Сравнение хакеров Ирана, Китая и Северной Кореи

Red-‐DragonRising.com©

взломать
этот!


Compara>ve
Study:

Global
Cyber
Doctrine

LTCOL
(RET)
William
Hagestad
II

MSc
Security
Technologies

MSc
Management
of
Technology

www.red-‐dragonrising.com

hagestadwt@red-‐dragonrising.com

Cyber
as
a
spectrum
of
cyberspace
opera>ons
including

Defensive
Cyberspace
Opera>ons
(DCO)

Oﬀensive
Cyberspace
Opera>ons
(OCO)


Protec>ng
The
Cyber
Front
Lines


2014 Top Internet Attacks….
hYp://mybroadband.co.za/news/security/101440-‐top-‐internet-‐aYacks.html

Китайская
Народная
Республика

Соединенные
Штаты
Америки

Россия


Port
445
most
targeted
port,
reaching

30%
of
observed
aYacks..

hYp://mybroadband.co.za/news/security/101440-‐top-‐internet-‐aYacks.html

The
volume
of
aYacks

targe>ng
Port
80
remained

steady
at
14%


“21st
Century
Chinese

Cyber
Warfare”

“二十一世紀中國網絡戰”

ISBN: 9781849283342
取締中華人民共和國

ISBN:
978-‐1482577105
hYp://www.amazon.com/Opera>on-‐Middle-‐Kingdom-‐Computers-‐Networks-‐
ebook/dp/B00GTVFJOQ/



ISBN:
978-‐1493771974hYp://www.amazon.com/Chinese-‐Informa>on-‐Warfare-‐Doctrine-‐
Development-‐ebook/dp/B00GWO12LO/



ISBN:
978-‐1496080875hYp://www.amazon.com/Chinas-‐Plans-‐Winning-‐Informa>on-‐
Confronta>on/dp/1496080874/



Cyber Threat Motive
Targets of
Opportunity
Methodologies Capabilities
Nation States ~
Peace Time
Economic,
Military,
National
Secrets,
Political
Commercial Enterprises,
Intelligence, National Defense,
Governments, National
Infrastructure
Military & Intel specific
cyber doctrine,
hacktivists
Asymmetric use of
the cyber domain
short of kinetic
Nation States ~
War Time
Economic,
Military,
Political
Commercial Enterprises,
Intelligence, National Defense,
Governments, National
Infrastructure
Military & Intel specific
cyber doctrine,
hacktivists
Asymmetric use of
the cyber domain
including kinetic
Cyber Terrorists &
Insurgents
Political
Infrastructure, Extortion and
Political Processes
Combination of
advanced persistent
threats (APT)
Developing – will be
a concern in 2012
Cyber Criminals –
Grey & Black
Markets
Financial
Intellectual Property Theft, Fraud,
Theft, Scams, Hijacked Network
& Computer Resources, Cyber
Crime for Hire
Exploits, Malware
Botnets, Worms &
Trojans
Cell-based structure
as an APT
Criminal
Organizations – RBN
Financial
Use of above with
distinct planning
Highly professional,
dangerous
Rogue Organizations
– Anonymous,
LulzSec
Financial
Military,
National
Secrets,
Political
Intellectual Property Theft, Direct
& Indirect pressure on OGA
Resources
Organic hacking
capabilities
unsurpassed
Organized yet de-
centralized
Руководство
Цифровые
оппоненты


“Thanks to the increased attack traffic seen
from Indonesia, ports 80 and 443 were the
most commonly targeted ports, accounting
for 41 percent of observed attacks
combined.”
Indonesia
Overtakes
China…

h4p://www.techinasia.com/report-‐indonesia-‐overtakes-‐china-‐worlds-‐biggest-‐source-‐online-‐a4acks/


Where?...
When?

Who
Started
All
This?

hYp://www.defense.gov/releases/release.aspx?releaseid=13551

US
DoD

Militarizes
Cyber

Space…

“We
Are
Coming

for
You
if
your

country
is
a
threat

in
Binary
World!”


Preemp>ve
Strikes
Will
Be
A

Part
Of
U.S.
Cyber-‐Defense

Strategy

That
was
in
2010….


This
is,
however,
2014….

hYp://news.xinhuanet.com/mil/2014-‐05/21/c_126526347.htm

美方无中生有别有用心

China:

U.S.
fabricated

charges
with

ulterior

moEves


China’s
Defense
Ministry:
“China's
military
has
never

stolen
trade
secrets
through
a
network”

United
States

is
calling
this

"commercial

espionage

network”

saying

nothing,

confused
with

ulterior

mo>ves.


조선 민주주의 인민 공화국


(1)
for
informa>on
to
obtain
informa>on
and
intelligence

about
each
other’s
means,
capabili>es,
and
strategies;

(2)
against
informa>on
aimed
at
protec>ng
their

informa>on
systems,
while
disrup>ng
or
destroying
the

other
side’s
informa>on
infrastructure;
and

(3)
through
informa>on
reﬂected
in
the
misinforma>on

and
decep>on
opera>ons
to
shape
their
broader
internal

and
external
strategic
narra>ves.

Korean
Peninsula
IW….

3
levels
of
informa>on
conﬂict

simultaneously:


Cyber-‐espionage
:
North
Korea's
primary
overseas
intelligence
gathering
unit,

operaEng
under
the
State
Security
Agency
(SSA),
relies
on
cyber-‐related

techniques
for
cyber-‐espionage
to
access
informaEon,
steal
sensiEve
data,
&

monitor
foreign
communicaEons.

Computer
network
aYacks
:
North
Korea
has
a4empted
to
disrupt
South

Korea's
sophisEcated
digital
informaEon
infrastructure
using
cyber
a4acks
to

shut
down
major
websites,
disrupt
online
services
of
major
banks,
and
probe

South
Korea's
readiness
to
miEgate
cyber-‐a4acks

Korean
Cyber
TTPs….


North
Korean
Army
General
Staff’s
Reconnaissance

Bureau,
Unit
110,
intercepted
confiden>al
defense

strategy
plans...

OPLAN
5027…
detailing
US–ROK
responses
to

poten>al
North
Korean
provoca>ons

US
Military
officer
with
the
ROK–US
Combined

Forces
Command
used
an
unsecured
USB
memory

s>ck
plugged
into
his
PC
while
switching
from
a

highly
secure
private
intranet
to
the
public
Internet

2009
Korean
Cyber
Conflict

Begins….


North
Korean
hackers
stole
informa>on
from
the
South

Korean
Chemical
Accidents
Response
Informa>on
System

(CARIS)
a–er
inﬁltra>ng
the
ROK
Third
Army
headquarters’

computer
network
and
using
a
password
to
access
CARIS’s

Center
for
Chemical
Safety
Management

North
Korea’s
overseas-‐intelligence
gathering
unit
under
the

State
Security
Agency
(SSA)
is
also
believed
to
increasingly

rely
on
informa>on
warfare
techniques
for
cyber-‐espionage

to
access
informa>on,
steal
sensi>ve
data,
and
monitor

foreign
communica>ons

2009
More
Korean
Cyber

Conﬂict….


"Ten
Days
of
Rain"
DDoS
aYacks
targe>ng
South

Korean
government
websites
and
networks
of
the

US
Forces
Korea
(USFK)
las>ng
for
10
days
in
2011…

North
Korea
has
relied
on
informa>on
warfare
to

alter
the
percep>ons
of
its
strategic
plans
–

December
2012,
and
subsequent
third
nuclear
test

in
February
2013,
North
Korea
manipulated
news

stories
as
part
of
a
deliberate
decep>on
campaign

to
hide
its
real
inten>ons.

2010
–
Present
Day
More
Korean

Cyber
Conﬂict….


Mouse
&
Keyboard
Cheaper
Than
a
Tank….


2013
–

DPRK

military

could
turn

to
cyber-‐
warfare
for

lower
costs


South
Korea
will
use
military

cyber
F/X
to
thwart
DPRK’s

nuclear
ambi>ons


South
Korea
government
is
working
to

the
development
of
a
cyber
weapon
to

hit
North
Korean
nuclear
facili>es.
It’s

Informa>on
warfare.


Characteristics US North Korea China
Started IW/EW 1860’s
Founding Father
Andrew Carnegie/
Winfield Scott
Used as Combined
Arms?
Yes - 2011
Use of Hacktivism
as a Proxy?
Yes
Official Military
Command
2010
External
Motivators
Global Threats
Internet Controls? Yes
Criminal Cyber
Capability?
Yes
Impact on
Commerce?
Yes


Средний
Восток


Islamic
Republic
of

Iran


Iranian
Cyber
Dilemma


Where
is
Iran…?


‫ن‬‫گوناگو‬ ‫های‬ ‫زبان‬
@
Least
18
or

More…diverse

languages…or

dialects….


Shi’ah…Sunnah…BOTH!

@
Least
12
or
More…
diverse
ethnici>es….

&
Yet
2
Religions….


Iran
Needs
Domes>c
Cyber

Defence
Model

Deputy
Chief
of
Staﬀ
of
the
Iranian
Armed
Forces
for
Basij

and
Defense
Culture…

-‐
Brigadier
General
Massoud
Jazayeri

hYp://iranmilitarynews.org/2012/10/


SEP
2010


“Iranian
Cyber-‐Jihadi
Cells
in

America
plot
Destruc>on
on

the
Net
and
in
Reality”

Iranian
Cyber-‐Jihadi
Cells
in
America
plot
Destruc>on
on

the
Net
and
in
Reality

"Last
September,
Jihadists
who
call
themselves
“Cyber-‐
Hezbollah”
organised
their
second
conference
in
Teheran.

Islamist
hackers
and
cyber-‐jihadists
gathered
there
and

decided
to
ﬁght
the
U.S.
and
Europe.
Hassan
Abbasi,

poli>cal
strategist
and
adviser
of
the
Iranian
Revolu>onary

Guards,
was
present,
and
delivered
an
ardent
and
virulent

speech."

NOV
2011
hYp://www.thecuœngedgenews.com/index.php?ar>cle=53212&pageid=&pagename=


SEP
2012


OCT
2012


Mohammad-‐Reza
Farajipour,
Deputy
Chief
of

Informa>on
Technology
and
Communica>on

of
the
Passive
Defense
Organiza>on
of
Iran

(PDOI)

“….cyber
defense
will
now
be
taught
at
Iranian

universi>es
including
at
the
Tarbiat
Modares

university
in
Tehran
and
also
at
ins>tu>ons
outside

the
capital…”

OCT
2012

hYp://iranmilitarynews.org/category/basij/page/2/


MAY
2013


JUN
2013


JUL
2013


OCT
2013


JAN
2013


Izz
ad-‐Din
al-‐Qassam
Cyber
Fighters


…10
JUL
2013


−  29
OCT
2013

…20
NOV
2013

hYp://world.>me.com/2013/10/29/if-‐iran-‐can-‐get-‐this-‐reactor-‐online-‐it-‐may-‐be-‐invulnerable-‐to-‐
military-‐aYack/#!

hYp://www.langner.com/en/wp-‐content/uploads/2013/11/To-‐kill-‐a-‐centrifuge.pdf

hYp://www.foreignpolicy.com/ar>cles/2013/11/19/stuxnets_secret_twin_iran_nukes_cyber_aYack?
page=full


hYp://www.presstv.com/detail/2013/12/13/339845/iran-‐to-‐unveil-‐indigenous-‐
cyber-‐products/

DEC
2013


MAY
2014

Iran
‘Bans’
Whatsapp
a–er
Zuckerberg
buys
it

hYp://cyberparse.co.uk/2014/05/05/iran-‐bans-‐whatsapp-‐over-‐zionist-‐zuckerberg/

hYp://america.aljazeera.com/ar>cles/2014/5/3/iran-‐narenji-‐bloggers.html

However,
Iran’s
president
Hassan
Rouhani

later
tweeted
Iranian
Government
….

“fully
opposed
to
ﬁltering
of
WhatsApp”.

TwiYer
and
Facebook
have
been
banned
in
Iran
since
2009,
when
protests
against

former
president
Mahmoud
Ahmadinejad
gained
momentum
thanks
to
social
media.

IRAN'S
TECH
BLOGGERS
CAUGHT
IN
THE
POLITICAL

CROSSFIRE

Apoli>cal
bloggers
caught
in
poli>cal
crossﬁre
between
a
reform-‐minded

president,
who
has
scaled
back
Iran’s
nuclear
program
ini>ated
a
thaw
w/West,

&
a
right-‐wing
con>ngent
led
by
the
country’s
supreme
leader,
the
ultra-‐
conserva>ve
Ayatollah
Khamanei.


Brigadier
General
Jalali
–

Iran
to
Develop
Home-‐Designed

Cyber
Defense
System
fully
capable

of
execu>ng
‫م‬‫نر‬ ‫جنگ‬ ‫
تعريف‬
hYp://english.farsnews.com/newstext.aspx?nn=13930221001069

hYp://theiranproject.com/blog/2014/05/11/iran-‐to-‐give-‐reciprocal-‐reac>on-‐to-‐possible-‐cyber-‐aYacks-‐
oﬃcial/

MAY
2014

‫م‬‫نر‬ ‫جنگ‬ ‫تعريف‬
Iran
to
give

reciprocal

reac>on
to

possible
cyber

aYacks:
‫ف‬‫تعري‬
‫نرم‬ ‫
جنگ‬


Current
Iran
Cyber
SA…

‫د‬‫شو‬ ‫تلقی‬ ‫جرم‬ ‫‌ان‬‫ی‬‫‌پ‬‫ی‬‫و‬ ‫از‬ ‫استفاده‬ :‫فتا‬ ‫پلیس‬ ‫ فرمانده‬ •
– (
Gen.
Kamal
Hadyanfr,
Iran's
cyber

police
(feta)
today
called
for

criminalizing
the
produc>on,

purchase,
sale
and
use
of
Vypyan

(.VPN)
in
Iran)

•  Iranian
hackers
becoming
more

aggressive

•  Iran's
Opera>on
Saffron
Rose
Advanced

Cyber
Espionage...not
advanced

plagiarized
threats
hYp://www.bbc.co.uk/persian/iran/2014/05/140512_l45_iran_vpn_criminalize.shtml?

hYp://www.reuters.com/ar>cle/2014/05/13/us-‐cyber-‐summit-‐iran-‐hackers-‐
idUSBREA4C03O20140513

hYp://www.fireeye.com/blog/technical/malware-‐research/2014/05/opera>on-‐
saffron-‐rose.html


Why
Iran…?

−  STUXNET

−  DUQU

−  FLAME

−  WIPER….


Label
Timeframe
Purpose
Target

Na>on
State

Responsible

Na>on
State

Aﬀected

Stuxnet

2004
-‐

2007

Cyber
/
Physical

Destruc>on

Iranian

Nuclear

Facility
@

Natanz

US
&
Israel

Islamic

Republic
of

Iran

Duqu

2007
–

2011

Cyber
Counter

Intelligence

Industrial

Control

Systems

US
&
Israel

…Taiwan
–

Republic
of

China

Mul>ple…

Flame

2009
-‐

2012

Cyber

reconnaissance/

cyber
data

exﬁltra>on…

Cyber
espionage

Middle

Eastern

computer

systems

US
&
Israel

Iran,
Lebanon,

Syria,
Sudan,

Occupied

Territories
of

Israel

Gauss

2011
-‐

2012

Cyber

surveillance
/

Banking
Trojan

Middle

Eastern
Banks

Unknown

Lebanon,

Ci>Bank
&

PayPal

Batch

Wiper

2012
Cyber
Destruc>on

Iranian
Oil

Infrastructure

US
&
Israel

Islamic

Republic
of

Iran

Weaponized
Malware


hYp://arstechnica.com/security/2012/08/na>on-‐sponsored-‐malware-‐has-‐
mystery-‐warhead/

Cyber
Weapons

Geo-‐Infec>ons


Middle
East…

Threat
?/
Resource?


Iranian
Infrastructure…

hYp://www.classwarfareexists.com/wp-‐content/uploads/2012/02/caspian-‐sea.jpg


Iranian
Infrastructure…

Cyber
Target

Eight
Known
Iranian
Nuclear
Sites


Iranian
Military…

&
Nuke
Facili>es…..

−  11.
Ahwaz
92nd
Division
commando
companies,

which
operate
independently
under
their
own

command
are
beYer
known
as
“independent

companies.”

−  Site
above
is
also
used
by
elements
of
the

division’s
2nd
Armored
Brigade.

−  12.
IRGC
92nd
Armored
Division’s
3rd
Armored

Brigade.

−  13.
The
IRGC’s
Isfahan
Ar>llery
Brigade.

−  15.
The
Zargan
power
sta>on
for
the
military

camps
in
the
region
which
runs
on
gas.

−  18.
A
yacht
and
speedboat
marina,
recently

renovated,
for
the
private
use
of
Revolu>onary

Guards
commanders
based
in
the
region.

−  20.
A
light
aircra–
airport
for
ferrying
farm

produce..

−  21.
A
500-‐meter-‐wide
canal,
which
links
the

Karun
River
to
the
Majnoun
islands
in
Iraq.
Huge

barges
stand
by
there
in
case
of
an
emergency

calling
for
troops
to
be
moved
quickly
inside
the

Khuzestan
province.

−  22.
A
missile-‐an>-‐aircra–
gun
cluster
for

defending
Ahwaz
and
its
environs.


Quds
–
Iranian
Intelligence

−  Founded
a–er
1979…Iran’s
Revolu>on…

Sepāh-‐e
Pāsdārān-‐e
Enqelāb-‐e
Eslāmi ‫اسالمی‬ ‫انقالب‬ ‫پاسداران‬ ‫ سپاه‬ −Sepāh-‐e
Pāsdārān-‐e
Enqelāb-‐e
Eslāmi
…
−  Army
of
the
Guardians
of
the
Islamic
Revolu>on
(IGRC)

−  Commanded
by
Major
General
Qassem
Suleimani

−  Experience
in
Soviet
Afghanistan,
Bosnia….Iraq…’Stan’s

Redux…

−  Iranian
Military
Support
regionally…Syria…

−  Reports
directly
to

Supreme
Leader
of
Iran
Ayatollah
Ali

Khamenei

‫س‬‫قد‬ ‫نیروی‬

…
Niru-‐ye
Qods…

‫س‬‫قد‬ ‫نیروی‬

…..to
organize,
train,
equip,
and
ﬁnance
foreign
Islamic

revolu>onary
movements.
Quds
Force
maintains
and

builds
contacts
with
underground
Islamic
militant

organiza>ons
throughout
the
Islamic
world....


Anonymous
Targets
Iran
with
DoS
aYack…April
2011


Iran’s
Cyber
OrganizaEon(s)

High
Council
of
Cyberspace
(Shoray-‐e
Aali-‐e
Fazaye
Majazi).

hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conﬂits-‐r%C3%A9gionaux-‐et-‐
cyberterrorisme/structure-‐of-‐iran%E2%80%99s-‐cyber-‐warfare

−  March
2012
–
Order
established
by
Ayatollah
Khamenei

−  Mission
of
ins>tu>ng
high-‐level
policies
on
the
cyberspace

−  Comprised
of:

•  President
of
Iran

•  Judicial
Power
Leader

•  Parliamentary
Leader

•  IGRC
CINC’s

•  Police

•  Minister
of
Intelligence

•  Telecommunica>ons,
Culture
&
Science
Ministers

All
other
Iranian
organiza>ons
in
charge
of
cyber
opera>ons

are
commiYed
to
implement
the
policies
ins>tuted
by
this

new
government
body


Iranian
Military…Cyber
(OFFICIAL)

The
Cyber
Defense
Command”
(Gharargah-‐e
Defa-‐e
Saiberi)

−  November
2010
–
Order
established
by
Ayatollah
Khamenei

−  Mission
of
responding
to
NCI
eﬀects
brought
upon
by
Stuxnet

−  Supervised
by
:

•  Joint
Staﬀ
of
the
Armed
Forces
(Setad-‐e
Kol-‐e
Niruhay-‐e
Mosalah)

•  Opera>onally
via
Passive
Civil
Defense
Organiza>on
(Sazeman-‐e
Padafand-‐e

Gheyr-‐e
Amel)


Mo>va>on
to
establish…..

Coordina>ng
numerous
government
organiza>ons
and

agencies
to
non-‐militarily
respond
to
a
military
aYack
on
the

country
with
the
goal
of
minimizing
damage
to
the
country’s

infrastructure
and
facili>es
in
the
event
of
a
probable
war…


‫ن‬‫ایرا‬ ‫سایبری‬ ‫ارتش‬
hYp://www.rferl.org/content/Iranian_Cyber_Army_Hacks_Website_Of_Farsi1/2223708.html


Iran’s
Cyber
Army
(UNOFFICIAL)


−  Highly
skilled
informa>on
technology
specialists
&

professional
hackers
who
obfuscate
their
iden>>es…

−  No
one
claims
responsibility…

And
yet…

−  Unassailable
evidence
suggests
that
the
group
is
aﬃliated

with
the
IRGC…


Basij
Paramilitary
Force
–

Cyber
Mili>as
…

(Rogue…&
Effec>ve)

hYp://iranbriefing.net/?p=2682

hYp://www.foxnews.com/story/0,2933,534116,00.html

Iran’s
paramilitary
mili>a
helping
maintain

internal
security…

Primary
Goal
is:

Defeat
of
“Westoxifica>on,”

Iranian
term
for
the
harming
of
Persian
culture

by
Western
influences
present
in
the
cyber
realm


Iranian
Cyber
Police….

hYp://www.darkgovernment.com/news/iran-‐cea>ng-‐its-‐own-‐internet/

hYp://www.ho orsecurity.com/blog/iran-‐allegedly-‐detected-‐massive-‐western-‐
cyber-‐aYack-‐2479.html

Iran:
website
ﬁltering
policy:

−  Google
Plus
network
blocked;

−  Plan
to
unblock
Facebook
denied
and/
or

−  Iranian
top
cyber
police
oﬃcial:

Facebook
may
be
unblocked
in
the

future….


CommiYee
to
Iden>fy

Unauthorized
Sites

hYp://privacy.cytalk.com/2012/01/iran-‐squeezes-‐web-‐surfers-‐prepares-‐
censored-‐na>onal-‐intranet/

Iran
squeezes
Web
surfers,
prepares
censored

na>onal
intranet

Iranians
have
lost
the
right
to
surf
the
Web

anonymously
at
Internet
cafes
as
the

government
reportedly
moves
closer
to
its

ul>mate
goal
of
replacing
the
global

network
with
a
censored
na>onal
intranet.

Iranian
Government
oﬃcials
claim
they
need
to
control

access
to
the
Internet
to
counter
what
they
say
is
a
“so–”

cultural
war
being
waged
by
Western
countries
to
inﬂuence

the
morals
of
Iranians.


IRAN’s
Na>onal
Internet

Project

hYp://www.huffingtonpost.com/huff-‐wires/20121010/ml-‐iran-‐spies-‐online/

Google,
Gmail
blocked
as
Iran
pushes
'na>onal

Internet'

hYp://www.abna.ir/data.asp?lang=3&Id=351147

Reza
Taghipour,
Iran's
informa>on
and

communica>ons
minister,

first
phase
of
Iran’s
na>onwide
project,
covering

governmental
ins>tu>ons
in
29
provinces

launched
September
21.

Taghipour
said
all
Iranian
universi>es
would

become
part
of
this
network
by
early
2013,

puœng
Iran
a
step
closer
to
disconnec>ng
itself

en>rely
from
the
global
Internet.


Characteristics Iran Russia China
Started IW/EW 2005 1999
Founding Father
Major General Yahya Rahim
Safavi
(‫ﺭرﺡحﯼیﻡم‬‫ﺹصﻑفﻭوﯼی‬)
S.P. Rastorguev (Расторгуев
C.П.) & Marshall Sergeyev
(Маршалл Сергеев)
Used as Combined
Arms?
Yes - 2011 Yes 2007 & 2008
Use of Hacktivism
as a Proxy?
Yes
Yes – w/criminal
intentions
Official Military
Command
2010 2010
External
Motivators
United States of
America, UK & Israel
United States of
America
Internet Controls? Yes Yes
Criminal Cyber
Capability?
Yes Yes
Impact on
Commerce?
No Yes


US Govt Charges PLA Officers with
“Cyber Espionage”….
5 Chinese Military Hackers…?
hYp://camera.china>mes.com/newsphoto/2014-‐05-‐20/clipping/B01A00_T_01_04.JPG


hYp://money.china>mes.com/news/news-‐content.aspx?id=20140520000344&cid=1207

中國軍事⿊黑客…?


中國人民解放軍

1949
Informa>on
Warfare
(IW)


毛泽东 Mao
Tse-‐Tung


Chinese
View…

16
AUGUST

2011


Chinese
Perspec>ve….

– 
“A
Sovereign
Country
Must
Have
Strong
Defense”
by
Min
Dahong,

director
of
the
Network
&
Digital
Media
Research
Oﬃce
@
China
Academy

of
Social
Sciences;

–  “America’s
‘Pandora’s
Box’
Cyber
Strategy
Confuses
the
World”
by
Shen
Yi

-‐
Fudan
University’s
Department
of
Interna>onal
Poli>cs;

–  “Cyber
Power
‘Shuﬄes
the
Cards’:
How
China
Can
Overtake
the

Compe>>on”
by
Tang
Lan,
Ins>tute
of
Informa>on
and
Social

Development
Studies
at
the
China
Ins>tute
of
Contemporary
Interna>onal

Rela>ons;
and

–  “How
to
Construct
China’s
Cyber
Defenses”
by
Liu
Zengliang,
from
the
PLA

Na>onal
Defense
University

hYp://www.rmlt.com.cn/qikan/2011-‐08-‐16/

16
AUGUST
2011
–
People’s
Tribune
Magazine
-‐
(⼈人民论坛杂志)

publishes
several
ar>cles…

4
are
very
problema>c
for
the
United
States….


China's
PLA
Has
Won
the
Cyber
War

Because
They
Hacked
U.S.
Plans
for

Real
War

hYp://www.nextgov.com/cybersecurity/2013/05/china-‐winning-‐cyber-‐war-‐because-‐they-‐hacked-‐us-‐
plans-‐real-‐war/63740/


hYp://www.digitalaYackmap.com/#anim=1&color=0&country=ALL&>me=16205&view=map

Digital
AYack…Chinese
Perspec>ve….


hYp://www.chinasmack.com/2010/more/cannons-‐english-‐
teacher-‐seduc>on-‐june-‐9th-‐jihad.html


誰是中國?


第一…中國共產黨

(CPC)
第二…人民解放军

(PLA)
第三… 中國國有企業 (SOE)
第四個…中國黑客 (Dark Guests)
中國黑客….

4 Groups…Official & Unofficial….


Chinese
Informa>on
Control

Ø Chinese
Government
Intent

ü Golden
Shield…Filter
the
Chinese
Internet

o Designed
1998

o Opera>onal
NOV
2003

o CISCO
powered
–
cost
$
800M
USD

o China’s
Ministry
of
Public
Security
(MPS)
operates….

ü Green
Dam….
Chinese
Government
Spyware
eﬀec>ve

1
July
2009…new
PC’s
must
have
….

Ø Military
Focus

Ø Civilian
Dimension
–
control
freedom
of
search

–
control
freedom
of
speech

hYp://www.certmag.com/read.php?in=3906

hYp://www.e-‐ir.info/2010/04/13/chinese-‐informa>on-‐and-‐cyber-‐warfare/

hYp://www.zdnet.com/blog/government/china-‐demands-‐new-‐pcs-‐carry-‐spyware/
4906


►  Codified cyber warfare in 2010…
•  In response to US Cyber Command 6 months earlier…
►  Official Edict: “protect national infrastructure from
external cyber threats” – President Hu Jin tao
►  President Hu’s successor Xi Jin ping ….
Motivations:
•  Maintain & Retain Chinese Dream…
•  Ensure China’s Sovereignty…
•  Control Freedom of Search…
•  Ensure stable transition of Communist Regime…
中國共產黨 - CPC


Purify
the
internet….

Former
Chinese
President
Hu
Jintao
had
declared

Communist
party's
intent
to
strengthen

administra>on
of
the
online
environment
&
maintain

the
ini>a>ve
in
online
opinion…

ü "Maintain
the
ini>a>ve
in
opinion
on
the
Internet;

ü 
“Raise
the
level
of
guidance
online”;
and,

ü "We
must
promote
civilized
running
and
use
of
the

Internet
and
purify
the
Internet
environment….”

hYp://www.reuters.com/ar>cle/2007/01/24/us-‐china-‐internet-‐hu-‐idUSPEK9570520070124

Chinese
Communist
oﬃcials
to
intensify
control
even
as
they

seek
to
release
the
Internet's
economic
poten>al.

"Ensure
that
one
hand
grasps
development
while
one
hand

grasps
administra>on…"


Chinese
Cyber
Police

hYp://www.bj.cyberpolice.cn/index.do


Should
look
like
this…..


Remember
#Team
Ghost
Shell


►  500 BC Sun-Tzu’s Art of War – basis
►  Sun Ping’s Military Methods
►  1995 - Major General Wang Pufeng –
Founding father of Chinese Information Warfare
(IW)
►  1999 - War Without Limits – PLAAF Senior Colonel’s
Qiao Liang & Wang Xiangsui
►  2002 - PLA's IW strategy spearheaded by Major General
Dai Qingmin -
人民解放军-‐
PLA

Integrated
Network-‐Electronic
Warfare
(INEW)


General Staff Directorate’s (GSD) Cyber Warfare
‘Princelings’…
General Zhang Qinsheng 章沁生
General Chen Bingde 陈炳德
General Ma Xiaotian 马晓天
Vice Admiral Sun Jianguo 孙建国
Major General Hou Shu sen 侯树森
Oﬃcial
Statement
of
Chinese
IW

20 JUL 2010 – ‘ordered by President Hu
Jintao to handle cyber threats as China
enters the information age, & strengthen
the nation's cyber-infrastructure’
漢族…Han Chinese
Communist…
Technologists…
PLA Leaders…. &
中國人


•  Major General Hu Xiaofeng, Deputy Director for the
National Defense University Department of Information
Warfare and Training Command
•  Professor Meng Xiangqing, National Defense University
Institute for Strategic Studies
目前中國網絡戰的戰術

China’s “Goal is to achieve a strategic
objective…over adversaries…”
“You have to meet my political conditions
or your government will be toppled, or
you promise to meet some of my political
conditions.”
黑暗訪問者, 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/


“…train
a
new
type
of
high-‐caliber
military
personnel
in
large
numbers,

intensively
carry
out
military
training
under
computerized
condi>ons,
and

enhance
integrated
combat
capability
based
on
extensive
IT
applica>on…”;

“…implement
the
military
strategy
of
ac>ve
defense
for
the
new
period,
and

enhance
military
strategic
guidance
as
the
>mes
so
require”;

“…strengthen
na>onal
defense
aim
to
safeguard
China's
sovereignty,
security
and

territorial
integrity
and
ensure
its
peaceful
development…“;

“…enhance
the
capability
to
accomplish
a
wide
range
of
military
tasks,
the
most

important
of
which
is
to
win
local
war
in
an
informa>on
age…“;

Chinese
Military
….
Future
OPS

hYp://news.xinhuanet.com/english/special/18cpcnc/
2012-‐11/08/c_131959900.htm

8
NOV
2012:
President
Hu
JinTao:

“China
will
speed
up
full

military
IT
Applica>ons
by
2020”


國有企業
–

State
Owned
Enterprises

中华人民共和国工业和信息化部
Ø  Commercial theme, profit oriented…
Ø  Research base, ties to Chinese Academy of
Sciences (CAS)…
Ø  International interest & focus…developing
countries…
Ø  No organic innovation capabilities…
Ø  Foreign cyber espionage capability via PLA (GSD) &
MSS…
Common Themes…


Chinese Military Sabotage India’s State Owned Telco
BSNL’s Base Station PLA SOE Huawei implicated
華為

hYp://beyondheadlines.in/2014/01/chinese-‐military-‐sabotage-‐indias-‐state-‐owned-‐telco-‐bsnls-‐base-‐
sta>on/

Earlier
NSC
warned
of
Huawei,
ZTE’s
links
with
Chinese

Military


•  2001 …. Insider plants data exfiltration trojan
•  Corporate executives targeted….
•  Leadership avoids ignores warnings of threat
•  Telecommunications Intellectual Property data theft continues
unabated…for TEN years
•  Market valuation and position lost…
•  2011 … Nortel ceases to exist as a Canadian Company….
•  Chinese State Owned Enterprises…Huawei ZTE suddenly take
global leadership in telephony….
Nortel
Case
Study…

6
JUNE
2012
“
Secret
Memo
Warns

of
Canadian
Cyber
Threat
A–er

Nortel
AYack….”


Ø  Originally supported by CPC & PLA
•  Now uncontrollable….Golden Shield Project?
•  Comment Group…
•  Elderwood Gang…
•  Use of known Chinese malware for commercial purposes now…
Ø  Reinforce PRC’s nationalism via the web
•  Taiwan, the renegade Chinese Province
•  Punishing Japan for WWII war crimes, Daiyu Islands
•  Confronting Philippines, Oil near Huangyuan
•  Codera’s anti-Chinese web rhetoric
Ø  Capability to carry out Chinese State Policies
without attribution….
黑客 –
“Dark
Guests”


Characteristics Iran North Korea China
Started IW/EW 2005 1999 1995
Founding Father
Major General Yahya Rahim
Safavi( ‫ﺭرﺡحﯼیﻡم‬‫ﺹصﻑفﻭوﯼی‬ )
N/A
Major General Wang Pu Feng
(少將王浦峰)
Used as Combined
Arms?
Yes - 2011 Yes 2010 Yes - 2011
Use of Hacktivism
as a Proxy?
Yes
Yes – w/criminal
intentions
Yes
Official Military
Command
2010 Unknown 2010
External
Motivators
United States of
America, UK & Israel
South Korea & USA
United States of
America
Internet Controls? Yes Yes Yes
Criminal Cyber
Capability?
Yes Yes Yes
Impact on
Commerce?
No Yes Yes


@Red-‐DragonRising

hYp://www.linkedin.com/in/RedDragon1949

Red-‐DragonRising.com


Cyber
War
Misunderstood….

1)  AYacker
has
the
Advantage
over
the
Defender

hYp://smallwarsjournal.com/jrnl/art/why-‐your-‐intui>on-‐about-‐cyber-‐warfare-‐is-‐probably-‐wrong


Conclusions

1)  Cyber-‐espionage
is
state
sponsored;
yet
direct
aYribu>on
is
an
illusion….

2)  Iran,
Russia
&
中國 plan
cyber-‐espionage
–
defensively
&
oﬀensively;

3)  Each
Na>on
State
has
separate
&
dis>nct
reasons…

4)  All
Three
Countries
started
their
military
cyber
commands
in
2010;

5)  Cultural,
economic,
historical
&
linguis>c
threads
for
Iranian,
Russian
&

Chinese
cyber-‐espionage;

6)  Ci>zen
hacking
an
unoﬃcial
proxy
cyber
force
mul>plier;

7)  Commercial
enterprises
&
all
organiza>ons
worldwide
are
permeable
to
cyber

hacking
in
all

form
&
methods;

8)  Foreign
language
malware,
RATs,
Botnets
are
undiscoverable….un>l
now…


9)  Iranian
(Persian),
Russian
&
Mandarin
languages
are
an

excep>onal
form
of
cryptography…

10) All
Western
InfoSec
Technology
are
ineﬀec>ve
against

Foreign
cyber
aYacks…un>l
now…

11) 
Organiza>ons
cannot
defend
against
various
alleged

Iranian,
Russian
&
Chinese
informa>on
warfare
threats…

12) 
Oﬀensive
Cyber
Capabili>es
must
be
developed…..protect

your
IP
&
Network

13) Na>on
State
cyber-‐espionage
threats
are
very
serious
&
will

only
become
much,
much

worse…..

Conclusions


IRANIAN
References…

•  hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238

•  hYp://www.reuters.com/ar>cle/2012/10/03/us-‐iran-‐cyber-‐idUSBRE8920MO20121003

•  hYp://www.eurasiareview.com/03102012-‐us-‐israeli-‐cyber-‐aYacks-‐against-‐iran-‐con>nue-‐
with-‐assault-‐on-‐internet-‐oped/?

•  hYp://www.csoonline.com/ar>cle/718068/iran-‐s-‐cyberaYack-‐claims-‐difficult-‐to-‐judge-‐
experts-‐say?source=rss_cso_exclude_net_net

•  hYp://www.cyberstrategie.org/?q=grands-‐dossiers/conflits-‐r%C3%A9gionaux-‐et-‐

•  hYp://thediplomat.com/2012/06/26/is-‐u-‐s-‐in-‐iran-‐cyber-‐war/

•  hYp://www.jpost.com/IranianThreat/News/Ar>cle.aspx?id=286238

•  hYp://www.reuters.com/ar>cle/2012/10/03/us-‐iran-‐cyber-‐idUSBRE8920MO20121003

•  hYp://www.eurasiareview.com/03102012-‐us-‐israeli-‐cyber-‐aYacks-‐against-‐iran-‐con>nue-‐
with-‐assault-‐on-‐internet-‐oped/?

•  hYp://www.csoonline.com/ar>cle/718068/iran-‐s-‐cyberaYack-‐claims-‐difficult-‐to-‐judge-‐
experts-‐say?source=rss_cso_exclude_net_net

•  h4p://www.guardian.co.uk/world/iran-‐blog/2012/mar/13/qassem-‐suleimani-‐issues-‐warning


People’s
Republic
of
China
References…

•  h4p://thediplomat.com/2013/04/19/is-‐cyber-‐war-‐the-‐new-‐cold-‐war/?all=true

•  h4p://chinadigitalEmes.net/2013/04/cybersecurity-‐and-‐the-‐new-‐cold-‐war/?

•  h4p://thediplomat.com/2011/08/25/did-‐china-‐Ep-‐cyber-‐war-‐hand/

•  h4p://thediplomat.com/2009/08/13/on-‐the-‐cyber-‐warpath/

•  h4p://thediplomat.com/2011/11/09/china%E2%80%99s-‐cyber-‐moves-‐hurt-‐beijing/?all=true

•  William
J.
Lynn
III
W.
Defending
a
New
Domain:
The
Pentagon's
Cyberstrategy.//
Foreign
Aﬀairs.

September/October
2010.

•  h4p://www.foreignaﬀairs.com/arEcles/66552/william-‐j-‐lynn-‐iii/defending-‐a-‐new-‐
domain(29.08.2010)

•  h4p://www.rawstory.com/rs/2010/0829/pentagon-‐weighs-‐applying-‐preempEve-‐warfare-‐
tacEcs-‐internet/
(30.08.2010)

•  h4p://thediplomat.com/2013/04/19/is-‐cyber-‐war-‐the-‐new-‐cold-‐war/?all=true

•  h4p://www.nccgroup.com/en/our-‐services/security-‐tesEng-‐audit-‐compliance/technical-‐
security-‐assessment-‐penetraEon-‐tesEng/the-‐latest-‐origin-‐of-‐hacks/

Image
References:

hYp://techandscience.com/

hYp://www.website-‐guardian.com/

hYp://mashable.com/2013/04/23/global-‐malware-‐report/


•  h4p://www.wired.com/2014/01/how-‐the-‐us-‐almost-‐killed-‐the-‐internet/all/


William T Hagestad II
Red Dragon Rising
RedDragon1949
hagestadwt@red-dragonrising.com
Red-dragonrising.com

Сравнение хакеров Ирана, Китая и Северной Кореи

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (16)

Similaire à Сравнение хакеров Ирана, Китая и Северной Кореи

Similaire à Сравнение хакеров Ирана, Китая и Северной Кореи (20)

Plus de Positive Hack Days

Plus de Positive Hack Days (20)

Dernier

Dernier (20)

Сравнение хакеров Ирана, Китая и Северной Кореи