Since an estimated 90% of TRANSCOM's distribution and deployment transactions are handled via unclassified commercial and Department of Defense networks, according to the report, this means Chinese hackers would also be going after civilian-sector companies in TRANSCOM. (The report points out that TRANSCOM combatant commander Gen. William Fraser noted in Senate testimony just last month there has been a 30% annual increase in network penetration attempts against TRANSCOM networks.)
"If the Chinese computer-network espionage team is able to compromise the civilian contractor network via even a rudimentary spear-phishing campaign, they will likely attempt to use valid employee network credentials, e.g. certificates, passwords, user names, and most significantly, network permissions; these elements provide all of the same access as the legitimate user to immediately begin navigating around the contractor network to compromise other machines and establish a command-and-control network before attempting to identify high-value data to penetrate TRANSCOM networks directly from the contractor's now compromised system," the report says.
The net result, the Northrop Grumman information security analysts speculate, is that Chinese hackers "would in effect have complete control over these critical logistics providers' networks."
As Chinese teams would move into TRANSCOM networks they "may have dual missions assigned to them." These, theoretically, would be collecting intelligence about U.S. military needs and intentions; also, "a data destruct mission to corrupt commercial or military databases supporting sea and airlift for TRANSCOM prior to the start of a Chinese assault on Taiwan or other military operation."
Contractors might not even be able to get into their own systems anymore.
The authors describe how this could be done to disrupt the air-refueling mission for U.S. forces by compromising the TRANSCOM Air Mobility Command which owns the Air Refueling Management System, described as a Web-based application that integrates data from multiple related databases supporting different aspects of the refueling mission. Chinese hacking teams could scan "the Internet-facing application searching for any of thousands of potential vulnerabilities that could be exploited with often longstanding, simple techniques such as structured query language (SQL) injection or cross-site scripting."
The authors of the "Occupying the Information High Ground" report contend that successfully carrying out this type of cyberwar tactic would not even require China's official PLA militia units trained in cyberwar. It could be done by "purely civilian freelance operators (elite hackers) with an existing relationship with the Chinese Ministry of Public Security or Ministry of State Security."