Information Warfare: An Emerging and Preferred Tool of the People’s Republic of China

China’s information warfare capabilities and practice

To transform its information warfare thinking into practice, China is actively developing a body of intellectual and physical capital that it hopes will place it among the worlds leaders in IW.  According to the Pentagon’s 2006 Report on the Military Power of the People’s Republic of China, the PRC is working to ensure that “militia [and] reserve personnel would make civilian computer expertise and equipments available to support PLA training and operations.”1 It is seeking personnel from “academies, institutes, and information technology industries” so as to integrate them “into regular military operations.”2 These units are trained to “support active PLA forces” by mounting large-scale IW  assaults on adversary networks.3 This combination of civil/military efforts in war dates back to the Maoist doctrine of “People’s War,” and has great traction in modern China.  It also comports with the famous dictum of Deng Xiaoping of “jun min jie he,” or “combine the civil and the military.”

These integrated IW capabilities are directed primarily at the American military.  In the field of computer network operations, the Pentagon notes that the PLA operates computer virus-creating units whose goal is to attack enemy computer systems and networks.  One type of virus, called Myfip, is particularly well-suited to information warfare. It is usually well-disguised, and once activated on poorly protected network systems, can wreak havoc on an organization’s information infrastructure.  In one attack, pilfered information was traced back to Tianjin City in the People’s Republic of China.  (Myfip Intellectual Property theft Worm Analysis, 2005)  This sort of assault is capable of compromising an entire network information system and stealing any of the following file types:

  • .pdf – Adobe Portable Document Format
  • .doc – Microsoft Word Document
  • .dwg – AutoCAD drawing
  • .sch – CirCAD schematic
  • .pcb – CirCAD circuit board layout
  • .dwt – AutoCAD template
  • .dwf – AutoCAD drawing
  • .max – ORCAD layout
  • .mdb – Microsoft database

Any network infected with Myfip would be subject to losing its organization’s documents, plans, communications and database.  Any or all of the critical information could be stolen.  Even more insidious is the idea that without proper monitoring the target may have had all of its proprietary information stolen and be totally unaware.

In recent years, hackers and IW practitioners in China have been actively testing U.S. cyber defenses with a series of low-level assaults and incursions.  The 2006 Report to Congress of the U.S.-China Economic and Security Review Commission states that these activities amount to a program of “cyber reconnaissance” in which China is “probing the computer networks of U.S. government agencies as well as private companies” with the aim of “identifying weak points in the networks, understanding how leaders in the U.S. think, discovering the communications patterns of American government and private companies, and attaining valuable information stored throughout the networks.”4

There are several recent examples such “probes”:

  • In late 2006, computer banks at the U.S. National Defense University were shut down by a large-scale cyber assault.5 NDU was in the middle of a large electronic war-simulation at the time of the attack.  The attack was not publicized.
  • Also late in 2006, the entire Naval War College computer network was shut down by a Chinese intrusion.  One report hinted that  the attack was aimed at NWC’s Strategic Studies Group, which had been developing modern cyberwarfare concepts.6
  • In the summer of 2006, computers at the Commerce Department’s Bureau of Industry and Science were offline for more than a month  after a cyberattack based in China.  The stealthy assault was aimed at the office which controls high-tech exports to China.7
  • Most recently, a June 2007 attack was able to shut down several email communication systems in the office of the Secretary of Defense.  While many media outlets noted that the intrusion came from China, DoD official were more reticent about naming a source.8

One of China’s preferred methods for perpetrating such an attack is through a so-called Distributed Denial of Service (DDS).  Put simply, a DDS attack occurs when a target is overwhelmed by “botnets” that make a request for service from a single information resource.  Botnets are extensive networks of computers enlisted by the attacker to overload the response capability of the targeted information system.  These computer foot soldiers are known as “zombies” in industry parlance, and can often number more than 100,000 per attack.  In the cyber attack on Estonia in May, some new outlets report that the network employed may have enlisted more than one million members.9 In the case of China, the scholar Timothy Thomas reports that numerous techniques, such as marshalling botnets, have found a home in several units of China’s 1.5 million-man military reserve forces.10

William Perry
Latest posts by William Perry (see all)

    Please Share: