China has been accused so often of being the source of waves of cyberattacks against U.S. government and corporate sites that "Chinese hackers" have become the bogeyman of global cyberwar.
The Chinese government has denied any involvement, going so far as to claim its servers are attacked more often than any in the world, imply the attacks may only be routed through China and not originate there and claim hacking the servers of foreign governments for very specific information about Taiwan and other concerns of Chinese government officials is a kind of folk hobby that country people engage in to keep themselves entertained.
A 20-minute documentary released by the Chinese military may give the lie to all those stories.
The documentary, titled "Military Technology: Internet Storm is Coming" is designed as a warning about the growing threat of international cyberwar.
For about six seconds during the video, however, the screen shows what analysts at security company F-Secure Labs describe as a hacking tool being used on a Chinese government system to attack a site housed in a U.S. university.
The IP address of the site (22.214.171.124), which is affiliated with the dissident religious group Falun Gong , is assigned to the University of Alabam in Birmingham.
The video, which originally ran on the Chinese government-sponsored site CCTV 7: Military and Agriculture.
According to Epoch Times, a Chinese/English publication often critical of the Chinese Communist government, the screenshots show the name of the software and the university where it was developed – the Electrical Engineering University of China's People's Liberation Army.
The software window says "Choose Attack Target." The computer operator selects an IP address from a list—it happens to be 126.96.36.199—and then selects a target. Encoded in the software are the words "Falun Gong website list," showing that attacking Falun Gong websites was built into the software.
A drop-down list of dozens of Falun Gong websites appears. The computer operator chooses Minghui.org, the main website of the Falun Gong spiritual practice," the Epoch Times report said.[/blockquote]
<iframe title="YouTube video player" class="youtube-player" type="text/html" width="580" height="353" src=" http://www.youtube.com/v/L_Wu1HlZbBk " frameborder="0" allowFullScreen></iframe>
The attack in the video fits some part of the profile of targets hit with similar methods, sources and goals that led security vendor McAfee to classify five years worth of attacks on 70 targets in 14 countries as Operation Shady RAT.
Shady RAT attacks typically appear to come from Asia, often China, and often target political groups or countries of particular interest to the Chinese government, including Taiwan and Falun Gong, the McAfee report said.
McAfee concluded the attacks originated from one major state, but declined to say which.
Epoch Times, which translated audio and text from the documentary, wrote that its intent was to warn that the U.S. is a leader in global cyberwar and that China is highly vulnerable.
Earlier this month the Chinese Computer Network Emergency Response Technical Team (CNCERT) released a report showing China-based computers were hit with 480,000 trojan horse attacks, 221,00 direct attacks against 35,000 sites, most of them Chinese government sites.
Of those, 14.7 percent came from IP addresses in the U.S., the report said.
"America is the first country to propose the concept of a cyberwar, and the first country to implement it in a real war," the documentary narrator said at one point.
Even propagandists would be embarrassed to make that charge if they'd read the U.S. Government Accountability Report showing the U.S. military had spent the past 19 years peripatetically trying to develop a cyberwar capability and failing miserably.
The Pentagon only started taking cyberwar seriously two or three years ago, has no coherent cyberwar strategy, no consistent funding or development of cyber-defense and no solid plans on how to move forward, according to the GAO's July 25 report.
China, on the other hand, is one of a handful of countries not only taking advantage of the speed and low cost of cyberespionage to ferret out the secrets of the U.S, it is the most blatant and aggressive, according to testimony James Clapper, director of National Intelligence gave the Senate Armed Services Committee in March.
Idividual units within the military appear to have a good grasp on some targets and methods of attack, including the Stuxnet virus, which was allegedly developed in the U.S. with help from Israel.
Intelligence agencies including the NSA and CIA also allegedly have active cyberwar operations.
None is effective in the least at slowing the flow of attacks from Chinese hackers who work in such great numbers and with such impunity that even having a video camera in the room recording what the Pentagon considers an act of war makes the start of an attack the least bit exciting.
If what the narrator said was true about the U.S. originating cyberattacks, the cyberwarriors in the room would look nervous, or at least focused and ready to encounter possible defenses.
Instead they treat the whole thing as if it were no more dangerous than running a defrag or A/V scan.
Even more interesting – the hacking tool isn't an ultra-specialized Linux script or subroutines controlled by a text interface.
It's a GUI with big buttons and pull-down menus so non-specialists can run the attacks, literally, by picking the target from list and pushing the "attack" button.
The browser you're looking at right now is more complicated to operate.
It takes time and a lot of practice to reduce the GUI of any app to something so simple complex attacks can be launched even by people with almost no training.
None of those things make it look as if the Chinese are trailing the U.S. in anything having to do with cyberwar – especially not practice.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.