Chinese Military Documentary Reveals Alleged Attack Software
Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.
Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain (click image for larger view and for full slideshow)
A military documentary broadcast in China last month on a government-run TV channel has revealed what appears to be software designed for cyber warfare.
The documentary, titled "Military Technology: Internet Storm is Coming," has been posted to YouTube and was available on the CCTV website at the time this article was filed.
The existence of the software was first reported by The Epoch Times, a publication founded by members of the Falun Gong, a religious organization that's banned in China. The cyber war software--it has a button labeled "Attack" and a menu labeled "Select Attack Destinations" -- lists Falun Gong websites as preset targets.
"The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China's People's Liberation Army--direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group," the Epoch Times report states.
The distinction between this attack software and penetration testing software used by security researchers around the globe to identify vulnerabilities is probably relatively minor, apart from the aggressive wording of menus and buttons.
In a blog post, Mikko H. Hypponen, chief research officer at F-Secure, notes that the Chinese documentary initially appears to be fairly standard fare about the risks of cyber warfare. "However, while they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target," he wrote. "This is highly unusual. The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it."
The documentary shows someone choosing the IP address 138.26.72.17 to attack. This address is associated with the University of Alabama in Birmingham, Ala.
A person answering the phone at the domain contact phone number declined to be identified but said that the address has been inactive for several years and had been associated with a website run by a university student involved in Falun Gong.
For years, there have been accusations that the Chinese government has endorsed or sponsored cyberattacks against the U.S. and U.S. companies, most notably the cyberattack from China that Google reported in early 2010. That attack was said to have affected at least 30 companies and organizations. More recently, security company McAfee reported on a series of related attacks that it refers to in aggregate as "Operation Shady Rat."
The U.S. Department of State did not immediately respond to a request for comment. In a speech last year following the attack reported by Google, Secretary of State Hillary Clinton said, "Countries or individuals that engage in cyber-attacks should face consequences and international condemnation."
The Chinese government has consistently denied that it is involved in cyberattacks and has claimed that it is the biggest victim of cyberattacks.
While the Chinese government has not produced evidence of this, it's clear that China is not the only nation-state conducting cyber warfare operations. The sophisticated Stuxnet cyberattack on Iran's nuclear infrastructure, for example, is widely believed to have come from the U.S. and/or Israel.
At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.
About the Author
You May Also Like