red dragon rising understanding the chinese cyber scenarios 02 march 2014

35
Red-DragonRising.com©

Upload: bill-hagestad

Post on 21-Jan-2015

1.278 views

Category:

Technology


2 download

DESCRIPTION

Red Dragon Rising Understanding the Chinese Cyber Scenarios 02 march 2014 Cyber Warfare, Cyber Conflict, People's Republic of China, People's Liberation Army, 中國人民解放军, 中華人民共和國 #紅龍崛起, Communist Party Of China, 中國共產黨 , 信息對抗 - Xìnxī duìkàng information confrontation, 網絡戰 - Wǎngluò zhàn cyber warfare

TRANSCRIPT

Page 1: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Page 2: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

中国人民共和国 信息戰

LTCOL (RET) William Hagestad II MSc Security Technologies

MSc Management of Technology www.red-dragonrising.com

[email protected]

中華人民共和國 網絡代碼衝突...

Red Dragon Rising – China Challenges:

People's Republic of China use of Computers & Networks as a Strategic Weapon

02 MARCH 2014

Page 3: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Page 4: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

The Middle Kingdom….

Red-DragonRising.com©

Page 5: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

籠恐龍…Caged Dinosuars

籠恐龍

Page 6: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

“21st Century Chinese Cyber Warfare”

“二十一世紀中國網絡戰”

ISBN: 9781849283342

取締中華人民共和國

Page 7: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© ISBN: 978-1482577105 http://www.amazon.com/Operation-Middle-Kingdom-Computers-Networks-ebook/dp/B00GTVFJOQ/

Page 8: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© ISBN: 978-1493771974 http://www.amazon.com/Chinese-Information-Warfare-Doctrine-

Development-ebook/dp/B00GWO12LO/

Page 9: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© ISBN: 978-1496080875 http://www.amazon.com/Chinas-Plans-Winning-Information-

Confrontation/dp/1496080874/

Page 10: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Page 11: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© Red-DragonRising.com©

Page 12: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Is China Really the Enemy?

Red-DragonRising.com©

Page 13: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Cyber Adversary Taxonomy

Red-DragonRising.com©

Cyber Threat Motive Targets of Opportunity Methodologies Capabilities

Nation States ~ Peace Time

Economic, Military, National Secrets, Political

Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure

Military & Intel specific cyber doctrine, hacktivists

Asymmetric use of the cyber domain short of kinetic

Nation States ~ War Time

Economic, Military, Political

Commercial Enterprises, Intelligence, National Defense, Governments, National Infrastructure

Military & Intel specific cyber doctrine, hacktivists

Asymmetric use of the cyber domain including kinetic

Cyber Terrorists & Insurgents

Political Infrastructure, Extortion and Political Processes

Combination of advanced persistent threats (APT)

Developing – will be a concern in 2012

Cyber Criminals – Grey & Black Markets

Financial Intellectual Property Theft, Fraud, Theft, Scams, Hijacked Network & Computer Resources, Cyber Crime for Hire

Exploits, Malware Botnets, Worms & Trojans

Cell-based structure as an APT

Criminal Organizations – RBS

Financial Use of above with distinct planning

Highly professional, dangerous

Rogue Organizations – Anonymous, LulzSec

Financial Military, National Secrets, Political

Intellectual Property Theft, Direct & Indirect pressure on OGA Resources

Organic hacking capabilities unsurpassed

Organized yet de-centralized

Page 14: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

The Middle Kingdom

Page 15: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

中國人民解放軍 1949 Information Warfare

(IW)

Red-DragonRising.com©

毛泽东 Mao Tse-Tung

Page 16: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Chinese View…

16 AUGUST 2011

Page 17: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Chinese Perspective…. 16 AUGUST 2011 – People’s Tribune Magazine - (人民论坛杂志) publishes

several articles… 4 are very problematic for the United States….

– “A Sovereign Country Must Have Strong Defense” by Min Dahong, director of the Network & Digital Media Research Office @ China Academy of Social Sciences;

– “America’s ‘Pandora’s Box’ Cyber Strategy Confuses the World” by Shen Yi - Fudan University’s Department of International Politics;

– “Cyber Power ‘Shuffles the Cards’: How China Can Overtake the Competition” by Tang Lan, Institute of Information and Social Development Studies at the China Institute of Contemporary International Relations; and

– “How to Construct China’s Cyber Defenses” by Liu Zengliang, from the PLA National Defense University

Red-DragonRising.com© http://www.rmlt.com.cn/qikan/2011-08-16/

Page 18: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© http://www.chinasmack.com/2010/more/cannons-english-teacher-seduction-june-9th-jihad.html

Page 19: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

誰是中國?

Page 20: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

第一…中國共產黨 (CPC) 第二…人民解放军 (PLA) 第三… 中國國有企業 (SOE) 第四個…中國黑客 (Hacktivists)

中國黑客…. 4 Groups…Official & Unofficial….

Page 21: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

► Codified cyber warfare in 2010… • In response to US Cyber Command 6 months earlier…

► Official Edict: “protect national infrastructure from external cyber threats” – President Hu Jin tao

► President Hu’s successor Xi Jin ping …. Motivations:

• Maintain & Retain Chinese Dream… • Ensure China’s Sovereignty… • Control Freedom of Search… • Ensure stable transition of Communist Regime…

中國共產黨 - CPC

Page 22: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Chinese Information and Cyber Warfare

Government Intent Golden Shield…Filter the Chinese Internet

oDesigned 1998 oOperational NOV 2003 oCISCO powered – cost $ 800M USD oChina’s Ministry of Public Security (MPS) operates….

Green Dam….1 July 2009…new PC’s must have Chinese Government Spyware….

Military Focus Civilian Dimension

http://www.certmag.com/read.php?in=3906 http://www.e-ir.info/2010/04/13/chinese-information-and-cyber-warfare/ http://www.zdnet.com/blog/government/china-demands-new-pcs-carry-spyware/4906

Page 23: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

► 500 BC Sun-Tzu’s Art of War – basis ► Sun Ping’s Military Methods ► 1995 - Major General Wang Pufeng – Founding father of Chinese Information Warfare (IW) ► 1999 - War Without Limits – PLAAF Senior Colonel’s

Qiao Liang & Wang Xiangsui ► 2002 - PLA's IW strategy spearheaded by Major

General Dai Qingmin -

人民解放军- PLA

Integrated Network-Electronic Warfare (INEW)

Page 24: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

19 JUL 2010 Cyber Base…. Official Mission…Protect the national infrastructure of

the People’s Republic of China…

信息支持(保證)基地

Established 6 Months AFTER U.S. says “we are taking military approach to Internet…”

Page 25: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

General Staff Directorate’s (GSD) Cyber Warfare ‘Princelings’…

General Zhang Qinsheng 章沁生 General Chen Bingde 陈炳德 General Ma Xiaotian 马晓天 Vice Admiral Sun Jianguo 孙建国 Major General Hou Shu sen 侯树森

Official Statement of Chinese IW

20 JUL 2010 – ‘ordered by President Hu Jintao to handle cyber threats as China enters the information age, & strengthen

the nation's cyber-infrastructure’

漢族…Han Chinese Communist…

Technologists… PLA Leaders…. &

中國人

Page 26: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

目前中國網絡戰的戰術 China’s “Goal is to achieve a strategic

objective…over adversaries…” “You have to meet my political conditions

or your government will be toppled, or you promise to meet some of my political

conditions.”

• Major General Hu Xiaofeng, Deputy Director for the National Defense University Department of Information Warfare and Training Command

• Professor Meng Xiangqing, National Defense University Institute for Strategic Studies

黑暗訪問者, 2009; [Online] Available at: http://www.thedarkvisitor.com/category/uncategorized/

Page 27: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

Originally supported by CPC & PLA • Now uncontrollable….Golden Shield Project? • Comment Group… • Elderwood Gang… • Use of known Chinese malware for commercial purposes

now… Reinforce PRC’s nationalism via the web

• Taiwan, the renegade Chinese Province • Punishing Japan for WWII war crimes, Daiyu Islands • Confronting Philippines, Oil near Huangyuan • Codera’s anti-Chinese web rhetoric

Capability to carry out Chinese State Policies without attribution….

黑客 - Hacktivists

Page 28: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

很多 年華 中國 Cyber Activity 1995 – Chinese General MG Wang Pu Feng describes attacking via Internet 1997 – “War Beyond Limits” (Unrestricted Warfare) is written by 2 Senior Chinese Colonels 2001 China warns of massive hack attacks 2002 - “informatization”信息化 campaign begins Chinese Communist Party (CCP) General Secretary and Central

Military Commission (CMC) Chairman Jiang Zemin, a speech before the 16th Party Congress 2003 - Titan Rain泰坦雨 US DoD & Government websites targeted 2004 – Japan targeted by Chinese over disputed Daiyu Islands 2007 – GhostNet 幽灵网 Global CnC network with IP addresses in People’s Republic of China 2008 – Byzantine Hades - targeted cyber operations against the U.S. government using social engineering and

malicious attachments and links in e-mail messages. 2008 - MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them - the

Chinese army is using Internet spyware to steal confidential information 2009 - Operation Aurora 操作极光 International Energy Industry targeted 2009 – Night Dragon夜龙 Global multinationals attacked via Internet 2010 – Article - Should we be afraid of Chinese hackers?...Or lost cyber war? 2011 -US needs to get better at preventing foreign access to advanced technology

- GAO watchdogs find holes in high-tech access, licensing rules 2011 – Chinese military CCTv-7 demonstrates GUI Hacking of University of Alabama 2011 – Office of the National Counterintelligence Executive (ONCIX) Report indicates both China & Russia target IP 2011 – Operation Shady RAT FIVE year campaign of economic & intelligence data exfiltration 2012 – “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage”

NORTHRUP GRUMMAN March 7, 2012 2012 – Chinese Technology Policy & Cyber Offensive Operations - April 2012 – China & Philippines engage in mutual cyber attacks over Scarborough Shoals – April 2012 – “US & China must work to avoid cyber conflict” DefSec Panetta 2012 – Chinese Hackers hack White Nuclear Secrets Network 2012 – US House Intelligence cites Huawei & ZTE as threats to National Security 2013 – Shanghai Jaiotong University tied to PLA hacking unit

Red-DragonRising.com©

Page 29: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

結束狀態 0

1) Cyber-espionage is state sponsored; yet direct attribution is an illusion…. 2) 中華人民共和國 plans cyber-espionage – defensively & offensively; 3) Cultural, economic, historical & linguistic threads中國 cyber-espionage; 4) 中國, although advocating citizen hacking, no longer controls it; 5) Commercial enterprises worldwide are permeable to中國cyber hacking in all

form & methods; 6) 中國malware, RATs, Botnets are undiscoverable…. 7) Mandarin Chinese (complex and simple) are an exceptional form of

cryptography… 8) All Western InfoSec Technology are ineffective against中國 attacks; 9) Companies cannot defend adequately from the various alleged Chinese

information warfare threats of Next Generation Warfare; 10) Offensive Cyber Capabilities must be developed…..protect your IP & Network 11)中華人民共和國 cyber-espionage threat serious & only become much

worse…..

Red-DragonRising.com©

Page 30: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© Red-DragonRising.com©

.

DO NOT become a Chinese Cyber Espionage

case study in my slide deck!

中國國有企業

Page 31: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© Red-DragonRising.com©

“21st Century Chinese

Cyber Warfare”

“二十一世紀中國

網絡戰”

Available :

ISBN: 9781849283342

Page 32: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com© Red-DragonRising.com©

Page 33: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

謝謝您

謝謝您的時間今天 有沒有問題?

Red-DragonRising.com©

Page 34: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

你會說中國普通話... ...嗎?

看看發生了什麼事! Red-DragonRising.com©

Page 35: Red Dragon Rising    Understanding the Chinese Cyber Scenarios 02 march 2014

Red-DragonRising.com©

跟隨紅龍 Red-DragonRising #RedDragon1949 http://www.linkedin.com/in/billhagestad Red-dragonrising.com

Red-DragonRising.com©