coverage on the elections in the Ivory Coast. The story was also sandwiched with a report about a fire at an Internet cafe in Guizhou province, southern China which killed six and injured 38. Interestingly this was not easily found on the France 24 website, though it was published on CNN, BBC and Al Jazeera's websites.

Meanwhile Wikileaks founder Julian Assange has gone to ground as he faces not only a barrage of criticism but also arrest on alleged sex crimes. Such charges have been dismissed by his lawyer Mark Stephens who described them as politically motivated. Speaking to the BBC, Mark Stephens said that legal moves against his client seemed to be a "political stunt" by a state that allowed US rendition flights [Wikipedia]. [Pictured: Li Changchun. Playing cards courtesy of MostWantedChinesePlayingCards]

tvnewswatch, London, UK

No comments: