The smoking gun on China's US cyberattacks

A few weeks ago I wrote a column explaining, step by step, how hackers with a Chinese IP address attacked a honeypot network in the GCN Lab that had been set up for just that purpose.

We watched the attacks take place, made notes about what the hackers did, the techniques they used, and tracked them back to several addresses inside China.

In the comments section that followed, a few people complained that I had no evidence that the attack actually came from China, implying that I was slandering them in some way. Given that the Chinese government’s official line has always been that it respects the rule of law and would never attack a sovereign nation in cyberspace, I can see why they would have defenders. In truth, other than the IP address of the people who attacked our honeypot, I had no comeback, especially since IP addresses can be spoofed.

But now, thanks to China itself, I have proof that the People’s Liberation Army does attack the United States, and likely does so on a regular basis.

China’s claims of innocence have come crashing down because of an apparent mistake in editing in a documentary on the country’s own state TV that should never have gone live. The PLA presentation demonstrated its military capabilities. Amid all the tanks and planes, the propaganda piece showed a mere four seconds inside the group's cyber warfare center.

Without narration, one has to think that the cybersecurity part of the piece was only put into the video by accident, a technical background shot placed between segments for a bit of extra color. However, those four seconds are both telling and damning to the Chinese lie that they don’t attack the United States.

Here is the incredible part: During those four seconds, we clearly see a Chinese soldier use a drop-down list to choose from preset target websites around the world. Then he actually attacks a website in Alabama.

In this case, the website was setup to support Falun Gong, a spiritual movement outlawed in China that practices meditation and a philosophy that emphasizes moral responsibility.

Going back to my original article, the type of attack that could be instigated with the push of a button is exactly what I said happened to the GCN honeypot network. First, a real hacker came in and tried to steal data. Then the second team covered his tracks. The machine shown on the PRC TV show is probably part of that second team. It could easily do automatic attacks of the heavy-handed kind, things like SQL injections that every high school hacker knows about. That program and perhaps even that machine could be the one that attacked the lab network.

Even though all the targets shown in the four-second video were Falun Gong sites around the world, the fact that they were in a drop-down menu is telling and appalling. You don’t set up drop-down menus with attack buttons unless you plan to use them. And the Chinese military did push the attack button in the video, so apparently it has no problem pulling the trigger.

How many of these attack lists do they have? Is there another one with U.S. government sites listed? Is there one with corporations or media outlets in this country?

China has proved that it does not respect our borders when it comes to cybersecurity. Government officials, Google and other victims of cyberattacks have blamed China before, but always with China denying involvement and its defenders using the spoofed-IP-address defense. But now we have the proof. This was not a video made by “evil Western democracies” or political dissidents. This was a program created by the Chinese government and run on the country's own state TV.

So to all you people who wanted to know where my smoking gun was, watch the video. It’s clear to me that we are under attack from China right now.

It’s time for China to own up to what it is doing. Or it’s time for the United States to do something about it.

About the Author

John Breeden II is a freelance technology writer for GCN.

Reader Comments

Thu, Sep 8, 2011 Eric

Long ago I heard a news story where an reported interviewed a Chinese general. He said that the Achilles Heel of the United States is our reliance on technology. That has played out true ever since. Hopefully we can harden networks and make things secure, but it always seems like we're closing the gate after the horse is out.

Tue, Aug 30, 2011

Did anybody NOT see this coming, when the whole planet put everything short of military C&C systems in the same IP cloud? Any national-security or mission-critical data paths should be on pipes that the bad guys can't even SEE.

Tue, Aug 30, 2011 Charlie A

Bobby V: If the honeypot had been a poisoned honeypot (one containing misinformation) being used in a counterintelligence role, it would certainly not have been disclosed in an unclassified article like this one.

Mon, Aug 29, 2011 Bobby USA

Well done. We don't even need any proof to tell they are attacking us. They steal anything any possible ways they can, they even used supid Taiwanese to steal for them.

Mon, Aug 29, 2011 Bobby V. Georgia

That video is telling. But I had a question. When you set up the fake network in your lab, what information did you use as bait? Seems like the US could attack China without actually breaking any laws. Just set up networks that look legit that the Chinese would hack. We could put anything we wanted into them and then China would think all kinds of crazy things are happening that are not real. I think its called a False Flag operation. If they are going to hack us, this is one way we can fight them without stooping to their level.

Show All Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above