Inside the Ring: NSA pinpoints China's cyberattacks (The Washington Times)
August 12, 2015
By Bill Gertz
A secret National Security Agency document has revealed the massive nature of China’s cyberattacks against the United States, with nearly 700 intrusions in private-sector and government networks.
The cyberattacks were outlined on a map that pinpoints what are described by the electronic spy agency as “victims of Chinese cyber espionage over the past five years.” The map was first disclosed by NBC News.
The locations include Washington and the entire Eastern Seaboard, as well as key areas such as Silicon Valley in California, the locations of U.S. nuclear weapons laboratories, and nuclear missile and military bases. NSA detected the most attacks in California, with numerous strikes.
According to NBC, the map was used in a briefing by the NSA Threat Operations Center in February 2014 that sought to highlight China’s focus on penetrating networks operated by search engine firm Google and defense contractor Lockheed Martin, as well as U.S. air traffic control systems, a key infrastructure target that could be used by China’s military in a future cyberwar.
China successfully used the attacks to steal massive amounts of proprietary and government data. The map indicates that the NSA is developing better “attribution” capabilities – the ability to trace the origins of the attacks back to China.
Another NSA document provided a diagram of various Chinese military and intelligence organizations involved in the cyberattacks.
The main unit was identified in a briefing slide as “Technical Department 3PLA,” formally known as the 3rd Department of the People’s Liberation Army General Staff Department, which is considered to be a counterpart to the NSA.
The slide indicates that the NSA has identified more than 19 3PLA cyberunits involved in U.S. attacks, the most among all Chinese government agencies. Nine other units are suspected of being part of 3PLA.
Additionally, the report identified six cyberespionage units under the Ministry of State Security, China’s civilian intelligence service, and another 22 MSS units suspected of involvement in U.S. cyberattacks.
Seven other cyberattacks were categorized by the NSA as unattributed but caused by China.
The leaked documents were a rare official NSA acknowledgment of China’s hacker infrastructure. They also were the first release of classified information from the agency since the massive breach of secret documents carried out by former NSA contractor Edward Snowden.
The Obama administration has sought to keep secret all details of Chinese hacking, including Beijing’s role in recent Office of Personnel Management hacks, in an apparent bid to avoid upsetting relations with Beijing. President Obama is set to meet with Chinese leader Xi Jinping in September, and Chinese cyberattacks are expected to be a topic of discussion.
An NSA document disclosed by Mr. Snowden and made public in January supplied even more details on the Chinese hacking.
That document, labeled “top secret,” reveals that China stole extremely sensitive data on U.S. weapons systems in a program code-named Byzantine Hades. The theft included radar design and detailed engine schematics for the front-line F-35 jet fighter.
That slide stated that the Pentagon suffered more than 30,000 incidents, including more than 500 “significant intrusions,” with at least 1,600 network computers penetrated.
Stolen data included aerial refueling schedules for military tankers, the U.S. Transportation Command’s main logistics flight system, 33,000 records on Air Force personnel, over 300,000 Navy user ID and passwords, and Navy nuclear submarine and anti-aircraft missile designs.
The document can be accessed at Germany’s Der Spiegel newspaper, which first disclosed it.
PACOM ON SOUTH CHINA SEA
Navy Adm. Harry Harris, the new commander of the U.S. Pacific Command, has staked out a decidedly more forceful position on China than his predecessor, Adm. Samuel Locklear, who was considered to be a soft-liner who sought to play down or ignore China’s aggressive military behavior during his tenure at the command’s headquarters in Hawaii.
Adm. Harris told a security conference last month that China’s island-building in the South China Sea is not trivial. He explained why the aggressive activities are “important, and why the everyday American citizen should care about this issue.”
China has been quietly building islands in the disputed sea over the past 18 months by pumping sand from the sea floor. So far, some 3,000 acres of islands have been created. However, the real concern involves China’s efforts to militarize those islands by moving in weapons and other equipment.
“To the American public, this land reclamation by China may seem like a strange endeavor in a faraway place and a minor concern to the U.S.,” Adm. Harris said July 24. “However, I believe that China’s actions to enforce its claims within the South China Sea could have far-reaching consequences for our security and economy by disrupting the international rules and norms that have supported the global community for decades.”
The sea region is economically and politically strategic. Some $5.3 trillion in trade passes through the sea each year, and the chokepoint at the Malaccan Strait sees 25 percent of all its oil shipments and 50 percent of all its natural gas shipments through the region each day.
The four-star admiral said China is seeking to change the status quo to support its own territorial claims that include a legally dubious “Nine Dash Line” covering most of the sea that Beijing is claiming as its maritime domain.
“China is changing facts on the ground, essentially creating false sovereignty, by building man-made islands on top of coral reefs, rocks, and shoals,” Adm. Harris said bluntly. “These activities also threaten the shared principles that have ensured security and prosperity in the region for decades.”
Farther east, Adm. Harris said, the U.S. military and regional allies are continuing to ignore China’s air defense identification zone over the East China Sea.
“And we must continue to do that and insist on our freedom of navigation in both the air and sea,” he said.
Asked about the prospect of a future war with China, Adm. Harris said he views the world through a “glass darkly.”
Regarding the South China Sea and unstable North Korean regime, he stated: “I have to be ready to respond from a position of strength. That’s what’s important to me, and I believe that’s what you all want me to do.”
China has accused the U.S. in the past of “‘pursuing international hegemony’ and adopting a ‘Cold War mentality’ toward China,” Adm. Harris said. “Nothing could be further from the truth. It is China’s actions that are inducing its South China Sea neighbors to build stronger relationships with each other and the U.S., driven not by a sudden U.S. effort to increase stability and security within the region, but by China’s conspicuous failure to do the same.”
On July 30, China’s Defense Ministry reacted to Adm. Harris’ remarks, calling them “irresponsible.”
“China’s island construction is designed to “help the Chinese side better perform its international responsibilities and duties and will help to promote the safety of navigation in this area,” said Senior Col. Yang Yujun. “The U.S. side disregards and distorts the fact and plays up ‘China’s military threat’ to sow discords between China and China’s maritime neighbors in the South China Sea. We firmly oppose such actions.”
NORTH KOREA TENSIONS HIGH
U.S. intelligence agencies are stepping up their monitoring of North Korea in the aftermath of a military provocation from Pyongyang.
North Korea is being blamed for planting two anti-personnel mines that exploded Aug. 4, severely wounding two South Korea sergeants along the Demilitarized Zone near Paju, in the western part of the line separating the two Koreas.
South Korea’s military ordered a full alert for the region on Tuesday and resumed anti-North Korean propaganda broadcasts. The South Korean military said the mines were planted by the North Koreans in violation of the armistice agreement that prohibits acts of aggression in the DMZ.
South Korea has promised that it will take action for any military provocations from the North after little was done in response to North Korea’s 2010 sinking of a South Korean coastal patrol ship and the shelling of a border island. Pentagon officials worry that South Korea may make good on that promise.
South Korean Defense Ministry spokesman Kim Min-seok told reporters this week that “various means and ways are being explored as alternatives [to retaliation], including the resumption of spreading anti-North propaganda leaflets [to the North Korean side].”
On Wednesday, South Korean President Park Geun-hye vowed to take Pyongyang’s actions seriously.
“We will sternly deal with North Korea’s provocations,” Ms. Park said in Seoul. “But at the same time, we will make every effort to ensure this kind of incident won’t happen and establish peace.”
Pentagon spokesman Bill Urban said the U.S. military is keeping in close communication and coordination with the Seoul government.
“The United Nations command condemns these violations of the Armistice Agreement and is calling for a general officer-level dialogue with the Korean People’s Army,” he said. “We extend our deepest sympathies to the Republic of Korea soldiers that were injured and to their families.”
• Contact Bill Gertz on Twitter via @BillGertz.