Experts: China TV programme shows government cyber-attack

Although footage from a China state TV programme may be more than a decade old, or even a simulation, some analysts say it's a "smoking cursor" - the first evidence that China mounts, or at the very least intends to mount, cyber-attacks overseas.

BEIJING // Producers of a Saturday evening show on China's state televison may have inadvertently provided proof that the country's military engages in cyber-attacks on foreign targets, an accusation that the government has always strenuously denied.

The 20-minute program entitled, The Internet Storm is Coming was intended to portray China as a victim of foreign aggression in cyberspace, but it included a six-second clip that seemed to show software designed by a Chinese military institute launching an attack on a website based in the United States.

Although the footage may be more than a decade old, or even a simulation, some analysts have hailed it as a "smoking cursor" - the first publically available evidence that China mounts, or at the very least intends to mount, cyber-attacks on entities overseas.

"However modest, ambiguous and - from China's perspective, defensive — this is possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing's official claims never to engage in overseas hacking of any kind for government purposes," Andrew Erickson and Gabe Collins, two experts on the Chinese military, wrote in a report published on Wednesday in The Diplomat, an online newsletter.

The publicity about the footage comes during period of increased tension between the US and China over the issue of cyber security, after several high-profile US companies including Lockheed Martin, Google and even the Pentagon, were all hacked this summer in attacks that that many US officials say originated in China.

Earlier this year, McAfee, a US-based computer security company, said that hackers who appeared to based in China had carried out a campaign of espionage against five multinational energy firms. Last year, Canadian experts unearthed evidence of Chinese attacks on the Tibetan government in exile and the offices of the German chancellor.

Last month, in response to such attacks, the Pentagon released its first cyber-strategy, a document which paves the way for the US to respond to aggressive and destabilising acts of computer sabotage from abroad with conventional military force.

But while the US insists the new strategy is defensive, China has interpreted it as an act of aggression.

The Internet Storm is Coming was originally broadcast on July 16, two days after the Pentagon published the document. However, the program, which aired on CCTV-7, China's official channel for military and agricultural issues, only drew wide attention after the publication this week of the article by Dr Erickson and Mr Collins. The former is an associate professor at the US Naval War College; the latter, a commodity and security specialist focused on China and Russia.

At one point, the narrator says the US has turned "the world wide web into a powder keg, which is ready to go in a flash."

Yet what interests the analysts is not the rhetoric but the six-second segment in the program that purports to show a Distributed Denial of Service (DDOS) attack being launched against a website in the US belonging to Falun Gong - a spiritual movement which the Chinese government banned in 1999 and whose practitioners have been viewed as subversives ever since.

The footage appears to show a human operated cursor on a flickering blue screen selecting the a DDOS attack, which works by bombarding websites with requests for huge amounts of data.

The next shot then shows a cursor being used to choose a target from an list of sites embedded in a piece of software labeled " Attack system . . . Electrical Engineering Institute of the People's Liberation Army".

The operator finally selects the website - the main site of Falun Gong - and then presses the button "Attack". The other options visible are also all Falun Gong websites in the US.

The IP address selected for the attack is - - which is registered to the University of Alabama in Birmingham, according to websites that trace IP addresses.

The university has also confirmed that the IP address belonged to a website that was decommissioned in 2001 because it had been created in violation of the school's rules.

This backs up the suggestion by Dr Erickson and Mr Collins that the footage - if real - is probably more than a decade old because of the rudimentary nature of software and because the targeting of Falun Gong corresponds with a well documented series of government attacks on the group's websites around that time.

"In viewing this summer's CCTV-7 footage, then, we are quite possibly afforded a peek into relatively unsophisticated techniques from a decade ago. It certainly looks like a 'smoking cursor', albeit a relatively modest one," the authors said.

"China undoubtedly has far superior capabilities at its disposal today," they added.

CCTV-7 refused to comment on the footage but earlier this year China's defense ministry admitted for the first time that it maintains a 30-man cyber-defense unit called the "Blue Army" to protect itself against hacking.

The documentary was still available on the CCTV-7 website until Wednesday but it had been taken down by yesterday morning.

Speaking in the programme, Col. Du Wenlong, a researcher at the Chinese army's Academy of Military Sciences, said that cyberspace had become "the foundation of military operations, the foundation of winning wars".

He added: "Peace time and wartime are not divided in online combat, neither does online combat have a front line."

Published: August 26, 2011 04:00 AM


Editor's Picks
Sign up to:

* Please select one