Chinese Information Warfare: The Panda That Eats, Shoots, and Leaves

Chinese hackers stole Google search engine secrets

BY:

Bill Gertz, senior editor of the Washington Free Beacon, describes the growing threat posed by information warfare in his new book, "iWar: War and Peace in the Information Age," (Threshold Editions). The following is an excerpt from the book, out this week.

The year is 2028. It is August and the weather is hot. People’s Liberation Army (PLA) Col. Sun Kangzhou and three highly trained special operations commandos from the Chengdu military region in southern China are sitting in two vehicles outside a Wal-Mart Supercenter in rural Pennsylvania about 115 miles northeast of Pittsburgh. Dressed in jeans, t-shirts, and work boots, the men appear to be just like any construction workers. In fact, Colonel Sun and his men are members of the elite Falcon special forces team. One of the vehicles is a heavy-duty pickup truck with a trailer carrying a large backhoe. The other is a nondescript blue sedan. The commandos’ target today is not a military base but something much more strategic.

It has been two weeks since the deadly military confrontation between a Chinese guided-missile destroyer and a U.S. Navy P-8 maritime patrol aircraft thousands of miles away in the South China Sea. The 500-foot-long Luyang II missile warship Yinchuan made a fatal error by firing one of its HHQ-9 long-range surface-to-air missiles at the P-8 as it flew some 77 miles away. The militarized Boeing 737 had been conducting a routine electronic reconnaissance mission over the sea, something the Chinese communist government in Beijing routinely denounces as a gross violation of sovereignty. The Chinese missile was tracked by the P-8’s sensors after a radar alarm signal went off, warning of the incoming attack. The advance sensor warning allowed the P-8 pilot to maneuver the jet out of range of the missile. The crew watched it fall into the sea. Fearing a second missile launch, the pilot ordered the crew to fire back. The aircraft bay doors opened and an antiship cruise missile, appropriately named SLAM-ER, for Standoff Land Attack Missile-Expanded Response, took off. Minutes later, the missile struck the ship, sinking the vessel and killing most of the crew.

unnamedThe South China Sea incident, as the military encounter was called, was just the kind of military miscalculation senior American military leaders feared would take place for years, as China’s military forces over the years had built up military forces on disputed islands and gradually claimed the entire strategic waterway as its maritime territory.

Following the South China Sea incident, U.S.-China tensions reached a boiling point with threats and counterthreats, including official Chinese government promises of retaliation. In Washington, phone calls to Chinese political leaders went unanswered. Beijing streets were filled with thousands of protesters in what were carefully orchestrated government-run demonstrations denouncing America. The demonstrators were demanding payback for sinking the warship. Tensions were the highest in history and threatened to end the peaceful period since the two major trading partners shelved their ideological differences beginning in the 1980s.

Colonel Sun and his team are now striking back in ways the United States would never suspect. The sabotage mission they have embarked on is unlike any conducted before and is one that China’s military over the past two decades has been secretly training to carry out: an information warfare attack on the American electrical power grid.

Chinese military intelligence hackers, after decades of covert cyber intrusions into American industrial control computer networks, have produced a detailed map of the United States’ most critical infrastructure—the electrical power grid stretching from the Atlantic to the Pacific and north and south between Canada and Mexico.

Unbeknownst to the FBI, CIA, or National Security Agency, the Chinese have discovered a strategic vulnerability in the grid near the commandos’ location. The discovery was made by China’s Unit 61398, the famed hacker group targeted in a U.S. federal grand jury indictment more than a decade earlier, which named five of the unit’s PLA officers. The officers and their supporters had laughed off the Americans’ legal action as just another ineffective measure by what Beijing believed had become the weakened “paper tiger” that was the United States.

The raid is code-named Operation Duanlu—Operation Short-Circuit—and was approved by the Communist Party of China Central Military Commission a day earlier. The commission is the ultimate power in China, operating under the principle espoused by People’s Republic of China founder Mao Zedong, who understood that political power grows from the barrel of a gun.

The two commandos in the truck drive off to a remote stretch of highway several miles away to a point that was previously identified near a large hardwood tree that has grown precariously close to a key local power line. The truck drives by the tree, whose roots have been weakened on the side away from the power lines by the commandos weeks earlier. The backhoe arm pushes the tree over and into the power lines, disrupting the flow of electricity and shutting down power throughout the area.

At precisely the same time as the tree strikes the power lines, Colonel Sun sits in the car, boots up a laptop computer, and with a few keystrokes activates malicious software that has been planted inside the network of a nearby electrical substation. The substation is one of the most modern power centers and is linked to the national grid through “smart grid” technology designed to better automate and operate the U.S. electrical infrastructure. The smart grid technology, however, has been compromised years earlier during a naïve

U.S. Energy Department program to cooperate with China on advanced electrical power transmission technology. The Chinese cooperated, and they also stole details of the new U.S. grid system and provided them to Chinese military intelligence.

Once in control of the substation’s network, Colonel Sun sets in motion a cascading electrical power failure facilitated by cyberattacks but most important carried out in ways that prevent even the supersecret National Security Agency, America’s premier cyber-intelligence agency, from identifying the Chinese cyberattackers and linking them to Beijing. The agency never recovered from the damage to its capabilities caused years earlier by a renegade contractor whose charges of illegal domestic spying led to government restrictions on its activities that ultimately prevent the agency from catching the Chinese before the electrical infrastructure cyberattack. For political leaders, the devastating power outage is caused by a tree in Pennsylvania, leading to a cascading power outage around the nation.

The Chinese conducted the perfect covert cyberattack, which cripples the United States, throwing scores of millions of Americans into pre-electricity darkness for months. Millions of deaths will ensue before Washington learns of the Chinese military role and, rather than fight back, makes a humiliating surrender to all Beijing’s demands—withdrawal of all U.S. military forces from Asia to areas no farther west than Hawaii, and an end to all military relationships with nations in Asia.

***

The above scenario is fictional. Yet the devastation a future information warfare attack would have on critical infrastructures in the United States is a real and growing danger.

No other nation today poses a greater danger to American national security than China, a state engaged in an unprecedented campaign of information warfare using both massive cyberattacks and influence operations aimed at diminishing what Beijing regards as its most important strategic enemy. Yet American leaders remain lost in a Cold War political gambit that once saw China as covert ally against the Soviet Union. Today the Soviet Union is gone but China remains a nuclear-armed communist dictatorship on the march.

From an information warfare stance, China today has emerged as one of the most powerful and capable threats facing the United States. By May 2016 American intelligence agencies had made a startling discovery: Chinese cyber-intelligence services had developed technology and network penetration skills allowing them to control the results of Internet searches conducted on Google’s world-famous search engine. By controlling one of the most significant Information Age technologies used in refining and searching the massive ocean of data on the internet, the Chinese are now able to control and influence what millions of users in China see when they search using Google. Thus a search for the name Tiananmen—the main square in Beijing, where Chinese troops murdered unarmed prodemocracy protesters in June 1989—can be spoofed by Chinese information warriors into returning results in which the first several pages make no reference to the massacre. The breakthrough is similar to the kind of totalitarian control outlined in George Orwell’s novel Nineteen Eighty-Four with the creation of a fictional language called Newspeak, which was used to serve the total dominance of the state.

Technically, what China did was a major breakthrough in search engine optimization—the art and science of making sites appear higher or lower in search listings. The feat requires a high degree of technical skill to pull off and would require learning the secret algorithms—self-contained, step- by-step computer search operations—used by Google. The intelligence suggests that Chinese cyberwarfare researchers had made a quantum leap in capability by actually gaining access to Google secrets and machines and adjusting the algorithms to make sure searches are produced according to Chinese information warfare goals.

Those goals are to promote continued rule by the Communist Party of China and to attack and defeat China’s main enemy: the United States of America. Thus Chinese information warriors can continue the lies and deception that China poses no threat, is a peaceful country, does not seek to take over surrounding waterways, and does not abuse human rights, and that its large-scale military buildup is for purely defensive purposes.

The dominant battle space for Chinese information warfare programs is the internet, using a combination of covert and overt means. The most visible means of attack can be seen in Chinese media that is used to control the population domestically, and to attack the United States, Japan, and other declared enemies through an international network of state-controlled propaganda outlets, both print and digital, that have proved highly effective in influencing foreign audiences. One of the flagship party mouthpieces is China Daily, an English-language newspaper with a global circulation of 900,000 and an estimated 43 million readers online. China Central Television, known as CCTV, operates a 24-hour cable news outlet as well to support its information warfare campaigns.

One of the most damaging Chinese cyberattacks against the United States was the theft of federal employee records in the Office of Personnel Management (OPM) in 2015. That attack took place after an earlier private sector cyber strike against millions of medical records held by the major health-care provider Anthem.

The data theft included the massive loss of 21.5 million records. Worse, the OPM delicately announced that among those millions of stolen records was “an incident” affecting background investigation records, among some of the most sensitive information in the government’s possession used in determining eligibility for access to classified information.

It was a security disaster for the millions who held security clearances and were now vulnerable to Chinese intelligence targeting, recruitment, and neutralization. A senior U.S. intelligence official briefed on the classified details of the OPM told me that the early technical intelligence analysis of the data theft revealed that it was part of a PLA military hacking operation. “It is fair to say this is a Chinese PLA cyberattack,” said the official, adding that the conclusion was based on an analysis of the software operating methods used to gain access to the government network.

The threat was not theoretical. In the months after the OPM breach, several former intelligence officials began receiving threatening telephone calls that authorities believe stemmed from the compromised information obtained from OPM background investigation data hacked by the Chinese.

The response by the Obama administration to the Chinese hacking was to ignore it, despite appeals from both national security officials and private security experts that immense damage was being done to American interests and that something needed to be done to stop the attacks.

The White House, however, under Obama had adopted a see-no-evil approach to Chinese hacking that would endure throughout his administration and border on criminal neglect. On several occasions, Obama and his key White House aides were presented with proposals for proactive measures against the Chinese designed to send an unmistakable signal to Beijing that the cyberattacks would not be tolerated. Intelligence officials revealed to me that beginning in August 2011, a series of policy options were drawn up over three months. They included options for conducting counter-cyberattacks against Chinese targets and economic sanctions against key Chinese officials and agencies involved in the cyberattacks. The president rejected all the options as too disruptive of U.S.-China economic relations. Obama never explained why he refused to take action against China, but he clearly rejected anything that might make the United States appear as a world leader and power.

By the summer of 2015, the group of sixteen U.S. intelligence agencies—including the CIA, DIA, and NSA—that make up what is called the intelligence community weighed in on the growing threat of strategic cyberattacks against the United States. In their top-secret National Intelligence Estimate, the consensus was that as long as the continued policy of not responding remained in place, the United States would continue to be victimized by increasingly damaging cyber- attacks on both government and private sector networks. A strong reaction was essential.

Chinese cyberattacks have been massive and have inflicted extreme damage to U.S. national security.

Among the exotic Chinese information weapons Beijing plans to use in a future conflict are holographic projectors and laser-glaring arms that can present large unusual images in the skies above enemy forces that would simulate hallucinations among troops on the ground, according to one recent translated Chinese military report on the subject.

Traditional propaganda also will be used, including "public opinion propaganda and PSYWAR weapons to execute psychological attacks against the enemy, so as to disrupt the enemy command decision making, disintegrate the enemy troop morale, and shake the enemy’s will to wage war,” according to recently translated Chinese military writings.

Stefan Halper, a Cambridge University professor and editor of Pentagon study on Chinese information warfare, told me the Chinese are far more advanced than the Pentagon in the art of information war. “We’re in a period where it’s not whose army wins. It’s whose story wins, and the Chinese figured that out very quickly,” Halper says. “They’re way ahead of us in this. We’re in an age where nuclear weapons are no longer usable. They understand that. We keep nattering on about nuclear capabilities, and shields and so on, but it’s really quite irrelevant.”

As Jake Bebber, a U.S. Cyber Command military officer, put it, the threat from China and its strategy of seeking the destruction of the United States have been misunderstood by the U.S. government and military. “China seeks to win without fighting, so the real danger is not that America will find itself in a war with China, but that America will find itself the loser without a shot being fired,” he wrote in a report for the Center for International Maritime Security.

In the future, an American president must come to the realization that the decades-long policy of appeasing and accommodating the communist regime in Beijing is not just contrary to American national interests, but is in fact advancing a new strategic threat to free and democratic systems everywhere.

Retired army lieutenant general and former DIA director Michael Flynn, the incoming White House national security adviser, has criticized the failure to understand Information Age threats and respond to them forcefully.

“Until we redefine warfare in the age of information, we will continue to be viciously and dangerously attacked with no consequences for those attackers,” he told me. “The extraordinary intellectual theft ongoing across the U.S.’s cyber-critical infrastructure has the potential to shut down massive components of our nation’s capabilities, such as health care, energy, and communications systems. This alone should scare the heck out of everyone.”

China today employs strategic information warfare to defeat its main rival: the United States. China’s demands to control social media and the Internet are part of its information warfare against America and must be resisted if free and open societies and the information technology they widely use are to prevail. China remains the most dangerous strategic threat to America—both informationally and militarily.

For more information, see iwarbook.com

Copyright © 2017 by Bill Gertz. Reprinted by permission of Threshold Editions, an imprint of Simon & Schuster, Inc. All rights reserved.