Risk
8/23/2011
01:55 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Chinese Military Documentary Reveals Alleged Attack Software

Government-run TV channel program accidentally reveals what appears to be software designed for cyber warfare.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
A military documentary broadcast in China last month on a government-run TV channel has revealed what appears to be software designed for cyber warfare.

The documentary, titled "Military Technology: Internet Storm is Coming," has been posted to YouTube and was available on the CCTV website at the time this article was filed.

The existence of the software was first reported by The Epoch Times, a publication founded by members of the Falun Gong, a religious organization that's banned in China. The cyber war software--it has a button labeled "Attack" and a menu labeled "Select Attack Destinations" -- lists Falun Gong websites as preset targets.

"The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China's People's Liberation Army--direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group," the Epoch Times report states.

The distinction between this attack software and penetration testing software used by security researchers around the globe to identify vulnerabilities is probably relatively minor, apart from the aggressive wording of menus and buttons.

In a blog post, Mikko H. Hypponen, chief research officer at F-Secure, notes that the Chinese documentary initially appears to be fairly standard fare about the risks of cyber warfare. "However, while they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target," he wrote. "This is highly unusual. The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it."

The documentary shows someone choosing the IP address 138.26.72.17 to attack. This address is associated with the University of Alabama in Birmingham, Ala.

A person answering the phone at the domain contact phone number declined to be identified but said that the address has been inactive for several years and had been associated with a website run by a university student involved in Falun Gong.

For years, there have been accusations that the Chinese government has endorsed or sponsored cyberattacks against the U.S. and U.S. companies, most notably the cyberattack from China that Google reported in early 2010. That attack was said to have affected at least 30 companies and organizations. More recently, security company McAfee reported on a series of related attacks that it refers to in aggregate as "Operation Shady Rat."

The U.S. Department of State did not immediately respond to a request for comment. In a speech last year following the attack reported by Google, Secretary of State Hillary Clinton said, "Countries or individuals that engage in cyber-attacks should face consequences and international condemnation."

The Chinese government has consistently denied that it is involved in cyberattacks and has claimed that it is the biggest victim of cyberattacks.

While the Chinese government has not produced evidence of this, it's clear that China is not the only nation-state conducting cyber warfare operations. The sophisticated Stuxnet cyberattack on Iran's nuclear infrastructure, for example, is widely believed to have come from the U.S. and/or Israel.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

CVE-2014-3372
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90589.

CVE-2014-3373
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed Number Analyzer interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCup92550.

CVE-2014-3374
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582.

CVE-2014-3375
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90597.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.