Suivre ce blog Administration + Créer mon blog
1 avril 2015 3 01 /04 /avril /2015 16:35
Unit-61398 Chinese Army Cyberwarfare

Unit-61398 Chinese Army Cyberwarfare


March 31, 2015: Strategy Page


After years of denying any involvement in Cyber War or having organized units for that sort of thing, China suddenly admitted that it was all true. This was all laid out in the latest (March 2015) issue of a Chinese military publication (The Science of Military Strategy). This unclassified journal comes out about once a year and makes it possible for all Chinese military and political leaders to freely discuss new military strategies. The March edition went into a lot of detail about Chinese Cyber War operations. Most of these details were already known for those who could read Western media. Many details of Chinese Cyber War activities are published in the West, if only to warn as many organizations as possible of the nature and seriousness of the threat. Apparently the Chinese leadership decided that the secrecy about their Cyber War activities was being stripped away by foreigners anyway so why bother continuing to deny. Publish and take a victory lap.


Since the 1990s China has continued to expand its enormous Internet Army (as it is called in China). Not all these programs are successful. For example since 2011 there has been an effort to force companies to organize their Internet savvy employees into a cyber-militia and inspire these geeks to find ways to protect the firm's networks. But by 2013 it was clear this project was not turning out exactly as expected, as many of the volunteers had become successful, but unpopular, censors. It’s now widely accepted that one of the most annoying things for the new Chinese middle class is the censorship (especially on the Internet). The most annoying censorship is the online version that is carried out by paid and volunteer censors at your company or in your neighborhood. This use of “local activists” to control discussions and inform on possible troublemakers (or worse, like spies or criminals) is an old Chinese custom and one that was highly refined by the 20th century communists (first the Russians, who passed it on to their Chinese comrades). The old-school informer network suffered a lot of desertions and other damage during three decades of economic freedom. But the government has been diligent about rebuilding the informer and censor network online, where it’s easier for the busybodies to remain anonymous and safe from retribution. The on-line informers are also useful for keeping an eye on foreign businesses.


Internal and external espionage is one of the main reasons the Chinese government took an interest in the Internet back in the 1990s. This resulted in nearly two decades of effort to mobilize the Chinese people as an Internet army. It was in the late 1990s that the Chinese Defense Ministry established the "NET Force." This was initially a research organization, which was to measure China's vulnerability to attacks via the Internet. Soon this led to examining the vulnerability of other countries, especially the United States, Japan, and South Korea (all nations that were heavy Internet users). NET Force has continued to grow, aided by plenty of volunteers.


In 1999, NET Force organized an irregular civilian militia, the "Red Hackers Union" (RHU). These are several hundred thousand patriotic Chinese programmers and Internet engineers who wished to assist the motherland and put the hurt, via the Internet, on those who threaten or insult China. The RHU began spontaneously (in response to American bombs accidentally hitting the Chinese embassy in Serbia), but the government gradually assumed some control, without turning the voluntary organization into another bureaucracy. Various ministries have liaison officers who basically keep in touch with what the RHU is up to (mostly the usual geek chatter) and intervene only to "suggest" that certain key RHU members back off from certain subjects or activities. Such "suggestions" carry great weight in China, where people who misbehave on the web are very publicly prosecuted and sent to jail. For those RHU opinion-leaders and ace hackers that cooperate, there are all manner of benefits for their careers, not to mention some leniency if they get into some trouble with the authorities. Many government officials fear the RHU, believing that it could easily turn into a "counter-revolutionary force." So far, the Defense Ministry and NET Force officials have convinced the senior politicians that they have the RHU under control. Meanwhile, the hackers (or “honkers” after the Chinese word for “visitor”) became folk heroes and the opportunity to join your company’s contingent of the “Online Red Army” appealed to many as a chance to be like the honkers.


NET Force was never meant to be just volunteers. Starting in the late 1990s, China assembled the first of what eventually grew to 40,000 Ministry of Public Security employees manning the Golden Shield Project (nicknamed as The Great Firewall of China). This was an effort to monitor and censor Internet use throughout the country and punish those who got out of line. In the last decade, over a billion dollars has been spent on this effort. While the Great Firewall cannot stop someone who is expert at how the Internet works but it does greatly restrict the other 99 percent of Internet users. And it provides a lot of information about what is going on inside all that Internet traffic. Foreign intelligence agencies are beginning to find the Great Firewall of China is going from nuisance to obstacle. This has put government intelligence organizations in a difficult position. In the U.S. the feds feel compelled to seek assistance from, and work with, hackers who are developing new ways to tunnel through the Golden Shield. There are several non-governmental outfits that are involved with this effort, and most are hostile to intelligence agencies. Nevertheless, some relationships have been formed, to deal with mutual problems.


It's not only the intel agencies who are keen to learn their way around, and through, the Great Firewall. Cyber War organizations see the Great Firewall as a major defensive weapon as well. The Chinese have a much better idea of what is coming into their country via the Internet, and that makes it easier to identify hostile traffic and deal with it. Some American Cyber War officials are broaching the idea of building something like Golden Shield, just for military purposes. But that would be difficult in most Western countries because of privacy issues. But with Golden Shield China could unleash worms and viruses on the Internet and use their Great Firewall to prevent Chinese systems from becoming as badly infected. China needs every advantage it can get because it has the worst protected, and most infected, PCs in the world. This is largely the result of so many computers using pirated software and poorly trained operators.  Meanwhile, the thousands of people running the Golden Shield are gaining valuable experience and becoming some of the most skillful Internet engineers on the planet.


The Chinese military also has a growing number of formal Cyber War units, as well as military sponsored college level Cyber War courses. Western Internet security companies, in the course of protecting their customers, have identified a growing number of Chinese hacking organizations. Some work directly for the military, secret police or other government agencies. These Cyber War units, plus the volunteer organizations and Golden Shield bureaucrats apparently work closely with each other and have provided China with a formidable Cyber War capability. NET Force, with only a few thousand personnel, appears to be the controlling organization for all this. With the help of RHU and Golden Shield, they can mobilize formidable attacks, as well as great defensive potential. No other nation has anything like it and now the Chinese are bragging about it.

Partager cet article
26 mars 2015 4 26 /03 /mars /2015 12:35
Unit-61398-Chinese-Army Cyberwarfare

Unit-61398-Chinese-Army Cyberwarfare


25 mars 2015  par Daniel Ventre – 45eNord.ca


La Chine parle de l’existence de ses unités dédiées à la cyberdéfense (les médias anglo-saxons retiennent le vocable «cyberwarfare»). Selon McReynolds, chercheur au CSIS (Washington), la reconnaissance officielle de l’existence de ces unités serait contenue dans la dernière version de «The Science of Military Strategy » (décembre 2013).


On y apprendrait que les forces de cyberdéfense sont de trois types.

– les forces militaires spéciales de guerre sur les réseaux (specialized military network warfare forces) qui sont des unités militaires opérationnelles
– des équipes de spécialistes du monde civil (le ministère de la sécurité publique, le ministère de la sécurité d’Etat…) autorisées par l’armée à mener des opérations de cyberdéfense ;
– et des entités extérieures au gouvernement, qui peuvent être mobilisées, organisées pour de telles opérations.


Toujours du point de vue de McReynolds, cette reconnaissance officielle:

– vient conforter les Etats-Unis et nombre d’autres nations qui ont depuis plusieurs années mené des enquêtes sur les cyberattaques et concluant souvent à l’implication des acteurs étatiques chinois.
– vient mettre un terme à des années de déni de la part de la Chine, qui a toujours jusque-là refusé de reconnaître à la fois l’existence de structures de type cybercommandement ou le soutien des forces armées dans de quelconques cyberattaques, notamment à des fins d’espionnage industriel.
– Nécessite de repenser les coopérations engagées par la Chine en matière de lutte contre la cybercriminalité (on apprend au passage que la Chine aurait collaboré avec près de 50 pays dans le cadre d’enquêtes sur des milliers de cas de cybercriminalité au cours des 10 dernières années ; et conclu une trentaine d’accords bilatéraux, dont des accords avec les Etats-Unis et le Royaume-Uni). On ne saurait en effet, selon lui, faire confiance à des institutions étatiques chinoises qui d’un côté prétendent lutter contre la cybercriminalité, mais de l’autre soutiennent des opérations de hacking contre les intérêts des États avec lesquels elles coopèrent…


Cette analyse appelle des commentaires. La «révélation» de l’existence d’unités de cyberdéfense chinoises n’est pas véritablement un scoop. Les Etats modernes se dotent de capacités cyber, et la Chine a fait du cyberespace, on le sait depuis longtemps, l’un de ses domaines stratégiques. Que cela soit écrit dans un document officiel est certes important. Mais reconnaître l’existence de structures de cyberdéfense n’est pas l’aveu des cyberattaques qu’on leur attribue.


De l’organisation décrite, il ressort que se multiplient, comme ailleurs, les acteurs de la cyberdéfense. Et même si le tout peut paraître parfaitement hiérarchisé, des tensions au sein même des institutions étatiques pourraient gripper la machine. McReynolds évoque ce risque lorsqu’il affirme que des signes de tensions sont apparus, pour savoir qui de l’armée ou des institutions sécuritaires civiles doit assurer le leadership sur les cyber-opérations.

Partager cet article
18 janvier 2015 7 18 /01 /janvier /2015 20:55
Protéger son site Internet des cyberattaques


16 janvier 2015 ANSSI


L’actualité récente a entrainé un accroissement significatif du nombre d’attaques informatiques visant des sites Internet français. La très grande majorité de ces attaques sont des défigurations de sites Internet* (ou défacement), ou des dénis de service* (DDoS) qui exploitent les failles de sécurité de sites vulnérables.

L’ANSSI rappelle qu’il est possible de se prémunir de ces types d’attaques en appliquant les bonnes pratiques présentées dans les fiches qu’elles a préparées à cet effet disponibles ci-dessous : une fiche destinée à tout internaute et une fiche destinée aux administrateurs de site Internet.

Enfin, l’application des recommandations du guide d’hygiène informatique et de la note sur la sécurisation des sites web est fortement recommandée.


  • PDF - 229.4 ko
  • Fiche des bonnes pratiques en cybersécurité
    PDF - 229.4 ko
  • PDF - 352.8 ko
  • Fiche d’information pour les administrateurs de site
    PDF - 352.8 ko

*Défiguration (defacement) : Résultat d’une activité malveillante visant à modifier l’apparence ou le contenu d’un serveur Internet. Cette action malveillante est souvent porteuse d’un message politique et d’une revendication.  

*Déni de service (Denial of Service, DDoS) : Action ayant pour effet d’empêcher ou de limiter fortement la capacité d’un système à fournir le service attendu. Dans le cas d’un site Internet, celui-ci devient inaccessible à la consultation.

Partager cet article
30 mai 2013 4 30 /05 /mai /2013 11:35
Ces manoeuvres d'un nouveau type auront lieu en Mongolie intérieure, dans le nord du pays.

Ces manoeuvres d'un nouveau type auront lieu en Mongolie intérieure, dans le nord du pays.

29/05/2013 Par Arnaud de La Grange – LeFigaro.fr


Alors que le cyberespionnage complique la relation Washington-Pékin, l'armée chinoise va tester le mois prochain de «nouveaux types d'unités de combat utilisant de la technologie digitale». Vraisemblablement pour simuler la perturbation de réseaux de communication, de commandement et de contrôle.


Ces exercices militaires seront bien réels, mais le terrain sera en grande partie virtuel. L'armée chinoise va lancer le mois prochain ses premières manœuvres impliquant des «unités numériques», a rapporté mercredi la presse officielle. Les soldats chinois vont «tirer à blanc» sur les réseaux Internet, alors que la tension est vive entre Washington et Pékin sur les questions de cyberespionnage.


Ces manœuvres d'un nouveau type auront pour cadre la Mongolie-Intérieure, dans le nord du pays. Vont à cette occasion être «testés de nouveaux types d'unités de combat, utilisant de la technologie digitale pour s'adapter à la guerre moderne et informatique». Pour la «première fois» dans l'histoire de l'Armée populaire de libération (APL), ces moyens modernes seront combinés à des forces spéciales, de l'aviation et des unités de contre-mesure électronique. Vraisemblablement pour simuler la perturbation de réseaux de communication, de commandement et de contrôle.


Une arme «asymétrique»


En 2011, le ministère chinois de la Défense avait annoncé avoir créé une unité d'élite spécialisée dans la cyberguerre. Tout en précisant qu'il s'agissait uniquement de «capacités défensives et non pas d'attaque»… Composée officiellement d'un noyau de 30 membres et appelée «l'équipe cyberbleue», cette force a été placée sous le commandement de la région militaire de Canton (sud), avait précisé le quotidien Global Times. La faiblesse de ces effectifs fait sourire, quand on connaît les efforts de l'APL dans le domaine des cybercapacités. Des milliers, voire des dizaines de milliers d'hommes seraient affectés à ces missions. Au début de l'année, la société de sécurité informatique américaine Mandiant a identifié une formation - l'Unité 61398, basée à Shanghaï - alignant à elle seule plus de 2000 personnes. Elle serait à l'origine d'une vague d'attaques qui a visé des journaux américains, des sociétés et des agences du gouvernement américain.


L'armée chinoise, consciente de ne pouvoir affronter la puissance américaine de manière conventionnelle, n'a pas fait mystère de ses ambitions en matière de cyberguerre. Dès 1999, dans leur fameux essai La Guerre hors limites, deux colonels de l'armée de l'air chinoise ont insisté sur l'importance de cette arme «asymétrique». Un récent rapport du Congrès américain estime que «les experts de l'APL identifient de façon systématique les infrastructures logistiques, les systèmes de commandement et de contrôle et les centres de gravité stratégiques des États-Unis qu'ils attaqueraient en premier en cas de conflit». Et que leurs compétences sont désormais «très avancées».

Partager cet article
19 avril 2013 5 19 /04 /avril /2013 07:20
Is Cyber War the New Cold War?



April 19, 2013 By Trefor Moss – thediplomat.com


China and the U.S. both want a rules-based cyberspace, but do not see eye to eye. A potentially dangerous Cyber Cold War awaits if they cannot agree on some rules of engagement.


Cyberspace matters. We know this because governments and militaries around the world are scrambling to control the digital space even as they slash defense spending in other areas, rapidly building up cyber forces with which to defend their own virtual territories and attack those of their rivals.


But we do not yet know how much cyberspace matters, at least in security terms. Is it merely warfare’s new periphery, the theatre for a 21st century Cold War that will be waged unseen, and with practically no real-world consequences? Or is it emerging as the most important battle-space of the information age, the critical domain in which future wars will be won and lost?


Read more

Partager cet article
16 octobre 2012 2 16 /10 /octobre /2012 12:40
Iran's Cyber Warfare

October 16, 2012 By Dr. Gabi Siboni and Sami Kronenfeld / Institute for National Security Studies (INSS) - INSS Insight No. 375


Broad interstate cooperation needed to counter Iranian cyber activity


The recent statement by US Secretary of Defense Leon Panetta about the need to confront Iranian cyber warfare waged against American targets highlights developments of the last two years regarding Iran's extended activity to construct defensive and offensive cyber capabilities. Apparently underway is a large cyber campaign by Iran, both to attack various targets in retaliation for the sanctions imposed against it and to repel the cyber attacks directed at it.


Iran is working to develop and implement a strategy to operate in cyberspace. The approach by Supreme Leader Khamenei to opportunities and risks inherent in cyberspace, reflected in his March 2012 announcement on the establishment of the Supreme Cyber Council, shows how central the issue is in Iran. Defensively, Iran is working to realize two main goals: first, to create a "technological envelope" that will protect critical infrastructures and sensitive information against cyberspace attacks such as the Stuxnet virus, which damaged the Iranian uranium enrichment program, and second, to stop and foil cyberspace activity by opposition elements and opponents to the regime, for whom cyberspace is a key platform for communicating, distributing information, and organizing anti-regime activities. The Iranian program to create a separate, independent communications network is particularly important in this context.


Offensively, the cyberspace strategy is part of the doctrine of asymmetrical warfare, a central principle in the Iranian concept of the use of force. Cyberspace warfare, like other classical asymmetrical tactics such as terrorism and guerilla warfare, is viewed by Iran as an effective tool to inflict serious damage on an enemy with military and technological superiority. In a case of escalation between Iran and the West, Iran will likely aim to launch a cyber attack against critical infrastructures in the United States and its allies, including energy infrastructures, financial institutions, transportation systems, and others. In order to realize the goals of its strategy, Iran has allocated about $1 billion to develop and acquire technology and recruit and train experts. The country has an extensive network of educational and academic research institutions dealing with information technology, computer engineering, electronic engineering, and math. In addition, the government operates its own institute – the Iran Telecommunications Research Center, the research and professional branch of the Information and Communications Ministry. The institute trains and operates advanced research teams in various fields, including information security. Another government body is the Technology Cooperation Officer, which belongs to the president’s bureau, and initiates information technology research projects. This body has been identified by the European Union and others in the West as involved in the Iranian nuclear program.


The Iranian cyberspace system comprises a large number of cyber organizations, formally related to various establishment institutions and involved in numerous fields. One central organization with a primarily defensive orientation is the Cyber Defense Command, operating under Iran’s Passive Defensive Organization, affiliated with the General Staff of the Armed Forces. Alongside military personnel, this cyberspace organization includes representatives of government ministries, such as the ministries of communications, defense, intelligence, and industry, and its main goal is to develop a defensive doctrine against cyberspace threats. Another cyberspace body of a defensive nature is the MAHER Information Security Center, operating under the aegis of the communications and information technology ministry. The center is in charge of operating rapid response teams in case of emergencies and cyber attacks. Iran also has a Committee for Identifying Unauthorized Sites and FETA, the police cyberspace unit, which in addition to dealing with internet crime also monitors and controls Iranian internet usage, with emphasis on internet cafés throughout the country that allow relatively anonymous web surfing.


The picture is less clear regarding Iran’s offensive cyberspace capabilities. Clearly the capabilities of the Revolutionary Guards make Iran one of the most advanced nations in the field of cyberspace warfare, with capabilities, inter alia, to install malicious code in counterfeit computer software, develop capabilities to block computer communications networks, develop viruses and tools for penetrating computers to gather intelligence, and develop tools with delayed action mechanisms or mechanisms connected to control servers. There is also evidence of links between the Revolutionary Guards and hacker groups in Iran and abroad that operate against the enemies of the regime at home and around the world. The use of outsourcing allows the Revolutionary Guards and Iran to maintain distance and deniability about Iran’s involvement in cyberspace warfare and


cyber crime. A prominent hacker group linked to the Revolutionary Guards is the Ashiyane Digital Security Team, whose members are motivated by an ideology supporting the Iranian regime and the Islamic Revolution and who target the enemies of the regime for attack. The Basij, subordinate to the Revolutionary Guards, also became active in cyberspace when in 2010 established the Basij Cyberspace Council. The activities of the Basij focus primarily on creating pro-Iranian propaganda in cyberspace, and the organization works on developing more advanced cyberspace capabilities and using Revolutionary Guards cyberspace operatives to train hackers in high offensive capabilities.


Iran is already active offensively, as evidenced by several events in recent years. In 2011 there were two attacks on companies providing security permissions; most prominent was the attack from June to August 2011 on DigiNotar in the Netherlands, whose databases – the major source of SSL permissions in Holland – were attacked. During those months, certificates for authenticating websites, including the certificate authenticating the google.com domain, were stolen; the latter item allowed attackers to pose as Google and redirect Gmail servers. In fact, the attack allowed Iran to penetrate more than 300,000 computers, primarily in Iran, and seems to have been designed to monitor users at home for internal security purposes.


In September 2012, a number of financial institutions in the United States came under attack, including sites belonging to the Bank of America, Morgan Chase, and CitiGroup. According to American analysts, the most destructive attack occurred in August 2012 on the computers of the Saudi Arabian oil company Aramco and the Qatari gas company RasGas. The attack was carried out by means of a computer virus called Shamoo, which spread through company servers and destroyed information stored in them. A group called the Cutting Sword of Justice took responsibility for the attack and claimed it was aimed at the main source of income of Saudi Arabia, which was accused of committing crimes in Syria and Bahrain.


The development of Iran’s cyberspace capabilities and the most recent attacks should concern the United States as well as Israel. The success of the attack on Aramco computers is of concern because the standard defensive systems proved insufficient against the focused and anonymous attacks. It is therefore necessary to develop tools that can deal with such threats. One of the directions being developed involves identification, blocking, and neutralization of unusual behavior in computers under attack. Such tools could neutralize threats even after the malicious code managed to penetrate the targeted computer. The attack on Aramco was designed more to destroy information indiscriminately in tens of thousands of company computers and less (if at all) to gather intelligence. If intelligence gathering in cyberspace can be considered legitimate in some cases, a large scale attack such as the one by Iran against a civilian target marks a transition by Iran to retaliatory action. Secretary Panetta’s recent statement on the need to close accounts with those responsible for this attack demonstrates this, but what ultimately counts is the test of action and not of words.


The focus of Iran’s cyberspace activity directed against Israel and other countries in the West requires appropriate defensive arrangements, beginning with an up-to-date doctrine of cyberspace defense. The attackers’ sophistication requires intelligence-based defenses as well as the generic ones. In light of developments in Iran, the State of Israel must place the issue of Iranian cyberspace activity among its highest intelligence priorities, in order to identify advance preparations and foil attacks before they are underway. Similar to the Iranian nuclear program, the challenge is not Israel's alone, rather that of many other states in the West as well as the Gulf states. It is therefore necessary to initiate broad interstate cooperation to gather intelligence and foil Iranian cyber activity.



(Dr. Gabi Siboni is the head of the Cyber Warfare Program at INSS. Sami Kronenfeld is an intern in the program. This essay is shortened version of a forthcoming article on Iran’s cyberspace capabilities, to be published in the December issue of Military and Strategic Affairs.)

Partager cet article


  • : RP Defense
  • : Web review defence industry - Revue du web industrie de défense - company information - news in France, Europe and elsewhere ...
  • Contact


Articles Récents