Cyber War Underway

by Kevin D. Freeman on May 27, 2014

There is much more to the Cyber War underway than you can see in most press reports.

Certainly we hear about eBay being hacked. In fact, it was just revealed that a second security flaw exists. And, we all heard about the Chinese indictments last week. Don’t assume, however, that this means we are on top of the problem. Rather, we (at best) are top of the tip, almost oblivious to the enormous iceberg underneath. This was made plain in recent reporting by Bill Gertz, perhaps America’s preeminent national security reporter. Gertz is the reporter who initially broke the story on my Pentagon findings that there was evidence of financial terrorism at work in the 2008 market collapse.

Image created by Uwe Kils (iceberg) and User:Wiska Bodo (sky). [GFDL ( or CC-BY-SA-3.0 (],
via Wikimedia Commons

Here are some excerpts from Bill Gertz’s most recent article which quotes China expert Michael Pillsbury (another of our contacts in DC). Note the fact that the Chinese have been using their hacking to manipulate financial and commodity markets, further evidence of financial warfare.


Indictment of China Military Hackers Reveals New Details of Cyber Attack Methods

Prosecution of five PLA cyber warriors unlikely

BY:  Follow @BillGertz  

The Obama administration’s indictment of five Chinese military hackers for cyber attacks against U.S. companies and a labor union has revealed new details of China’s large-scale cyber warfare and cyber espionage operations. The federal grand jury indictment filed May 1 named five People’s Liberation Army (PLA) operatives linked to a secretive, Shanghai-based group called Unit 61398, which is Beijing’s key cyber warfare and cyber spying unit. The unit was first disclosed publicly last year.

However, the legal action is largely symbolic because the likelihood of prosecuting the five PLA hackers—Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui—is slim. The hackers are part of the PLA’s General Staff Third Department, the electronic intelligence agency known as 3PLA, and its Unit 61398.

The 56-page indictment states that they used sophisticated technology and traditional fake emails to fool targeted Americans with access to corporate secrets into providing access points inside company networks. The hackers then methodically stole key commercial secrets, such as technical design details for Westinghouse nuclear reactor sales and solar panel technology. Internal communications containing valuable economic data were also stolen and provided by the PLA to Chinese state-run competitors.

The activities began around 2006 and continued at least through April. The companies hit by the cyber attacks include Westinghouse Electric Co., SolarWorld AG, United State Steel Corp., Allegheny Technologies Inc., the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial, and Service Workers International Union, and Alcoa. All are located in Pennsylvania. The indictment was issued May 1 in the U.S. District Court in Western Pennsylvania.

“The FBI deliberately provided remarkable details about the secret techniques and goals of the clandestine cyber attacks in Pittsburgh,” said Michael Pillsbury, a former Pentagon policymaker and specialist on the Chinese military. “This will scare the PLA hackers, at least for a few months, while they try to find out how they were detected.” However, it is unlikely the FBI’s methods used in the five PLA hackers’ case will be useful in the future because the hackers can mask future activities by using different names and more stealthy cyber penetration methods, Pillsbury said. “Much stronger medicine will be needed next time,” said Pillsbury, a senior fellow at the Hudson Institute. “Beijing reacted in a few hours, much too quickly and angrily, without any time for an investigation in good faith, which gives some observers the impression the allegations may be true.”

Attorney General Eric Holder sounded skeptical Monday of what he termed “the alleged hacking” that  “appears to have been conducted for no other reason than to advantage state-owned companies and other interests in China at the expense of businesses here in the United States.” “This case should serve as a wake-up call to the seriousness of the ongoing cyber threat,” Holder added. John Carlin, head of the Justice Department National Security Division, linked the indictment to the Chinese government’s failure to curb cyber economic espionage. “In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court,” Carlin said, adding: “Well, today we are.”

The legal action highlights the administration’s announced policy of using passive, non-military means to counter and deter widespread Chinese cyber attacks.

The administration has been under pressure for years from American companies victimized by Chinese hacking—ranging from Google to Lockheed Martin—to take more aggressive action against Chinese military cyber attacks. Former National Security Agency Director Gen. Keith Alexander has said that theft of American corporate secrets in recent years resulted in the largest loss of valuable economic and other data in history. Losses have been estimated to be worth tens to hundreds of billions of dollars in lost information to competitors such as China. Obama administration security officials said President Obama rejected proposals from the U.S. intelligence community to conduct aggressive counter attacks against the Chinese three years ago. The tougher measures included counter-cyber attacks against Chinese military units and economic sanctions. The measures were rejected over fears of upsetting relations with China. The options were based on large-scale theft of U.S. secrets and proprietary economic information that boosted China’s industry and its military, allowing them in many cases to make “leapfrog” technological hurdles and more favorably compete against the United States …

“The extent of the cybercrimes documented in the indictment illuminate the likelihood that China Inc. uses cyber-penetrations to enrich both the state and individual Chinese Communist Party members with privileged financial and commodities market information to the tune of trillions, not billions, of dollars,” he said. “In 2014, China has unprecedented influence in global financial and commodities markets, and engages in front-running those markets on a galactic scale,” he said. “If Chinese steel and aluminum companies have this kind of access to foreign data networks, there can be no doubt that they use it to reap extra billions in profits off of global commodities markets with insider information.”


It should be clear to any observer that the Chinese have enriched themselves by hacking and stolen military secrets. Their economy has grown substantially while ours stagnated. Their military is growing rapidly as well. Of course, the Chinese are not taking this lying down. They have already responded with allegations of “security risks” in IBM servers used in their country.


By Bloomberg News – May 27, 2014

The Chinese government is reviewing whether domestic banks’ reliance on high-end servers from International Business Machines Corp. (IBM)compromises the nation’s financial security, people familiar with the matter said, in an escalation of the dispute with the U.S. over spying claims.

Government agencies, including the People’s Bank of China and the Ministry of Finance, are asking banks to remove the IBM servers and replace them with a local brand as part of a trial program, said the four people, who asked not to be identified because the review hasn’t been made public.

The review comes a week after American prosecutors indicted five Chinese military officers for allegedly hacking into the computers of U.S. companies and stealing secrets, while former contractor Edward Snowden’s revelations last June of a National Security Agency spying program already hurt U.S. technology sales in China. Last week, China’s government said it will vet technology companies operating in the country, while the Financial Times reported May 25 that China ordered state-owned companies to cut ties with U.S. consulting firms.


We must recognize that to the Chinese, this is ECONOMIC WARFARE. It includes but goes far beyond cyber espionage. Consider this from the PLA-published “how to defeat a superpower” manual, Unrestricted Warfare:

“…if the attacking side secretly (or quietly) musters large amounts of capital without the enemy nation being aware of this at all and launches a sneak attack against its financial markets, then after causing a financial crisis, buries a computer virus and hacker detachment in the opponent’s computer system in advance, while at the same time carrying out a network attack against the enemy so that the civilian electricity network, traffic dispatching network, financial transaction network, telephone communications network, and mass media network are completely paralyzed, this will cause the enemy nation to fall into social panic, street riots, and a political crisis.”

The key that they mention is to launch a financial crisis and then finish off with computer hacking and network attacks. There should be no doubt that computer espionage has contributed to the massive wealth transfer from the United States to China. In fact, as we reported in the last Blog, China is poised to surpass the American economy as soon as this year according to the IMF. For comparison, the Chinese economy was just 43% of ours in 2005. And, we have clearly gone through a financial market crisis. Is a chaos-inducing network attack next? Could everything be shutdown? The scenario is not far-fetched. China has finally admitted cyber warfare capabilities. They may have inserted all sorts of backdoors in the electronics and appliances we have bought from them over the past decades. From CBS News last year:

Hacked from China: Is your kettle spying on you?

By ERIK SHERMAN MONEYWATCH  November 1, 2013, 10:52 AM

(MoneyWatch) In a world where the National Security Agency allegedly monitored the phones of several world leaders and broke into data centers of Google (GOOG) and Yahoo (YHOO), it is easy to forget the more mundane ways consumer privacy is at risk. Like via your iron or kettle.

According to a report on state-owned TV in Russia (via the BBC), ensuring crisp creases has apparently become a new way for cyber criminals to attack computers. Some irons imported from China allegedly showed evidence of including wireless spy chips that could connect to unprotected Wi-Fi networks and spread viruses. And tech blog The Register notes that reportedly chips were also found in kettles.

The Russian news agency Rosbalt reported that a few dozen products were at retailers in St. Petersburg. The spy chips had infiltrated some company networks, using them to send spam. It sounds like a spy thriller spoof, but this is hardly the first time Chinese products were reported infested with ways for someone to break into systems. There was the report last year that a researcher found a so-called back door in a military-grade computer chip, meaning that someone could, from anywhere, get ready access to the chip and, through it, connected systems.

If military-grade products can be compromised, consumer products can be as well. Former U.S. counter-terrorism head Richard Clarke says that any electronics product made in China is potentially vulnerable. Many parts are counterfeits with no control by manufacturers over how they’re designed and built, and Clarke wonders whether “real” parts from China could also be compromised. (Other security researchers disputed whether the backdoors were added by China or even intentionally malicious. Backdoors are sometimes added by manufacturers as mechanisms for testing and support, although they still add a vulnerability.)


It is far more serious than just spying on you via your toaster. State-sponsored hackers have the ability to take down the national power grid (although some in the industry will attempt to deny it). In fact, the grid is under attack daily and was recently infiltrated. And, they have the ability to take down the financial system. And, as we’ve explained, they could use an EMP weapon and take down everything at once. These are potential sovereignty-ending events. They are the means of winning World War 3.

China has all of these capabilities right now. Would they use them? Frighteningly, Chinese military leaders have advocated much worse if it would ensure a Chinese century (including depopulating America). And, the military has been gaining power.

Now, when you add in the fact that China is working closely with Putin in attempts to de-Americanize the world, you see the seriousness of the threat. Putin has used cyber warfare repeatedly. And, Russia and China have just completed joint military exercises that included information warfare ops. This is VERY SERIOUS. We are only seeing the tip of the iceberg. We need to recognize that this could be World War 3 and change course. Sadly it seems we are too busy rearranging the deck chairs, assuming our Ship of State to be unsinkable.

Previous post:

Next post: