Original URL: http://www.theregister.co.uk/2007/09/10/chinese_military_net_attack_circus_rolls_on/

The Times: PLA war-hackers can switch off US navy

Yellow Peril causes wet knickers among excited scribes

By Lewis Page

Posted in Security, 10th September 2007 15:11 GMT

Unnamed Pentagon figures continue to get big ink for their thesis that Chinese military cyber assault is a threat of trouser-moistening magnitude. Last week's media bandwagon, initiated after Financial Times hacks in Washington obligingly got things rolling, is now thundering along unstoppably as foaming tech-dunce scribes pile aboard.

On Friday it was The Times' turn to play ventriloquist's dummy.

"Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times," says the Thunderer.

Crikey - the aircraft battle carrier fleet, eh? (A rather excitable way, one might take it, of referring to one or more US carrier battle groups; each group consisting of a carrier plus supporting vessels. It's true that China doesn't like carrier groups, as they could interfere very seriously with any attempt to invade Taiwan.)

Anyway - a carrier fleet, or something - disabled by a devastating cyber attack? That sounds pretty scary. Normally if you were going to "disable" a US Navy carrier group you'd want an enormous air or submarine force, and/or a load of hypersonic missiles, or maybe a very large nuclear bomb; something pretty damn major. Truly, this would be a "devastating cyber attack," indeed.

And this is quality information. It's in a "Pentagon report obtained by The Times." That has to mean a serious intelligence document, surely - probably mega secret poop, the kind of thing that the US top brass rely on. It'll be pukka intel based on spy satellite intercept, maybe; or reports from undercover agents in China. Information that ordinary folk seldom see or even get to hear of, unless they're bigshot Times hacks.

Or, you know, it could be a load of old cobblers that's been kicking about in the public domain for years.

"The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping," says The Times.

How on Earth did the "Pentagon" spooks get hold of the Yellow Peril's "devastating" new "cyber attack" plan, apparently capable of reducing a hundred billion dollarsworth of sea-going hardware to an irrelevance? If the Commies had something like that they'd keep it pretty secret - you'd think. The American spies who wrote the report "obtained" by The Times must have had to do something pretty amazing to get hold of the secret Chinese plans.

Or maybe not, as in fact the "cyber attack plan" is a chapter in a technical reference book, openly produced by the Chinese academic press. Tactical Datalinks in Information Warfare was published by the Beijing Post and Telecommunications College Press in 2005.

So actually the Pentagon spies just had to buy a copy of it.

American spooks might have done that back in 2005; but if so they aren't telling. However, someone who is telling is Dr Larry Wortzel, author of the "Pentagon report" obtained by The Times. Who is Wortzel? Some kind of super-brainy Pentagon computer analyst nerd, probably. The one in the movie who gets bullied by the macho special-ops guys: but by God, he knows his computer stuff.

Or, as we have here, a retired colonel with a PhD in political science from the University of Hawaii, who has also worked at Conservative Washington thinktanks. But he's written lots of books and stuff about China; and he's read Tactical Datalinks in Information Warfare. It's terrifying stuff, he says:

"Sun Yiming and Yang Liping... have carefully consulted dozens of corporate websites and... technical manuals, to produce a virtual guidebook for electronic warfare and jamming to disrupt critical US... communications, computers, and intelligence..."

The inscrutable little fiends! They've looked at our God-damn websites! And our tech manuals, which we often publish openly! Aiee!

Well, that's it. The US Seventh Fleet may as well pack up and go home; a couple of PLA guys have done a Google search and written a book. All the hundreds of intensively trained electronic warfare guys in each fleet, and all their billion-dollar, triply-encrypted megawatt deathware have been sidestepped. And bizarrely, the PLA have chosen to publish their cyber attack plan to the world.

This is, not to put too fine a point on it, crap. The PLA have next to no chance of seriously threatening the US navy any time soon. And if they did, they'd scarcely publicise their methods. And if that happened, you'd scarcely expect the Pentagon to be relying on political-science thinktank blowhards to analyse such a deeply technical matter for them. And then, supposing all of that had occurred, you wouldn't think the American brass would let their important intel get handed out to the British press.

Again, they didn't. The "Pentagon report obtained by The Times" is a chapter written by Wortzel in a paper published last week by the Strategic Studies Institute of the US Army war college. The Institute is a defence-talking shop similar in nature to the UK's Royal College of Defence Studies: a place where senior government types go to have seminars and do courses and so on. In his screed, Wortzel cut-and-pastes in the same text on Yiming and Liping's book that he used in a previous mongraph of his last May, discussing the Chinese nuclear forces. Those two Chinamen will do to big up any threat you like, it seems.

OK, theoretically this is a "Pentagon report," as the Institute is Pentagon-funded. The Reg has "obtained" the document too, by downloading it (pdf - page 197). It would be a lot more honest, though, to call it an essay, or a whitepaper, or a load of old strat-studies waffle.

So let's just run that first Times paragraph through the translator.

"Chinese military technicians wrote a book on electronic warfare two years ago, according to a bloke with a PhD in politics. We downloaded some of his stuff. He reckons the Chinese are getting more tech savvy."

That's pretty weak. So is the rest of the piece:

"The Pentagon logged more than 79,000 attempted intrusions in 2005 ... The Pentagon uses more than 5 million [networked] computers."

That seems to be about 0.01 attempted intrusions per computer per year: an unbelievably low figure. If it's actually true, the US military can relax.

The "cyber war" against Estonia last February gets trotted out yet again, too. "A massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation," says the The Times. Blimey, yes; there's nothing north of Latvia but ruins, nowadays.

Apparently Linton Wells, "the chief computer networks official at the Pentagon," said that the Estonia attacks “may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society".

That seems to be true; many people are actually becoming less aware of the world around us, and bumbling off into some cloud-cuckoo land where the PLA can switch off a carrier strike force at the click of a mouse. This problem is probably most widespread among Times readers.®