Clues on US cyber capabilities

A lot has been made of China’s hacking capabilities recently, with everyone from the White House to the China weighing in. Yet what the US is capable of remains a mystery. A couple details that emerged from the China-hacking-of-ASIO story provide some hints, and they suggest the US has had its way with the Shanghai cyberspying unit that’s been in the news.

An Australian politician this week referenced the location of the stolen Australian Security Intelligence Organisation plans as place in China where there was a lot of other hacking.

Asked if he was in doubt about China’s role in the cybertheft of the blueprints to Australia’s intelligence organization, Nationals Senator Barnaby Joyce replied: “That’s where the server was. And the server was in a typical place where they’ve been doing a lot of other hacking.” (25:40)

I assume Joyce is privy to more in-depth knowledge of the attack than the public, perhaps through the briefing the Opposition received after the attack.

Joyce’s comments follow a tidbit contained in the original report that said the details of the ASIO hack were provided to Canberra by a friendly government.

Four Corners [the ABC program] has leaned that breach of the [Australian] Defence Department only came to light by chance. During an intelligence operation against China, a friendly nation, possibly the US, discovered information from the classified Australian document in an assessment produced by the Chinese military.

If the US is the “friendly nation” conducting an operation against China that produced the information about Australia, and the server in China “was in a typical place” where the Chinese have been doing a lot of hacking, it would all suggest it was the Shanghai building that houses PLA Unit 61398, which was exposed by the NYTimes report on Mandiant.

Of course, it’s possible that the US is not the friendly nation. Other reports suggested China’s cyberspying of the ASIO plans occurred as far back as 2009, which means this has been going on for a while. There are also other active sites for China’s hacking.

But from an English-speaking perspective, Shanghai would most likely be the city where the hacking originated, if it’s the same location of hacking of other English-language countries.

A US-based Project2049 report breaks down Chinese cyber units by function.

Second Bureau (61398 Unit). The Second Bureau appears to function as the Third Department‘s premier entity targeting the United States and Canada, most likely focusing on political, economic, and military-related intelligence. Subordinate offices are concentrated in Shanghai, although one may be in the Kunming vicinity.

By contrast, China’s hacking of Japan and Korea seems to come from Qingdao, the same report states. And yes, China expects US attempts to infiltrate Chinese servers.

Chinese analysts believe that the United States is already carrying out extensive computer network exploitation activities against Chinese servers. Therefore, from the Chinese perspective, defending computer networks must be the highest priority in peacetime.

Australian politician asks for cyberspying regulation pact

Australia’s shadow communication minister, Liberal, Malcolm Turnbull has said he wants to propose a “new global pact to regulate cyberspying” in the wake of reports of further Chinese cyberspying in Australia and the US. 

Two things worth noting: Turnbull’s party is expected to win Australia’s federal elections in September.

The other thing is that Turnbull has previously voiced support for giving Chinese telecommunication Huawei –  blocked from national bids in Australia and the US – another chance, if and when the Liberals are returned to power. Huawei was blocked from participating in Australia’s national broadband network.

From the WSJ piece: “If the Chinese complain that they are being hacked, and they probably are, the argument is, well, we all have the capacity to hack each other, shouldn’t we be agreeing on some ground rules and it being in our mutual best interest to ensure that it doesn’t happen?” he said. 

The idea of ground rules is something the US government has long advocated for. Watch this space. 

Is China’s hacking of Australia’s intelligence service a form of coercion?

The Prime Minister and Attorney General of Australia say the report about the departments of Prime Minister and Cabinet, Foreign Affairs, Defence and Australia’s intelligence service   being hacked by China are “inaccurate.” The problem for any reporting on this subject is how hard it is to confirm. A server being accessed surreptitiously to gain information – a “cyberattack” or “cyberhack” in the media’s parlance – looks no different than a server going about it’s business undisturbed. Unless, of course, it’s a disruptive attack, like the sort aimed against US banks and gulf state refineries. Even in that case, it might just look like a terminal of a computer that doesn’t work. In other words, reporters have to rely on many off-the-record conversations and many peeks at documents they can’t quote from, etc, in order to report the story. So there is always the possibility that China, the source of so much cyber espionage, has wrongly been blamed.

…But based on the ABC’s reporting, I don’t think so. China denies it, of course. 

The other major thing that stands out for me is the response from Australia. This ASIO-hack story comes less than two months after China and Australia agreed to deepen their diplomatic relationship in a “historic” meeting. The Australian PM, Julia Gillard, and a large entourage of officials met with China’s new leadership. Bands played national anthems. Business heads met, although it turns out some of them may not have been aware they were being hosted by an arm of China’s intelligence.

In any case, the government’s response that the report is “inaccurate” could just be diplomatic politeness. If it is just politeness, the question is: who are the politicians covering for? Are they covering for a domestic audience, or an international one? If the Chinese were responsible, why would the Australian foreign minister assure that it won’t hurt the Australia-China relationship? It’s almost as if one country already has massive leverage over the other. It brings to mind those words in the Defence White Paper about Australia’s national security interests being based on protecting Australia’s sovereignty – “which includes freedom from coercion by other states.”