China-based cyber spying

Cyber-warrior China opens new front against India

Brahma Chellaney

The Sunday Guardian, April 11, 2010

The detailed report released by a group of Canadian researchers on how a
China-based cyber spying ring has been systematically stealing top Indian
defence and security secrets for a number of months has spotlighted the growing
cyber threat
It is unlikely that the
hackers are private individuals with no links to the Chinese government.
individuals are unlikely to engage in systematic pilferage of defence secrets
of a rival country over an extended period.

be clear: The Chinese hackers are
an irregular force of the People’s Liberation
Army. In war, this force will become the vanguard behind which the conventional
PLA divisions will take on
In other words, the regular PLA forces will wage war after the cyber
warriors have caused serious damage to the enemy to defend itself.

Cyberwarfare and cross-border terrorism are the two main
frontiers of asymmetrical warfare. In both, irregular or non-state actors are
employed by a state to wage attacks on another country. The sponsoring state
then feigns ignorance of the attacks carried out at its behest. Just as
Pakistan pretends Lashkar-e-Taiba is not its
front against
India, China claims
the Chengdu-based cyber ring is not its spying arm. In both cases, the enemy
hides behind a cover, underscoring the asymmetrical nature of the warfare.

With national security and
prosperity today dependent on the safekeeping of cyberspace, including the
virtual movement of finance and the flow of security data and other secrets,
cybercrime must be effectively countered as a priority.

The cyber
threat from
is at two levels. The first is national, as manifest from the
attacks already carried out in recent years against
India’s National Infomatics
Centre (NIC)
systems and the
ministry of external affairs. The previous national security adviser disclosed
that his own office computers had been hacked by the Chinese. The aim of such
attacks has been to
engage in espionage and
also to overawe the Indian establishment.

By scanning and mapping India’s
official computer systems,
is able to both steal secrets and gain an asymmetrical advantage over its
rival. Intermittent cyber intrusion in peacetime allows
China to read
the content and understand the relative importance of different Indian networks
so that in a war, it knows what to disable in order to inflict pain and

The second type of cyber threat from China is aimed at the individual
level. Individual targets in
range from the functionaries of the Tibetan government-in-exile and Tibetan
activists to Indian writers and others critical of
China. The most-common type of
is an attempt to hack into the e-mail
accounts of targeted individuals. Often the targets are subjected to the
so-called Trojan horse attacks by e-mail that are intended to breach their
computers and allow the infiltrators to remotely remove, corrupt or transfer

At a time when China-based
cyber attacks are ramping up in the world, U.S. Secretary of State Hillary
Clinton was right to recently declare that an attack on one nation’s computer
networks “can be an attack on all.” Singling out
China for its Internet censorship,
Mrs. Clinton warned that “a new information curtain is descending across much
of the world.” Her statement’s
Cold War undertones — likening the
“information curtain” to the Iron Curtain — amounted to an implicit admission
the central assumption guiding U.S. policy on China
since the 1990s has gone awry: that assisting
China’s economic rise would usher
in political opening there.

The strategy
to use market forces and the Internet to open up a closed political system
simply isn’t working.
Indeed, the more economic power China has accumulated, the more
adept it has become in extending censorship controls to cyberspace.
China deploys tens of thousands of “cyber police” who
block Web sites, patrol cyber-cafes, monitor the use of cellular phones and
track down Internet activists.

But the threat to countries
India comes not from
does domestically. Rather, it comes from the manner the experience, information
and knowhow gained in fashioning domestic cyber oversight is proving invaluable
to engage in cyber intrusion across its frontiers.

The Canadian researchers, who had earlier
uncovered a
vast Chinese surveillance system called “Ghostnet” that
automatically scan overseas computer
networks and transfer documents
to a digital storage facility in China,
have revealed in their latest report that the origin of the attacks against
Indian targets was Chengdu, which is also the headquarters of the PLA’s signal
intelligence (SIGINT) bureau. The Chengdu SIGINT station in
China’s Sichuan
province is specifically tasked to monitor

Chinese hackers often try to camouflage the
point of origin of their attacks. They do so by routing their attacks
the computers of a third country, like
Russia or Cuba.
Just as some Chinese pharmaceutical firms have exported to Africa spurious
medicines with “Made in
label — a fact admitted by
— some Chinese hackers are known to have routed their cyber intrusion through third
countries. But like their comrades in the pharmaceutical industry, such hackers
tend to leave telltale signs. But in the case of the India-directed cyber ring
that has just been uncovered, it was ensconced in
China itself and openly operating
from there.

Despite its information-technology
lacks offensive or defensive capabilities in cyberwarfare. It has developed no
effective means to shield its cyber infrastructure from the pervasive attacks
that are being carried out in recent years
in search of competitive
and to unnerve
the Indian establishment.

India’s cyber vulnerability holds major
implications in a war situation. In peacetime,
is intimidating
through intermittent cyber warfare, even as it steps up military pressure along
the Himalayan frontier. In a conflict,
China could cripple major Indian
systems through cyber attacks. With cyber attacks against Indian government,
defence and commercial targets ramping up, the protection of sensitive computer
networks must become a major national-security priority.

One mode of asymmetrical
warfare —
unceasing export of terrorism — has traumatized
India for long. It should not allow
itself to get similarly battered on the new frontier of asymmetrical warfare
has opened over the past five years.  On both fronts, state actors are
employing non-state actors.

The costs for India to fight
two asymmetrical wars simultaneously will be high.
India should treat the Canadian
report as a wake-up call to plug its vulnerabilities by developing appropriate
countermeasures. At the same time, it should have the capability to take the battle
to the enemy’s camp. Offence is often the best form of defence.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s