Risk
8/23/2011
01:55 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Chinese Military Documentary Reveals Alleged Attack Software

Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
A military documentary broadcast in China last month on a government-run TV channel has revealed what appears to be software designed for cyber warfare.

The documentary, titled "Military Technology: Internet Storm is Coming," has been posted to YouTube and was available on the CCTV website at the time this article was filed.

The existence of the software was first reported by The Epoch Times, a publication founded by members of the Falun Gong, a religious organization that's banned in China. The cyber war software--it has a button labeled "Attack" and a menu labeled "Select Attack Destinations" -- lists Falun Gong websites as preset targets.

"The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China's People's Liberation Army--direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group," the Epoch Times report states.

The distinction between this attack software and penetration testing software used by security researchers around the globe to identify vulnerabilities is probably relatively minor, apart from the aggressive wording of menus and buttons.

In a blog post, Mikko H. Hypponen, chief research officer at F-Secure, notes that the Chinese documentary initially appears to be fairly standard fare about the risks of cyber warfare. "However, while they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target," he wrote. "This is highly unusual. The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it."

The documentary shows someone choosing the IP address 138.26.72.17 to attack. This address is associated with the University of Alabama in Birmingham, Ala.

A person answering the phone at the domain contact phone number declined to be identified but said that the address has been inactive for several years and had been associated with a website run by a university student involved in Falun Gong.

For years, there have been accusations that the Chinese government has endorsed or sponsored cyberattacks against the U.S. and U.S. companies, most notably the cyberattack from China that Google reported in early 2010. That attack was said to have affected at least 30 companies and organizations. More recently, security company McAfee reported on a series of related attacks that it refers to in aggregate as "Operation Shady Rat."

The U.S. Department of State did not immediately respond to a request for comment. In a speech last year following the attack reported by Google, Secretary of State Hillary Clinton said, "Countries or individuals that engage in cyber-attacks should face consequences and international condemnation."

The Chinese government has consistently denied that it is involved in cyberattacks and has claimed that it is the biggest victim of cyberattacks.

While the Chinese government has not produced evidence of this, it's clear that China is not the only nation-state conducting cyber warfare operations. The sophisticated Stuxnet cyberattack on Iran's nuclear infrastructure, for example, is widely believed to have come from the U.S. and/or Israel.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8617
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-2209
Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.