Risk
8/23/2011
01:55 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Chinese Military Documentary Reveals Alleged Attack Software

Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
A military documentary broadcast in China last month on a government-run TV channel has revealed what appears to be software designed for cyber warfare.

The documentary, titled "Military Technology: Internet Storm is Coming," has been posted to YouTube and was available on the CCTV website at the time this article was filed.

The existence of the software was first reported by The Epoch Times, a publication founded by members of the Falun Gong, a religious organization that's banned in China. The cyber war software--it has a button labeled "Attack" and a menu labeled "Select Attack Destinations" -- lists Falun Gong websites as preset targets.

"The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China's People's Liberation Army--direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group," the Epoch Times report states.

The distinction between this attack software and penetration testing software used by security researchers around the globe to identify vulnerabilities is probably relatively minor, apart from the aggressive wording of menus and buttons.

In a blog post, Mikko H. Hypponen, chief research officer at F-Secure, notes that the Chinese documentary initially appears to be fairly standard fare about the risks of cyber warfare. "However, while they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target," he wrote. "This is highly unusual. The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it."

The documentary shows someone choosing the IP address 138.26.72.17 to attack. This address is associated with the University of Alabama in Birmingham, Ala.

A person answering the phone at the domain contact phone number declined to be identified but said that the address has been inactive for several years and had been associated with a website run by a university student involved in Falun Gong.

For years, there have been accusations that the Chinese government has endorsed or sponsored cyberattacks against the U.S. and U.S. companies, most notably the cyberattack from China that Google reported in early 2010. That attack was said to have affected at least 30 companies and organizations. More recently, security company McAfee reported on a series of related attacks that it refers to in aggregate as "Operation Shady Rat."

The U.S. Department of State did not immediately respond to a request for comment. In a speech last year following the attack reported by Google, Secretary of State Hillary Clinton said, "Countries or individuals that engage in cyber-attacks should face consequences and international condemnation."

The Chinese government has consistently denied that it is involved in cyberattacks and has claimed that it is the biggest victim of cyberattacks.

While the Chinese government has not produced evidence of this, it's clear that China is not the only nation-state conducting cyber warfare operations. The sophisticated Stuxnet cyberattack on Iran's nuclear infrastructure, for example, is widely believed to have come from the U.S. and/or Israel.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

CVE-2014-9709
Published: 2015-03-30
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.