China provides smoking gun against itself in cyberattacks

A few weeks ago I wrote a column explaining, step by step, how hackers with a Chinese IP address attacked a honeypot network in the GCN Lab that had been set up for just that purpose.

We watched the attacks take place, made notes about what the hackers did, the techniques they used, and tracked them back to several addresses inside China.

In the comments section that followed, a few people complained that I had no evidence that the attack actually came from China, implying that I was slandering them in some way. Given that the Chinese government’s official line has always been that it respects the rule of law and would never attack a sovereign nation in cyberspace, I can see why they would have defenders. In truth, other than the IP address of the people who attacked our honeypot, I had no comeback, especially since IP addresses can be spoofed.

But now, thanks to China itself, I have proof that the People’s Liberation Army does attack the United States, and likely does so on a regular basis.

China’s claims of innocence have come crashing down because of an apparent mistake in editing in a documentary on the country’s own state TV that should never have gone live. The PLA presentation demonstrated its military capabilities. Amid all the tanks and planes, the propaganda piece showed a mere four seconds inside the group's cyber warfare center.

Without narration, one has to think that the cybersecurity part of the piece was only put into the video by accident, a technical background shot placed between segments for a bit of extra color. However, those four seconds are both telling and damning to the Chinese lie that they don’t attack the United States.

Here is the incredible part: During those four seconds, we clearly see a Chinese soldier use a drop-down list to choose from preset target websites around the world. Then he actually attacks a website in Alabama.

In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.

Going back to my original article, the type of attack that could be instigated with the push of a button is exactly what I said happened to the GCN honeypot network. First, a real hacker came in and tried to steal data. Then the second team covered his tracks. The machine shown on the PRC TV show is probably part of that second team. It could easily do automatic attacks of the heavy-handed kind, things like SQL injections that every high school hacker knows about. That program and perhaps even that machine could be the one that attacked the lab network.

Even though all the targets shown in the four-second video were Falun Gong sites around the world, the fact that they were in a drop-down menu is telling and appalling. You don’t set up drop-down menus with attack buttons unless you plan to use them. And the Chinese military did push the attack button in the video, so apparently it has no problem pulling the trigger.

How many of these attack lists do they have? Is there another one with U.S. government sites listed? Is there one with corporations or media outlets in this country?

China has proved that it does not respect our borders when it comes to cybersecurity. Government officials, Google and other victims of cyberattacks have blamed China before, but always with China denying involvement and its defenders using the spoofed-IP-address defense. But now we have the proof. This was not a video made by “evil Western democracies” or political dissidents. This was a program created by the Chinese government and run on the country's own state TV.

So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.

It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it.

About the Author

John Breeden II is a freelance technology writer for GCN.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Mon, Sep 12, 2011 HJ Phoenix, AZ

great journalism! Tech saavy people who are alert seem to find out much more than our major news networks

Tue, Sep 6, 2011 Vern San Diego

I am by no means a "Chinese sympathizer". In fact I think this current administration should all move there as they are made for each'm not sure the Chinese could handle anyone as Marxist as the current administration. Having said that, anyone that thinks our hands are squeaky clean when it comes to cyber attack capability is extremely naive. Of course we must openly cry "FOUL" and stomp our feet while behind the scenes we hone our skills and make sure we're better at it than they are.

Fri, Sep 2, 2011 John VA

The four seconds referenced in the article were actually referred to as .4 minutes by the commentator, meaning that it was actually 24 seconds, plenty long enough to determine what was going on.

Thu, Sep 1, 2011

It would appear that we have at least one Chinese sympathizer or China is on with us. In either event, taking a good hard look inside the machine you use (if you know what you are doing) is prudent. And yes China has well established roots within the US. Now to combat this threat you do as China has done and create your own OS which China or any other country has access to. But before that you need to deny all Chinese IP space access into or out of the US. Then perhaps China and Other countries hostile to the US would get the message. If nothing else closing off US Internet borders would cause many companies in the US to rethink outsourcing!!

Thu, Sep 1, 2011

I have observed deniers of illegal or unethical activity by communist countries for over 30 years now. With time, they are always shown to either not know what they are talking about or that they are in cahoots with that government or ideology. Some try to distract from the evidence with their opinions, usually false to some degree as well, about what the U.S. is doing to try to justify this obviously bad behavior. These countries just keep lying and they will always have people believing them just as there will always be people trying to make out how bad the U.S. is while believing how great it is in these other countries. Basically, there will always be people who have reality backward and will rarely change their mind no matter what evidence is found.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group