Risk
8/23/2011
01:55 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Chinese Military Documentary Reveals Alleged Attack Software

Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
A military documentary broadcast in China last month on a government-run TV channel has revealed what appears to be software designed for cyber warfare.

The documentary, titled "Military Technology: Internet Storm is Coming," has been posted to YouTube and was available on the CCTV website at the time this article was filed.

The existence of the software was first reported by The Epoch Times, a publication founded by members of the Falun Gong, a religious organization that's banned in China. The cyber war software--it has a button labeled "Attack" and a menu labeled "Select Attack Destinations" -- lists Falun Gong websites as preset targets.

"The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China's People's Liberation Army--direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group," the Epoch Times report states.

The distinction between this attack software and penetration testing software used by security researchers around the globe to identify vulnerabilities is probably relatively minor, apart from the aggressive wording of menus and buttons.

In a blog post, Mikko H. Hypponen, chief research officer at F-Secure, notes that the Chinese documentary initially appears to be fairly standard fare about the risks of cyber warfare. "However, while they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target," he wrote. "This is highly unusual. The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it."

The documentary shows someone choosing the IP address 138.26.72.17 to attack. This address is associated with the University of Alabama in Birmingham, Ala.

A person answering the phone at the domain contact phone number declined to be identified but said that the address has been inactive for several years and had been associated with a website run by a university student involved in Falun Gong.

For years, there have been accusations that the Chinese government has endorsed or sponsored cyberattacks against the U.S. and U.S. companies, most notably the cyberattack from China that Google reported in early 2010. That attack was said to have affected at least 30 companies and organizations. More recently, security company McAfee reported on a series of related attacks that it refers to in aggregate as "Operation Shady Rat."

The U.S. Department of State did not immediately respond to a request for comment. In a speech last year following the attack reported by Google, Secretary of State Hillary Clinton said, "Countries or individuals that engage in cyber-attacks should face consequences and international condemnation."

The Chinese government has consistently denied that it is involved in cyberattacks and has claimed that it is the biggest victim of cyberattacks.

While the Chinese government has not produced evidence of this, it's clear that China is not the only nation-state conducting cyber warfare operations. The sophisticated Stuxnet cyberattack on Iran's nuclear infrastructure, for example, is widely believed to have come from the U.S. and/or Israel.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6856
Published: 2014-10-02
The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6857
Published: 2014-10-02
The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6858
Published: 2014-10-02
The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6859
Published: 2014-10-02
The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6860
Published: 2014-10-02
The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.