yber espionage is the great equalizer.120 Countries no longer have to spend billions of dollars to build globe-spanning satellites to pursue high-level intelligence gathering when they can do so via the web.

—Shadows in the Cloud

While China’s human spy network relentlessly “vacuums” whatever secrets it can from whatever American university campuses, businesses, research labs, and government offices its agents can penetrate, China’s growing cadres of computer hackers arguably pose an equal, and perhaps even greater, threat.

To date, China’s “Red Hacker” brigades have infiltrated NASA, the Pentagon, and the World Bank; hit the U.S. Commerce Department’s121 Bureau of Industry and Security so hard it had to trash hundreds of computers; emptied the hard drives of the Lockheed Martin F-35 Joint Strike Fighter project; and virtually carpet-bombed122 the U.S. Air Force’s air traffic control system. They have also hacked the computers of reform-minded Congressmen as well as the House Foreign Affairs Committee.

During the 2008 Presidential campaign,123 Beijing’s Red Hacker brigades even broke into the email servers of both the Obama and McCain campaigns as well as the Bush White House. And in one of the most brazen breeches124 of diplomatic protocol, the laptops of the United States Commerce Secretary and several of his staff were kidnapped and loaded with spy software during a trade mission to Beijing.

In addition, while traditional spycraft has often relied on the “honeypot trap”—a Mata Hari mistress to extract secrets during pillow talk or a lady of the night to put potential marks into compromising positions—China’s virtual spymasters are now using a new variety of digital “honeypots” to hijack data from computers. Indeed, beyond the usual prostitutes and bugged hotel rooms in Shanghai, China’s agents are now offering virus-laden memory cards and even whole digital cameras as gifts. According to Britain’s MI5 secret service department, when attached to the victim’s computers, these nefarious125 digital honeypots install software that allows hackers to take control.

In fact, being a hacker in China is “sort of like being a rock star,”126 says China-hacking expert and author of The Dark Visitor, Scott Henderson. It’s even a career that reportedly up to one-third127 of Chinese school kids aspire to.

Like an online mirror of China’s distributed spy network, large cadres of amateurs handle much of the grunt work in what is a massive cyberwarfare effort. Every day, thousands of these so-called “hacktivists” continually probe, vandalize, and rob the institutions of the West—as well as Asian rivals like Japan and India.

In considering the extent of the Chinese cyberwarfare threat, it is first useful to identify the major goals of cyberespionage. The simplest is to disrupt the operations of Western systems by vandalizing websites or by overwhelming the servers with a “denial of service” attack.

A second obvious goal is to steal valuable information: credit card numbers and identities at the individual level; technologies, bid documents, corporate financials, and trade secrets at the industrial level; and weapons systems at the military level.

Still a third goal of cyberwarfare is to corrupt data in a way that causes significant downstream damage. For instance, by compromising stock or bond market trading systems, China’s Red Hacker brigades might disrupt trading, manipulate transactions, or skew reports and thereby incite a financial panic.

Finally, hackers can impact the real world by taking control of systems that control physical assets. For example, a team of Chinese cyberpatriots might shut down the electricity grid of New England to “punish” America for an action like welcoming the Dalai Lama to the White House or selling arms to Taiwan.

Beijing’s Dark Visitors Salute the Flag

Question: Under what circumstances will you perform a hack?128

Answer: If it is a matter that affects us internationally, then we will gather members to perform the attack.

—Chinese Hackers Talk Hacker information security conference

What all the major activities of China’s Red Hacker brigades have in common is that they are conducted at arm’s length and under the loose supervision of China’s Communist Party. Of course, the Party maintains its distance precisely so it can always issue a plausible denial for whatever outrage bubbles up to the surface—a bold hack on the Pentagon, the hijacking of a big chunk of the Internet for 18 minutes, an attack on Google’s source code, and so on.

But make no mistake about it. China’s so-called “hacktivist” militia would not exist but for the guiding hand of Beijing. As James Mulvenon at the Center for Intelligence Research and Analysis explains, “These young hackers are tolerated...provided129 that they do not conduct attacks inside of China. They are sort of useful idiots for the Beijing regime.”

“Useful idiots” indeed. While Los Angeles has its infamous “Crips” and “Bloods,” China’s hacktivist militia has organized into thousands of small groups with names like “Green Army Corps,” “the Crab Group,” and even all-girl ensembles like “Six Golden Flowers.” They work together to improve their skills, share tools and techniques, and inflame each other’s nationalistic passions. Combined, these cybergangs form an amorphous ideological-driven coalition with colorful names like the “Honkers.”

China even has hundreds of “hacking schools” to teach young computer whizzes the dark arts. Large professional ads for cyberespionage training and tools may be found in public places, and, says Wang Xianbing of hackerbase.com, they “teach students how to hack into unprotected computers130 and steal personal information.” Meanwhile, China’s central government allows groups like the China Hacker Union to openly operate and even keep business offices while ripping off foreigners—so long as they don’t hack into domestic Chinese sites or software.

Lest anyone doubt that China’s hacktivists operate under the protection of the central government, consider that China has the most heavily controlled and surveilled Internet in the world. The idea that any rogue hacker could exist for any extended period within China and beyond the reach of Beijing’s army of censors is patently absurd.

In fact, whenever a hacker group breaks Beijing’s biggest unwritten rule—never attack the Chinese government—retribution is swift and sure. For example, when several members of a hacker group131 exploited a hole in China’s Green Dam censorship software—an important tool used by Beijing to spy on Chinese Internet users—the hackers were promptly arrested. So, too, was a hacker from Hubei Province who, according to the China Daily, replaced “a picture of an official on a government website132 with a girl in a bikini.” This cyberprankster got off light by Chinese standards—only a year and a half in prison.

Of course, it is precisely these kinds of occasional crackdowns that keep China’s Red Hacker brigades focused on foreign institutions and governments. And these brigades can always be whipped up quickly into a nationalistic frenzy with just a wink and a nod from the Communist Party leadership.

Here’s just one “in your digital face” case in point: When Japanese Prime Minister Junichiro Koizumi visited the Yasukuni military memorial—which Chinese nationalists see as a temple for war criminals—Chinese hackers defaced the website of this Shinto shrine with a message signed, “the girl pissing on the Yasukuni toilet.”133 The Honkers Union then followed up with a wave of attacks134 on a dozen Japanese government sites, including the Fire and Disaster Management Agency and the Defense Facilities Administration Agency.

Now, can you imagine the response from the Chinese government if Japanese hackers had done something like that to China’s website for the Olympic games or to the computers of China’s Ministry of National Defense? And neither is it just Japan that must endure the periodic wrath of China’s cyber über nationalists. When the annual Melbourne film festival in Australia135 dared to screen a documentary about a Chinese Uyghur leader, Chinese hackers so damaged the website that online ticket sales became impossible.

Beijing’s Big League Hackers Take on Techno King Google

If Google with all its cyberresources and expertise136 is worried about keeping cyberspies out of its crown jewels—its source code—can other Fortune 500 companies reasonably expect to protect theirs?

—The Christian Science Monitor

To see into the devious mind of the Chinese hacker, it’s useful to examine more closely the infamous “Operation Aurora.” This was the systematic attack on one of the most sophisticated tech companies in the world—Google—along with more than 200 other American firms, from Adobe, Dow Chemical, and DuPont to Morgan Stanley and Northrup Grumman. It was also a hack conducted by what the security firm iDefense called “a single foreign entity consisting either of agents137 of the Chinese state or proxies thereof.”

In Operation Aurora, China’s “dark visitors”—a translation of the Chinese term for hacker, “heike”—set up a sophisticated cyberassault. They did so by first befriending employees of target firms via popular social networking sites like Facebook, Twitter, and LinkedIn. After initiating chat sessions, China’s cyberspies then lured their new social networking friends into visiting a photo-sharing site that was a front for a Chinese malware installer. Once firm employees took this bait, their computers were infected with viral code that captured and forwarded the employees’ usernames and passwords to the hackers. Beijing’s hacktivists then used this stolen information to access large amounts of valuable corporate data—including Google’s prized source code.

Of course, it wasn’t just Google’s source code the hackers were after. True to the Orwellian nature of the Chinese state,138 they also sought to access the Google email accounts of various Chinese human rights activists.

Predictably, the Chinese government denied culpability. However, an analysis of the Internet Protocol addresses of the perpetrators revealed they were from a college closely associated with the Chinese military. As an even more damning indictment of Communist Party complicity, WikiLeaks cables show that the specific attacks on Google “were orchestrated by a senior member of the Politburo139 who typed his own name into the global version of the search engine and found articles criticizing him personally.”

A Pattern of Violence

Beyond Operation Aurora, there have been numerous other instances of highly damaging Chinese cyberattacks. One groundbreaking case in point is the “Night Dragon” affair. This attack was uncovered by the Internet security firm, McAfee, and it was directed against major Western energy firms.

This attack was groundbreaking because it was not a typical hacker effort designed to steal credit card numbers or randomly damage servers. Rather, it was a carefully planned and executed plot140 to gain control of the computers and email accounts of top company executives, with the ultimate targets being critical internal documents on operations, finance, and bidding.

Why did the Chinese government want this information? Because it is of great value to China’s numerous state-owned enterprises competing globally against foreign rivals in the energy sector.

To understand the strategic objective of Night Dragon is to understand that China is indeed actively conducting economic warfare across the globe. In fact, hardly a month goes by now without another huge Chinese data burglary coming to light in America, Japan, Taiwan, or Europe.

We can only imagine how many plots have gone undetected and what the cost has been to Western and other Asian economies. And with each new and bold attack, it is becoming extremely difficult to understand why the governments of the United States, Europe, Japan, India, and other virtually assaulted nations don’t respond firmly to China’s cyberwarfare.

Hijacking the Global Internet for Who Knows What

For 18 minutes in April,141 China’s state-controlled telecommunications company hijacked 15% of the world’s Internet traffic, including data from U.S. military, civilian organizations, and those of other U.S. allies. This massive redirection of data has received scant attention in the mainstream media because the mechanics of how the hijacking was carried out and the implications of the incident are difficult for those outside the cybersecurity community to grasp.

—National Defense magazine

Yet another tool that China’s Red Hacker brigades have in their bag of tricks is so-called “route hijacking.” Using this technique, China has already brazenly demonstrated to the world its ability to seize control of a significant share of the global Internet.

Such route hijacking also illustrates the complicity of China’s state-owned enterprises in Beijing’s cyberwarfare campaigns. For example, by configuring their domestic Internet routers to falsely advertise a “shortcut” to potential Internet traffic, the state-owned firm China Telecom tricked a huge volume of data outside of China into being routed through its network. Of course, after this now infamous—but142143144 lightly reported—18-minute hijacking, the Chinese government coughed up the usual “Who me?” denial.

A DNS SOS on Chinese Hijacking

If you live outside of China145 and by chance query a root nameserver hosted in China, your queries will pass through what is known as The Great Firewall, potentially subjecting you to the same censorship imposed on Chinese citizens.

—Earl Zmijewski

Just what is Mr. Zmijewski talking about? It’s a problem known as DNS manipulation, and what it means is that China can now even censor Internet users outside its Great Firewall.

DNS is short for “Domain Name Services,” and it is these DNS entries that make up the “phonebook” of the Internet. DNS manipulation occurs when incomplete DNS data is used to block Internet users in other parts of the world from getting to websites that the Communist party has “unfriended.”

To see how China’s DNS manipulation has the potential to project its domestic censorship efforts beyond its borders, suppose you are a Facebook user in a country like the United States or Chile. At one point, you try to access Facebook, but you can’t get to the site. Maybe you figure there’s just too much Internet traffic and you’ll try later. But here is what might have really happened: Your query may have been routed to a Chinese server that claimed to replicate a “root” DNS server in Sweden. The problem, of course, is that the Chinese server146 only replicated the parts of the Internet that Big Brother in Beijing wanted people to see—and that didn’t include Facebook.

What such DNS manipulation means is that China’s Internet censorship now extends well beyond its borders; and the situation will only grow worse as China tries to claim more administrative authority on the Internet.

Nor is this is a small problem. Because of the global nature of the Internet, on any given day, it is entirely possible that your normal requests for Internet addresses may be routed through China. In fact, over half of the Internet networks worldwide query a Chinese DNS server in any given year. The likelihood of your requested site coming back as “not found” because of Chinese censorship is only increasing. This is because rather than opening the Internet more and more as China claims it is doing, its list of censored websites is actually ever-growing.

As a final observation on the dangers of China’s DNS manipulation, it was actively used in response to anti-government protests following the upheaval in Egypt. In fact, during this period of social unrest, DNS manipulation, along with other techniques, was used to block the business social networking site LinkedIn as well as searches and websites containing the words “Egypt,” “Jasmine,” and the name of the U.S. ambassador to China, “Huntsman.”

With tongue firmly in cheek, we strongly suggest China’s cybercops switch soon from a blacklist of websites to a “whitelist,” because the list of sites they allow to be visited might soon be smaller than the ones they block.

Is Hacking the Dalai Lama Bad Karma?

After a 10-month cyberespionage investigation,147 researchers have found 1,295 computers in 103 countries with software that is capable of stealing information from high-profile targets such as the Dalai Lama and government agencies around the world...The attacks have been traced back to computers in China.

—HotHardware.com

Besides stealing weapons systems from the Pentagon and industrial and military secrets from companies like DuPont, Northrop Grumman, and Google, China’s Red Hacker brigades can also be mobilized to help crush any dissent either within or outside of China’s borders. Just consider what happened to the computers of the exiled Dalai Lama and his supporters during protests in Tibet. In these attacks, so-called “phishing” emails were sent to both the Tibetan Government in Exile in Dharamsala, India as well as to offices in London and New York. The authentic-looking messages encouraged the recipients to open documents that were infected with a Trojan virus labeled the “Gh0st Rat.”

Once opened, Gh0st Rat took full control of the user’s Windows environment, replicated itself to other PCs, and began to scan the systems for documents that it then delivered to servers in Sichuan province, China. In some cases, the malware began to monitor the user’s keystrokes and may have even commandeered webcams and microphones to record and transmit conversations in the rooms of infected systems.

These Gh0st Rat hacks also infected computers in the foreign ministries and embassies of South Korea, India, Germany, and 100 other nations; and experts analyzing the attacks and working in the dark underground of Chinese hacking forums were able to trace the source to Chengdu and even to particular individuals at the University of Electronic Science and Technology. Of course, the Chinese government took no action to stop the cyberattacks, much less locate the perpetrators. Nor did Beijing offer any response short of the usual denials.

Again, we must ask: Why are the governments of countries like the United States, India, and Japan putting up with these blatant acts of cyberwarfare?

The Manchurian Candidate Has a Chip in His Shoulder

Computer hackers in China...have148 penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast.

—The National Journal

Just consider this scenario: A Chinese engineer designs a remote control “backdoor” into a computer’s operating system or, alternatively, a “kill switch” into a complex, custom computer chip that is not obviously detectable. China then exports these secretly embedded “Manchurian” chips and backdoors to the United States, where they become part of larger systems that perform their normal functions.

Meanwhile, just as in the movie The Manchurian Candidate, these Manchurian devices await some kind of signal that allows Beijing to either shut down or take control of the equipment—perhaps a critical system like an electricity grid, a metropolitan subway system, or a GPS tracking device.

Lest you think this is science fiction, planting such Manchurian chips is remarkably easy to do—particularly by a country that has become the world’s factory floor. Planting such bugs in computers is easy because modern software programs can have millions of lines of code. Embedding Manchurian instructions in microchips for our computers and phones and iPods—and security systems!—is equally easy because such chips can contain hundreds of millions of logic gates in which to hide a digital surprise.

Now, if you doubt such things can actually sneak by inspection, we’ve got news for you. Software engineers and chip designers hide things in their work all the time just for kicks. A classic example is that of a Merlin the magician insert; it pops up whenever an arcane series of actions are taken in Adobe Photoshop. Even the main character from the book Where’s Waldo?149 was rendered at a mere 30 microns onto a microprocessor by a prankster engineer.

The broader point is that finding such Manchurian surprises in a source code or computer chip isn’t generally part of the quality assurance process used to test subcomponents from China. All inspectors try to do—even military inspectors—is ensure that when you take the product out of the box, it behaves within the specifications that it was designed to operate in. As Princeton electrical engineering professor Ruby Lee has explained, “You don’t check for the infinite possible things150 that are not specified.”

The fact that Chinese hackers have the capability to implant Manchurian chips is particularly distressing because most computers today from Hewlett-Packard, Dell, and Apple are now made in China—in fact, most of them are assembled at the same mega-factory in Shenzhen. Moreover, China is where your very own Windows or Mac operating system was most likely loaded—along with many other software application programs you may use.

Again, we want to stress that this is not some X-Files fantasy or off-the-wall conspiracy theory. In fact, America itself pioneered precisely this kind of Manchurian chip warfare long ago during the Cold War with the Soviet Union. And here’s a classic case in point.

According to the CIA’s own website, President Reagan personally informed the CIA of a valuable KGB double agent known as “Farewell” who had revealed how the Soviets were obtaining important Western technology. Instead of simply shutting off the leaks, policy advisor Gus Weiss devised a clever ruse, the result of which was to plant “contrived computer chips”151 into Soviet military equipment.

That these kinds of contrived Manchurian chips can cause great damage is illustrated by what has been described as the largest non-nuclear explosion in history. It occurred in 1982 when a remote section of the Soviet Union’s vital Trans-Siberian Pipeline exploded into a huge fireball. It was subsequently revealed that the cause of this blast was bogus pipeline control software that CIA counterintelligence had first sabotaged and then intentionally left for the Soviets to “steal” from a Canadian firm. How’s that for clever?

Writ large, the CIA-engineered Trans Siberian explosion is the poster child for the dark art of escalating cyberdamage into the real world. With more and more computers configured as the semi-autonomous controllers of everything from medical infusion pumps to nuclear power plants, human lives are becoming increasingly dependent on silicon and software.

In fact, Beijing’s hacktivists may already have destabilized our national electricity grid not once but several times. According to the National Journal, there is evidence that a Chinese hacker may have helped trigger “the largest blackout in North American history,”152 one in which an estimated 50 million people were affected.

More broadly, according to a senior U.S. intelligence official quoted in The Wall Street Journal, “the Chinese have attempted to map our infrastructure,153 such as the electrical grid,” and these infiltrations have left behind software “that could be used to destroy infrastructure components.” There is no doubt in this official’s mind that “if we go to war with them, they will try to turn them on.”

Our point, then, is a simple one: Manchurian chips are all too real. With so many American companies moving so much of our computer hardware and software production—and even research and development—right into the heart of China, we may very well be setting ourselves up not just for importing Chinese products but a wide array of Manchurian chips.

In weighing all the ever-mounting evidence on Chinese cyberwarfare and espionage, the ultimate policy question is whether we are going to consider China’s “hacks” as the acts of war they really are—or whether we are simply going to keep sticking our heads in the sand and see no Red Hacker brigade evil. In considering that question, please remember the warning of General James Cartwright, the former head of U.S. Strategic Command and former vice chairman of the Joint Chiefs of Staff. To Cartwright, the impacts of a well-executed and broadly based cyberattack “could, in fact, be in the magnitude154 of a weapon of mass destruction.”