Did China Really Expose a Cyber Attack Tool?

Tuesday, August 30, 2011

Joel Harding


On August 22nd, 2011, the Epoch Times published a story entitled “Slip-Up in Chinese Military TV Show Reveals More Than Intended“. 

I quickly sent the link to some friends, asking for their opinion.  The picture was the most enticing part of the whole article, having seen a similar attack tool suite called Xerxes.

One of the responses was a well thought out note from a friend from China.  He changed the subject line to “Fake, fake!” 

He pointed out that using the name “Falun Gong”, even as an attack target, was strictly forbidden.  He also pointed out that any such action would come from security folks and not the military.

I also looked at the picture of the screen itself and it looks… Uh, weird. I tend to give the benefit of the doubt and I’ll say it wasn’t a screen video capture, but probably a cell phone picture of a television screen.

But imagine if it is real.  Imagine that China just had one of their most protected cyber weapons exposed and publicly aired? 

Wow, it’s really cool that we have proof positive that China not only has the capabilities but has been caught red-handed attacking a website, and the target they’re attacking is located inside the US! I’m sure somebody at the new US Cyber Command jumped up and down and said, “Yes! We have proof!”  Maybe somebody at the CIA said “Darn it, scooped again!”

…and I say “Big Whup”. 

In other words, what do we really have?  Nothing, I tell you, nothing.  Dagnabit.  We have a really neat screen shot out of a video, of a Graphical User Interface or GUI, that contains mostly accurate Chinese translations and indicates somehow a cyber attack is being launched against an illegal (in China) site which is physically located inside the US. 

But did it happen?  The reporters, Matthew Robertson & Helena Zhu, called the network administrators at the University of Alabama in Birmingham (UAB) and spoke with them, the IP addresses have not been used since 2010.

Next, have we exposed a top-secret tool, a suite of cyberattack weapons that will unleash heck and havoc over someone’s networks and bring them begging, to their knees?  I think not. 

What you see is a simplistic last generation attack tool suite that probably launches a series of incomplete commands at a server, hoping to overwhelm the server and make it reboot or shutdown.  I’m sorry, but that technology is approximately five years old and was obsolete almost immediately.

Would the censors at the PLA be so stupid as to actually allow something that might be sensitive to be photographed?  Nay, I say, nay (in other words, no). 

Whenever I allowed photographs to be taken in an area where I worked that contained classified material, you can make darn sure we never, ever allowed anything classified to be even exposed to a photographer, even if he or she were cleared for access.  I’m sorry, but I took no chances.  So why would the PLA be any less disciplined?

If I had to do a gut check, I choose to be a doubter in this case.  I would say that someone in Taiwan had some free time on their hands and created a simple GUI interface designed to look like an attack tool. 

It’s fairly easy to do and look at the Return on Investment, the ROI!  It is juicy and I’d really love to believe it, but (and you can quote me)  I don’t think so.   Fake, fake.

Update: I received word from Dr. James Mulvenon that the translation is accurate.

Cross-posted from To Inform is to Influence

Possibly Related Articles:
Information Security
China Attacks National Security Cyber Warfare U.S. Cyber Command Automated Attacks
Post Rating I Like this!
JT Edwards Yea, but why would the go to the trouble of picking an obscure university’s IP and why Falun Gong? Falun Gong is an internal issue that few outside of China care about or understand. If you were Taiwan and you were dreaming this up you would pick a better target for your fake. Also if this was a fake to make them look bad I don’t think it would have been left up for as long as it was. More likely (in my opinion) this was intentional. The question is who was the audience? Was it internal, Falun Gong in general, foreign dissidents, or maybe just some cyber saber rattling.
K0nsp1racy I have a tendency to agree with Joel; however, a large portion of information warfare is the ability to have a psychological advantage through propaganda. I think that regardless of authenticity, the message was received and served a purpose in the silent war.
Krypt3ia Its the Chinese LOIC http://t.co/Hf6hhIN There is nothing here to talk about but the media have blown this up to the usual epic proportions of misinformation.
JT Edwards Well maybe a little to see.. Sure it is blown out of proportion and it is just China being China. It is however interesting that it got leaked. The tool itself or the fact that China.. wait for it.. Hacks western organizations is not new or even interesting. I do think it is interesting to ask this question, why? As in why did this get leaked.
Joel Harding Quick update: The Chinese removed the official version and are denying its existence... but it's still on YouTube!

Okay, now say for instance that what they showed WAS the real deal and somebody just screwed up and wanted to show off SOMETHING. It's a last generation tool so why not show it?

It makes sense. They leaked photos of the J-20 stealth fighter in January, seven years pre-production by painted with post-production combat paint..

They may well be rattling their saber to, if nothing else, say 'look, we have the capability. Hear our roar. ...and by showing this old technology, you should fear what you don't see and don't know.'

At least one commander out there is now saying "What if they weren't lying? What if..."
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.