Contenu connexe
Similaire à Сравнение хакеров Ирана, Китая и Северной Кореи
Similaire à Сравнение хакеров Ирана, Китая и Северной Кореи (20)
Plus de Positive Hack Days
Plus de Positive Hack Days (20)
Сравнение хакеров Ирана, Китая и Северной Кореи
- 2. Red-‐DragonRising.com©
Compara>ve
Study:
Global
Cyber
Doctrine
LTCOL
(RET)
William
Hagestad
II
MSc
Security
Technologies
MSc
Management
of
Technology
www.red-‐dragonrising.com
hagestadwt@red-‐dragonrising.com
Cyber
as
a
spectrum
of
cyberspace
opera>ons
including
Defensive
Cyberspace
Opera>ons
(DCO)
Offensive
Cyberspace
Opera>ons
(OCO)
- 4. Red-‐DragonRising.com©
2014 Top Internet Attacks….
hYp://mybroadband.co.za/news/security/101440-‐top-‐internet-‐aYacks.html
Китайская
Народная
Республика
Соединенные
Штаты
Америки
Россия
- 5. Red-‐DragonRising.com©
Port
445
most
targeted
port,
reaching
30%
of
observed
aYacks..
hYp://mybroadband.co.za/news/security/101440-‐top-‐internet-‐aYacks.html
The
volume
of
aYacks
targe>ng
Port
80
remained
steady
at
14%
- 7. Red-‐DragonRising.com©
ISBN:
978-‐1482577105
hYp://www.amazon.com/Opera>on-‐Middle-‐Kingdom-‐Computers-‐Networks-‐
ebook/dp/B00GTVFJOQ/
取締中華人民共和國
- 8. Red-‐DragonRising.com©
ISBN:
978-‐1493771974hYp://www.amazon.com/Chinese-‐Informa>on-‐Warfare-‐Doctrine-‐
Development-‐ebook/dp/B00GWO12LO/
取締中華人民共和國
- 9. Red-‐DragonRising.com©
ISBN:
978-‐1496080875hYp://www.amazon.com/Chinas-‐Plans-‐Winning-‐Informa>on-‐
Confronta>on/dp/1496080874/
取締中華人民共和國
- 11. Red-‐DragonRising.com©
Cyber Threat Motive
Targets of
Opportunity
Methodologies Capabilities
Nation States ~
Peace Time
Economic,
Military,
National
Secrets,
Political
Commercial Enterprises,
Intelligence, National Defense,
Governments, National
Infrastructure
Military & Intel specific
cyber doctrine,
hacktivists
Asymmetric use of
the cyber domain
short of kinetic
Nation States ~
War Time
Economic,
Military,
Political
Commercial Enterprises,
Intelligence, National Defense,
Governments, National
Infrastructure
Military & Intel specific
cyber doctrine,
hacktivists
Asymmetric use of
the cyber domain
including kinetic
Cyber Terrorists &
Insurgents
Political
Infrastructure, Extortion and
Political Processes
Combination of
advanced persistent
threats (APT)
Developing – will be
a concern in 2012
Cyber Criminals –
Grey & Black
Markets
Financial
Intellectual Property Theft, Fraud,
Theft, Scams, Hijacked Network
& Computer Resources, Cyber
Crime for Hire
Exploits, Malware
Botnets, Worms &
Trojans
Cell-based structure
as an APT
Criminal
Organizations – RBN
Financial
Use of above with
distinct planning
Highly professional,
dangerous
Rogue Organizations
– Anonymous,
LulzSec
Financial
Military,
National
Secrets,
Political
Intellectual Property Theft, Direct
& Indirect pressure on OGA
Resources
Organic hacking
capabilities
unsurpassed
Organized yet de-
centralized
Руководство
Цифровые
оппоненты
- 12. Red-‐DragonRising.com©
“Thanks to the increased attack traffic seen
from Indonesia, ports 80 and 443 were the
most commonly targeted ports, accounting
for 41 percent of observed attacks
combined.”
Indonesia
Overtakes
China…
h4p://www.techinasia.com/report-‐indonesia-‐overtakes-‐china-‐worlds-‐biggest-‐source-‐online-‐a4acks/
- 15. Red-‐DragonRising.com©
Where?...
When?
Who
Started
All
This?
hYp://www.defense.gov/releases/release.aspx?releaseid=13551
US
DoD
Militarizes
Cyber
Space…
“We
Are
Coming
for
You
if
your
country
is
a
threat
in
Binary
World!”
- 17. Red-‐DragonRising.com©
This
is,
however,
2014….
hYp://news.xinhuanet.com/mil/2014-‐05/21/c_126526347.htm
美方无中生有 别有用心
China:
U.S.
fabricated
charges
with
ulterior
moEves
- 18. Red-‐DragonRising.com©
China’s
Defense
Ministry:
“China's
military
has
never
stolen
trade
secrets
through
a
network”
United
States
is
calling
this
"commercial
espionage
network”
saying
nothing,
confused
with
ulterior
mo>ves.
- 20. Red-‐DragonRising.com©
(1)
for
informa>on
to
obtain
informa>on
and
intelligence
about
each
other’s
means,
capabili>es,
and
strategies;
(2)
against
informa>on
aimed
at
protec>ng
their
informa>on
systems,
while
disrup>ng
or
destroying
the
other
side’s
informa>on
infrastructure;
and
(3)
through
informa>on
reflected
in
the
misinforma>on
and
decep>on
opera>ons
to
shape
their
broader
internal
and
external
strategic
narra>ves.
Korean
Peninsula
IW….
3
levels
of
informa>on
conflict
simultaneously:
- 22. Red-‐DragonRising.com©
Cyber-‐espionage
:
North
Korea's
primary
overseas
intelligence
gathering
unit,
operaEng
under
the
State
Security
Agency
(SSA),
relies
on
cyber-‐related
techniques
for
cyber-‐espionage
to
access
informaEon,
steal
sensiEve
data,
&
monitor
foreign
communicaEons.
Computer
network
aYacks
:
North
Korea
has
a4empted
to
disrupt
South
Korea's
sophisEcated
digital
informaEon
infrastructure
using
cyber
a4acks
to
shut
down
major
websites,
disrupt
online
services
of
major
banks,
and
probe
South
Korea's
readiness
to
miEgate
cyber-‐a4acks
Korean
Cyber
TTPs….
- 23. Red-‐DragonRising.com©
North
Korean
Army
General
Staff’s
Reconnaissance
Bureau,
Unit
110,
intercepted
confiden>al
defense
strategy
plans...
OPLAN
5027…
detailing
US–ROK
responses
to
poten>al
North
Korean
provoca>ons
US
Military
officer
with
the
ROK–US
Combined
Forces
Command
used
an
unsecured
USB
memory
s>ck
plugged
into
his
PC
while
switching
from
a
highly
secure
private
intranet
to
the
public
Internet
2009
Korean
Cyber
Conflict
Begins….
- 24. Red-‐DragonRising.com©
North
Korean
hackers
stole
informa>on
from
the
South
Korean
Chemical
Accidents
Response
Informa>on
System
(CARIS)
a–er
infiltra>ng
the
ROK
Third
Army
headquarters’
computer
network
and
using
a
password
to
access
CARIS’s
Center
for
Chemical
Safety
Management
North
Korea’s
overseas-‐intelligence
gathering
unit
under
the
State
Security
Agency
(SSA)
is
also
believed
to
increasingly
rely
on
informa>on
warfare
techniques
for
cyber-‐espionage
to
access
informa>on,
steal
sensi>ve
data,
and
monitor
foreign
communica>ons
2009
More
Korean
Cyber
Conflict….
- 25. Red-‐DragonRising.com©
"Ten
Days
of
Rain"
DDoS
aYacks
targe>ng
South
Korean
government
websites
and
networks
of
the
US
Forces
Korea
(USFK)
las>ng
for
10
days
in
2011…
North
Korea
has
relied
on
informa>on
warfare
to
alter
the
percep>ons
of
its
strategic
plans
–
December
2012,
and
subsequent
third
nuclear
test
in
February
2013,
North
Korea
manipulated
news
stories
as
part
of
a
deliberate
decep>on
campaign
to
hide
its
real
inten>ons.
2010
–
Present
Day
More
Korean
Cyber
Conflict….
- 31. Red-‐DragonRising.com©
Characteristics US North Korea China
Started IW/EW 1860’s
Founding Father
Andrew Carnegie/
Winfield Scott
Used as Combined
Arms?
Yes - 2011
Use of Hacktivism
as a Proxy?
Yes
Official Military
Command
2010
External
Motivators
Global Threats
Internet Controls? Yes
Criminal Cyber
Capability?
Yes
Impact on
Commerce?
Yes
- 41. Red-‐DragonRising.com©
Iran
Needs
Domes>c
Cyber
Defence
Model
Deputy
Chief
of
Staff
of
the
Iranian
Armed
Forces
for
Basij
and
Defense
Culture…
-‐
Brigadier
General
Massoud
Jazayeri
hYp://iranmilitarynews.org/2012/10/
- 43. Red-‐DragonRising.com©
“Iranian
Cyber-‐Jihadi
Cells
in
America
plot
Destruc>on
on
the
Net
and
in
Reality”
Iranian
Cyber-‐Jihadi
Cells
in
America
plot
Destruc>on
on
the
Net
and
in
Reality
"Last
September,
Jihadists
who
call
themselves
“Cyber-‐
Hezbollah”
organised
their
second
conference
in
Teheran.
Islamist
hackers
and
cyber-‐jihadists
gathered
there
and
decided
to
fight
the
U.S.
and
Europe.
Hassan
Abbasi,
poli>cal
strategist
and
adviser
of
the
Iranian
Revolu>onary
Guards,
was
present,
and
delivered
an
ardent
and
virulent
speech."
NOV
2011
hYp://www.thecuœngedgenews.com/index.php?ar>cle=53212&pageid=&pagename=
- 46. Red-‐DragonRising.com©
Mohammad-‐Reza
Farajipour,
Deputy
Chief
of
Informa>on
Technology
and
Communica>on
of
the
Passive
Defense
Organiza>on
of
Iran
(PDOI)
“….cyber
defense
will
now
be
taught
at
Iranian
universi>es
including
at
the
Tarbiat
Modares
university
in
Tehran
and
also
at
ins>tu>ons
outside
the
capital…”
OCT
2012
hYp://iranmilitarynews.org/category/basij/page/2/
- 55. Red-‐DragonRising.com©
− 29
OCT
2013
…20
NOV
2013
hYp://world.>me.com/2013/10/29/if-‐iran-‐can-‐get-‐this-‐reactor-‐online-‐it-‐may-‐be-‐invulnerable-‐to-‐
military-‐aYack/#!
hYp://www.langner.com/en/wp-‐content/uploads/2013/11/To-‐kill-‐a-‐centrifuge.pdf
hYp://www.foreignpolicy.com/ar>cles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_aYack?
page=full
- 57. Red-‐DragonRising.com©
MAY
2014
Iran
‘Bans’
Whatsapp
a–er
Zuckerberg
buys
it
hYp://cyberparse.co.uk/2014/05/05/iran-‐bans-‐whatsapp-‐over-‐zionist-‐zuckerberg/
hYp://america.aljazeera.com/ar>cles/2014/5/3/iran-‐narenji-‐bloggers.html
However,
Iran’s
president
Hassan
Rouhani
later
tweeted
Iranian
Government
….
“fully
opposed
to
filtering
of
WhatsApp”.
TwiYer
and
Facebook
have
been
banned
in
Iran
since
2009,
when
protests
against
former
president
Mahmoud
Ahmadinejad
gained
momentum
thanks
to
social
media.
IRAN'S
TECH
BLOGGERS
CAUGHT
IN
THE
POLITICAL
CROSSFIRE
Apoli>cal
bloggers
caught
in
poli>cal
crossfire
between
a
reform-‐minded
president,
who
has
scaled
back
Iran’s
nuclear
program
ini>ated
a
thaw
w/West,
&
a
right-‐wing
con>ngent
led
by
the
country’s
supreme
leader,
the
ultra-‐
conserva>ve
Ayatollah
Khamanei.
- 58. Red-‐DragonRising.com©
Brigadier
General
Jalali
–
Iran
to
Develop
Home-‐Designed
Cyber
Defense
System
fully
capable
of
execu>ng
منر جنگ
تعريف
hYp://english.farsnews.com/newstext.aspx?nn=13930221001069
hYp://theiranproject.com/blog/2014/05/11/iran-‐to-‐give-‐reciprocal-‐reac>on-‐to-‐possible-‐cyber-‐aYacks-‐
official/
MAY
2014
منر جنگ تعريف
Iran
to
give
reciprocal
reac>on
to
possible
cyber
aYacks:
فتعري
نرم
جنگ
- 59. Red-‐DragonRising.com©
Current
Iran
Cyber
SA…
دشو تلقی جرم انیپیو از استفاده :فتا پلیس فرمانده •
– (
Gen.
Kamal
Hadyanfr,
Iran's
cyber
police
(feta)
today
called
for
criminalizing
the
produc>on,
purchase,
sale
and
use
of
Vypyan
(.VPN)
in
Iran)
• Iranian
hackers
becoming
more
aggressive
• Iran's
Opera>on
Saffron
Rose
Advanced
Cyber
Espionage...not
advanced
plagiarized
threats
hYp://www.bbc.co.uk/persian/iran/2014/05/140512_l45_iran_vpn_criminalize.shtml?
hYp://www.reuters.com/ar>cle/2014/05/13/us-‐cyber-‐summit-‐iran-‐hackers-‐
idUSBREA4C03O20140513
hYp://www.fireeye.com/blog/technical/malware-‐research/2014/05/opera>on-‐
saffron-‐rose.html
- 61. Red-‐DragonRising.com©
Label
Timeframe
Purpose
Target
Na>on
State
Responsible
Na>on
State
Affected
Stuxnet
2004
-‐
2007
Cyber
/
Physical
Destruc>on
Iranian
Nuclear
Facility
@
Natanz
US
&
Israel
Islamic
Republic
of
Iran
Duqu
2007
–
2011
Cyber
Counter
Intelligence
Industrial
Control
Systems
US
&
Israel
…Taiwan
–
Republic
of
China
Mul>ple…
Flame
2009
-‐
2012
Cyber
reconnaissance/
cyber
data
exfiltra>on…
Cyber
espionage
Middle
Eastern
computer
systems
US
&
Israel
Iran,
Lebanon,
Syria,
Sudan,
Occupied
Territories
of
Israel
Gauss
2011
-‐
2012
Cyber
surveillance
/
Banking
Trojan
Middle
Eastern
Banks
Unknown
Lebanon,
Ci>Bank
&
PayPal
Batch
Wiper
2012
Cyber
Destruc>on
Iranian
Oil
Infrastructure
US
&
Israel
Islamic
Republic
of
Iran
Weaponized
Malware
- 67. Red-‐DragonRising.com©
Iranian
Military…
&
Nuke
Facili>es…..
− 11.
Ahwaz
92nd
Division
commando
companies,
which
operate
independently
under
their
own
command
are
beYer
known
as
“independent
companies.”
− Site
above
is
also
used
by
elements
of
the
division’s
2nd
Armored
Brigade.
− 12.
IRGC
92nd
Armored
Division’s
3rd
Armored
Brigade.
− 13.
The
IRGC’s
Isfahan
Ar>llery
Brigade.
− 15.
The
Zargan
power
sta>on
for
the
military
camps
in
the
region
which
runs
on
gas.
− 18.
A
yacht
and
speedboat
marina,
recently
renovated,
for
the
private
use
of
Revolu>onary
Guards
commanders
based
in
the
region.
− 20.
A
light
aircra–
airport
for
ferrying
farm
produce..
− 21.
A
500-‐meter-‐wide
canal,
which
links
the
Karun
River
to
the
Majnoun
islands
in
Iraq.
Huge
barges
stand
by
there
in
case
of
an
emergency
calling
for
troops
to
be
moved
quickly
inside
the
Khuzestan
province.
− 22.
A
missile-‐an>-‐aircra–
gun
cluster
for
defending
Ahwaz
and
its
environs.
- 68. Red-‐DragonRising.com©
Quds
–
Iranian
Intelligence
− Founded
a–er
1979…Iran’s
Revolu>on…
Sepāh-‐e
Pāsdārān-‐e
Enqelāb-‐e
Eslāmi اسالمی انقالب پاسداران سپاه −Sepāh-‐e
Pāsdārān-‐e
Enqelāb-‐e
Eslāmi
…
− Army
of
the
Guardians
of
the
Islamic
Revolu>on
(IGRC)
− Commanded
by
Major
General
Qassem
Suleimani
− Experience
in
Soviet
Afghanistan,
Bosnia….Iraq…’Stan’s
Redux…
− Iranian
Military
Support
regionally…Syria…
− Reports
directly
to
Supreme
Leader
of
Iran
Ayatollah
Ali
Khamenei
سقد نیروی
…
Niru-‐ye
Qods…
سقد نیروی
…..to
organize,
train,
equip,
and
finance
foreign
Islamic
revolu>onary
movements.
Quds
Force
maintains
and
builds
contacts
with
underground
Islamic
militant
organiza>ons
throughout
the
Islamic
world....
- 71. Red-‐DragonRising.com©
Iran’s
Cyber
OrganizaEon(s)
High
Council
of
Cyberspace
(Shoray-‐e
Aali-‐e
Fazaye
Majazi).
hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐
cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare
− March
2012
–
Order
established
by
Ayatollah
Khamenei
− Mission
of
ins>tu>ng
high-‐level
policies
on
the
cyberspace
− Comprised
of:
• President
of
Iran
• Judicial
Power
Leader
• Parliamentary
Leader
• IGRC
CINC’s
• Police
• Minister
of
Intelligence
• Telecommunica>ons,
Culture
&
Science
Ministers
All
other
Iranian
organiza>ons
in
charge
of
cyber
opera>ons
are
commiYed
to
implement
the
policies
ins>tuted
by
this
new
government
body
- 73. Red-‐DragonRising.com©
Iranian
Military…Cyber
(OFFICIAL)
The
Cyber
Defense
Command”
(Gharargah-‐e
Defa-‐e
Saiberi)
− November
2010
–
Order
established
by
Ayatollah
Khamenei
− Mission
of
responding
to
NCI
effects
brought
upon
by
Stuxnet
− Supervised
by
:
• Joint
Staff
of
the
Armed
Forces
(Setad-‐e
Kol-‐e
Niruhay-‐e
Mosalah)
• Opera>onally
via
Passive
Civil
Defense
Organiza>on
(Sazeman-‐e
Padafand-‐e
Gheyr-‐e
Amel)
hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐
cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare
Mo>va>on
to
establish…..
Coordina>ng
numerous
government
organiza>ons
and
agencies
to
non-‐militarily
respond
to
a
military
aYack
on
the
country
with
the
goal
of
minimizing
damage
to
the
country’s
infrastructure
and
facili>es
in
the
event
of
a
probable
war…
- 75. Red-‐DragonRising.com©
Iran’s
Cyber
Army
(UNOFFICIAL)
hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐
cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare
− Highly
skilled
informa>on
technology
specialists
&
professional
hackers
who
obfuscate
their
iden>>es…
− No
one
claims
responsibility…
And
yet…
− Unassailable
evidence
suggests
that
the
group
is
affiliated
with
the
IRGC…
- 76. Red-‐DragonRising.com©
Basij
Paramilitary
Force
–
Cyber
Mili>as
…
(Rogue…&
Effec>ve)
hYp://iranbriefing.net/?p=2682
hYp://www.foxnews.com/story/0,2933,534116,00.html
Iran’s
paramilitary
mili>a
helping
maintain
internal
security…
Primary
Goal
is:
Defeat
of
“Westoxifica>on,”
Iranian
term
for
the
harming
of
Persian
culture
by
Western
influences
present
in
the
cyber
realm
- 77. Red-‐DragonRising.com©
Iranian
Cyber
Police….
hYp://www.darkgovernment.com/news/iran-‐cea>ng-‐its-‐own-‐internet/
hYp://www.ho orsecurity.com/blog/iran-‐allegedly-‐detected-‐massive-‐western-‐
cyber-‐aYack-‐2479.html
Iran:
website
filtering
policy:
− Google
Plus
network
blocked;
− Plan
to
unblock
Facebook
denied
and/
or
− Iranian
top
cyber
police
official:
Facebook
may
be
unblocked
in
the
future….
- 78. Red-‐DragonRising.com©
CommiYee
to
Iden>fy
Unauthorized
Sites
hYp://privacy.cytalk.com/2012/01/iran-‐squeezes-‐web-‐surfers-‐prepares-‐
censored-‐na>onal-‐intranet/
Iran
squeezes
Web
surfers,
prepares
censored
na>onal
intranet
Iranians
have
lost
the
right
to
surf
the
Web
anonymously
at
Internet
cafes
as
the
government
reportedly
moves
closer
to
its
ul>mate
goal
of
replacing
the
global
network
with
a
censored
na>onal
intranet.
Iranian
Government
officials
claim
they
need
to
control
access
to
the
Internet
to
counter
what
they
say
is
a
“so–”
cultural
war
being
waged
by
Western
countries
to
influence
the
morals
of
Iranians.
- 79. Red-‐DragonRising.com©
IRAN’s
Na>onal
Internet
Project
hYp://www.huffingtonpost.com/huff-‐wires/20121010/ml-‐iran-‐spies-‐online/
Google,
Gmail
blocked
as
Iran
pushes
'na>onal
Internet'
hYp://www.abna.ir/data.asp?lang=3&Id=351147
Reza
Taghipour,
Iran's
informa>on
and
communica>ons
minister,
first
phase
of
Iran’s
na>onwide
project,
covering
governmental
ins>tu>ons
in
29
provinces
launched
September
21.
Taghipour
said
all
Iranian
universi>es
would
become
part
of
this
network
by
early
2013,
puœng
Iran
a
step
closer
to
disconnec>ng
itself
en>rely
from
the
global
Internet.
- 80. Red-‐DragonRising.com©
Characteristics Iran Russia China
Started IW/EW 2005 1999
Founding Father
Major General Yahya Rahim
Safavi
(ﺭرﺡحﯼیﻡمﺹصﻑفﻭوﯼی)
S.P. Rastorguev (Расторгуев
C.П.) & Marshall Sergeyev
(Маршалл Сергеев)
Used as Combined
Arms?
Yes - 2011 Yes 2007 & 2008
Use of Hacktivism
as a Proxy?
Yes
Yes – w/criminal
intentions
Official Military
Command
2010 2010
External
Motivators
United States of
America, UK & Israel
United States of
America
Internet Controls? Yes Yes
Criminal Cyber
Capability?
Yes Yes
Impact on
Commerce?
No Yes
- 83. Red-‐DragonRising.com©
US Govt Charges PLA Officers with
“Cyber Espionage”….
5 Chinese Military Hackers…?
hYp://camera.china>mes.com/newsphoto/2014-‐05-‐20/clipping/B01A00_T_01_04.JPG
- 88. Red-‐DragonRising.com©
Chinese
Perspec>ve….
–
“A
Sovereign
Country
Must
Have
Strong
Defense”
by
Min
Dahong,
director
of
the
Network
&
Digital
Media
Research
Office
@
China
Academy
of
Social
Sciences;
– “America’s
‘Pandora’s
Box’
Cyber
Strategy
Confuses
the
World”
by
Shen
Yi
-‐
Fudan
University’s
Department
of
Interna>onal
Poli>cs;
– “Cyber
Power
‘Shuffles
the
Cards’:
How
China
Can
Overtake
the
Compe>>on”
by
Tang
Lan,
Ins>tute
of
Informa>on
and
Social
Development
Studies
at
the
China
Ins>tute
of
Contemporary
Interna>onal
Rela>ons;
and
– “How
to
Construct
China’s
Cyber
Defenses”
by
Liu
Zengliang,
from
the
PLA
Na>onal
Defense
University
Red-‐DragonRising.com©
hYp://www.rmlt.com.cn/qikan/2011-‐08-‐16/
16
AUGUST
2011
–
People’s
Tribune
Magazine
-‐
(⼈人民论坛杂志)
publishes
several
ar>cles…
4
are
very
problema>c
for
the
United
States….
- 89. Red-‐DragonRising.com©
China's
PLA
Has
Won
the
Cyber
War
Because
They
Hacked
U.S.
Plans
for
Real
War
hYp://www.nextgov.com/cybersecurity/2013/05/china-‐winning-‐cyber-‐war-‐because-‐they-‐hacked-‐us-‐
plans-‐real-‐war/63740/
- 94. Red-‐DragonRising.com©
Chinese
Informa>on
Control
Ø Chinese
Government
Intent
ü Golden
Shield…Filter
the
Chinese
Internet
o Designed
1998
o Opera>onal
NOV
2003
o CISCO
powered
–
cost
$
800M
USD
o China’s
Ministry
of
Public
Security
(MPS)
operates….
ü Green
Dam….
Chinese
Government
Spyware
effec>ve
1
July
2009…new
PC’s
must
have
….
Ø Military
Focus
Ø Civilian
Dimension
–
control
freedom
of
search
–
control
freedom
of
speech
hYp://www.certmag.com/read.php?in=3906
hYp://www.e-‐ir.info/2010/04/13/chinese-‐informa>on-‐and-‐cyber-‐warfare/
hYp://www.zdnet.com/blog/government/china-‐demands-‐new-‐pcs-‐carry-‐spyware/
4906
- 95. Red-‐DragonRising.com©
► Codified cyber warfare in 2010…
• In response to US Cyber Command 6 months earlier…
► Official Edict: “protect national infrastructure from
external cyber threats” – President Hu Jin tao
► President Hu’s successor Xi Jin ping ….
Motivations:
• Maintain & Retain Chinese Dream…
• Ensure China’s Sovereignty…
• Control Freedom of Search…
• Ensure stable transition of Communist Regime…
中國共產黨 - CPC
- 96. Red-‐DragonRising.com©
Purify
the
internet….
Former
Chinese
President
Hu
Jintao
had
declared
Communist
party's
intent
to
strengthen
administra>on
of
the
online
environment
&
maintain
the
ini>a>ve
in
online
opinion…
ü "Maintain
the
ini>a>ve
in
opinion
on
the
Internet;
ü
“Raise
the
level
of
guidance
online”;
and,
ü "We
must
promote
civilized
running
and
use
of
the
Internet
and
purify
the
Internet
environment….”
hYp://www.reuters.com/ar>cle/2007/01/24/us-‐china-‐internet-‐hu-‐idUSPEK9570520070124
Chinese
Communist
officials
to
intensify
control
even
as
they
seek
to
release
the
Internet's
economic
poten>al.
"Ensure
that
one
hand
grasps
development
while
one
hand
grasps
administra>on…"
- 100. Red-‐DragonRising.com©
► 500 BC Sun-Tzu’s Art of War – basis
► Sun Ping’s Military Methods
► 1995 - Major General Wang Pufeng –
Founding father of Chinese Information Warfare
(IW)
► 1999 - War Without Limits – PLAAF Senior Colonel’s
Qiao Liang & Wang Xiangsui
► 2002 - PLA's IW strategy spearheaded by Major General
Dai Qingmin -
人民解放军-‐
PLA
Integrated
Network-‐Electronic
Warfare
(INEW)
- 101. Red-‐DragonRising.com©
General Staff Directorate’s (GSD) Cyber Warfare
‘Princelings’…
General Zhang Qinsheng 章沁生
General Chen Bingde 陈炳德
General Ma Xiaotian 马晓天
Vice Admiral Sun Jianguo 孙建国
Major General Hou Shu sen 侯树森
Official
Statement
of
Chinese
IW
20 JUL 2010 – ‘ordered by President Hu
Jintao to handle cyber threats as China
enters the information age, & strengthen
the nation's cyber-infrastructure’
漢族…Han Chinese
Communist…
Technologists…
PLA Leaders…. &
中國人
- 102. Red-‐DragonRising.com©
• Major General Hu Xiaofeng, Deputy Director for the
National Defense University Department of Information
Warfare and Training Command
• Professor Meng Xiangqing, National Defense University
Institute for Strategic Studies
目前中國網絡戰的戰術
China’s “Goal is to achieve a strategic
objective…over adversaries…”
“You have to meet my political conditions
or your government will be toppled, or
you promise to meet some of my political
conditions.”
黑暗訪問者, 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/
- 103. Red-‐DragonRising.com©
“…train
a
new
type
of
high-‐caliber
military
personnel
in
large
numbers,
intensively
carry
out
military
training
under
computerized
condi>ons,
and
enhance
integrated
combat
capability
based
on
extensive
IT
applica>on…”;
“…implement
the
military
strategy
of
ac>ve
defense
for
the
new
period,
and
enhance
military
strategic
guidance
as
the
>mes
so
require”;
“…strengthen
na>onal
defense
aim
to
safeguard
China's
sovereignty,
security
and
territorial
integrity
and
ensure
its
peaceful
development…“;
“…enhance
the
capability
to
accomplish
a
wide
range
of
military
tasks,
the
most
important
of
which
is
to
win
local
war
in
an
informa>on
age…“;
Chinese
Military
….
Future
OPS
hYp://news.xinhuanet.com/english/special/18cpcnc/
2012-‐11/08/c_131959900.htm
8
NOV
2012:
President
Hu
JinTao:
“China
will
speed
up
full
military
IT
Applica>ons
by
2020”
- 104. Red-‐DragonRising.com©
國有企業
–
State
Owned
Enterprises
中华人民共和国工业和信息化部
Ø Commercial theme, profit oriented…
Ø Research base, ties to Chinese Academy of
Sciences (CAS)…
Ø International interest & focus…developing
countries…
Ø No organic innovation capabilities…
Ø Foreign cyber espionage capability via PLA (GSD) &
MSS…
Common Themes…
- 105. Red-‐DragonRising.com©
Chinese Military Sabotage India’s State Owned Telco
BSNL’s Base Station PLA SOE Huawei implicated
華為
hYp://beyondheadlines.in/2014/01/chinese-‐military-‐sabotage-‐indias-‐state-‐owned-‐telco-‐bsnls-‐base-‐
sta>on/
Earlier
NSC
warned
of
Huawei,
ZTE’s
links
with
Chinese
Military
- 106. Red-‐DragonRising.com©
• 2001 …. Insider plants data exfiltration trojan
• Corporate executives targeted….
• Leadership avoids ignores warnings of threat
• Telecommunications Intellectual Property data theft continues
unabated…for TEN years
• Market valuation and position lost…
• 2011 … Nortel ceases to exist as a Canadian Company….
• Chinese State Owned Enterprises…Huawei ZTE suddenly take
global leadership in telephony….
Nortel
Case
Study…
6
JUNE
2012
“
Secret
Memo
Warns
of
Canadian
Cyber
Threat
A–er
Nortel
AYack….”
- 108. Red-‐DragonRising.com©
Ø Originally supported by CPC & PLA
• Now uncontrollable….Golden Shield Project?
• Comment Group…
• Elderwood Gang…
• Use of known Chinese malware for commercial purposes now…
Ø Reinforce PRC’s nationalism via the web
• Taiwan, the renegade Chinese Province
• Punishing Japan for WWII war crimes, Daiyu Islands
• Confronting Philippines, Oil near Huangyuan
• Codera’s anti-Chinese web rhetoric
Ø Capability to carry out Chinese State Policies
without attribution….
黑客 –
“Dark
Guests”
- 109. Red-‐DragonRising.com©
Characteristics Iran North Korea China
Started IW/EW 2005 1999 1995
Founding Father
Major General Yahya Rahim
Safavi( ﺭرﺡحﯼیﻡمﺹصﻑفﻭوﯼی )
N/A
Major General Wang Pu Feng
(少將王浦峰)
Used as Combined
Arms?
Yes - 2011 Yes 2010 Yes - 2011
Use of Hacktivism
as a Proxy?
Yes
Yes – w/criminal
intentions
Yes
Official Military
Command
2010 Unknown 2010
External
Motivators
United States of
America, UK & Israel
South Korea & USA
United States of
America
Internet Controls? Yes Yes Yes
Criminal Cyber
Capability?
Yes Yes Yes
Impact on
Commerce?
No Yes Yes
- 112. Red-‐DragonRising.com©
Cyber
War
Misunderstood….
1) AYacker
has
the
Advantage
over
the
Defender
hYp://smallwarsjournal.com/jrnl/art/why-‐your-‐intui>on-‐about-‐cyber-‐warfare-‐is-‐probably-‐wrong
- 113. Red-‐DragonRising.com©
Conclusions
1) Cyber-‐espionage
is
state
sponsored;
yet
direct
aYribu>on
is
an
illusion….
2) Iran,
Russia
&
中國 plan
cyber-‐espionage
–
defensively
&
offensively;
3) Each
Na>on
State
has
separate
&
dis>nct
reasons…
4) All
Three
Countries
started
their
military
cyber
commands
in
2010;
5) Cultural,
economic,
historical
&
linguis>c
threads
for
Iranian,
Russian
&
Chinese
cyber-‐espionage;
6) Ci>zen
hacking
an
unofficial
proxy
cyber
force
mul>plier;
7) Commercial
enterprises
&
all
organiza>ons
worldwide
are
permeable
to
cyber
hacking
in
all
form
&
methods;
8) Foreign
language
malware,
RATs,
Botnets
are
undiscoverable….un>l
now…
- 114. Red-‐DragonRising.com©
9) Iranian
(Persian),
Russian
&
Mandarin
languages
are
an
excep>onal
form
of
cryptography…
10) All
Western
InfoSec
Technology
are
ineffec>ve
against
Foreign
cyber
aYacks…un>l
now…
11)
Organiza>ons
cannot
defend
against
various
alleged
Iranian,
Russian
&
Chinese
informa>on
warfare
threats…
12)
Offensive
Cyber
Capabili>es
must
be
developed…..protect
your
IP
&
Network
13) Na>on
State
cyber-‐espionage
threats
are
very
serious
&
will
only
become
much,
much
worse…..
Conclusions
- 116. Red-‐DragonRising.com©
IRANIAN
References…
• hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238
• hYp://www.reuters.com/ar>cle/2012/10/03/us-‐iran-‐cyber-‐idUSBRE8920MO20121003
• hYp://www.eurasiareview.com/03102012-‐us-‐israeli-‐cyber-‐aYacks-‐against-‐iran-‐con>nue-‐
with-‐assault-‐on-‐internet-‐oped/?
• hYp://www.csoonline.com/ar>cle/718068/iran-‐s-‐cyberaYack-‐claims-‐difficult-‐to-‐judge-‐
experts-‐say?source=rss_cso_exclude_net_net
• hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐
cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare
• hYp://thediplomat.com/2012/06/26/is-‐u-‐s-‐in-‐iran-‐cyber-‐war/
• hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238
• hYp://www.reuters.com/ar>cle/2012/10/03/us-‐iran-‐cyber-‐idUSBRE8920MO20121003
• hYp://www.eurasiareview.com/03102012-‐us-‐israeli-‐cyber-‐aYacks-‐against-‐iran-‐con>nue-‐
with-‐assault-‐on-‐internet-‐oped/?
• hYp://www.csoonline.com/ar>cle/718068/iran-‐s-‐cyberaYack-‐claims-‐difficult-‐to-‐judge-‐
experts-‐say?source=rss_cso_exclude_net_net
• h4p://www.guardian.co.uk/world/iran-‐blog/2012/mar/13/qassem-‐suleimani-‐issues-‐warning
- 117. Red-‐DragonRising.com©
People’s
Republic
of
China
References…
• h4p://thediplomat.com/2013/04/19/is-‐cyber-‐war-‐the-‐new-‐cold-‐war/?all=true
• h4p://chinadigitalEmes.net/2013/04/cybersecurity-‐and-‐the-‐new-‐cold-‐war/?
• h4p://thediplomat.com/2011/08/25/did-‐china-‐Ep-‐cyber-‐war-‐hand/
• h4p://thediplomat.com/2009/08/13/on-‐the-‐cyber-‐warpath/
• h4p://thediplomat.com/2011/11/09/china%E2%80%99s-‐cyber-‐moves-‐hurt-‐beijing/?all=true
• William
J.
Lynn
III
W.
Defending
a
New
Domain:
The
Pentagon's
Cyberstrategy.//
Foreign
Affairs.
September/October
2010.
• h4p://www.foreignaffairs.com/arEcles/66552/william-‐j-‐lynn-‐iii/defending-‐a-‐new-‐
domain(29.08.2010)
• h4p://www.rawstory.com/rs/2010/0829/pentagon-‐weighs-‐applying-‐preempEve-‐warfare-‐
tacEcs-‐internet/
(30.08.2010)
• h4p://thediplomat.com/2013/04/19/is-‐cyber-‐war-‐the-‐new-‐cold-‐war/?all=true
• h4p://www.nccgroup.com/en/our-‐services/security-‐tesEng-‐audit-‐compliance/technical-‐
security-‐assessment-‐penetraEon-‐tesEng/the-‐latest-‐origin-‐of-‐hacks/
Image
References:
hYp://techandscience.com/
hYp://www.website-‐guardian.com/
hYp://mashable.com/2013/04/23/global-‐malware-‐report/