Chinese Government Hack Caught On TV

The Chinese government has always denied it hacks western targets but a new video shows otherwise

There are likely to be red faces in Chinese government, after video footage showed Chinese military systems hacking a US target.

So said F-Secure chief research officer Mikko Hyppönen in a blog posting. Hyppönen spotted the video footage of the alleged hack during a Chinese military TV documentary.

“On 17th of July, a military documentary program titled “Military Technology: Internet Storm is Coming” was published on the Government-run TV channel CCTV 7, Military and Agriculture (at military.cntv.cn),” explained Hyppönen.

Video Footage

“The program seems to be a fairly standard 20-minute TV documentary about the potential and risks of cyber warfare,” he wrote. “However, while they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a US target.”

“This is highly unusual. The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it,” wrote Hyppönen.

He then backed this up by posting the video of the alleged hack on his blog (viewers need to fast forward to around 13 minutes in the video to see the hack).. He linked to CCTV7’s video site as  well, but warned: “we don’t expect the program to stay online for long.”

Indeed, when eWEEK Europe UK followed the link, the video footage no longer showed the Chinese military software conducting a hack, but instead it contained new generic video footage. The original video can still however be seen on the F-Secure blog.

Chinese Military

So what does the footage actually show? Well essentially it shows a computer screen running software belonging to the People’s Liberation Army Information Engineering University (a Chinese military institution).

F-Secure provided a rough translation of the text shown in the dialogue box of the Chinese software, which indicates that Chinese hackers are given a choice of attack destinations, including target IP addresses belonging to the Falun Gong or Falun Dafa, a religious movement outlawed in China.

“In particular, the attack is launched against an IP address, 138.26.72.17, which belongs to a US University,” wrote Hyppönen. “What kind of an attack is launched remains unclear. But already the existence of such software with such targets is breaking news.”

Under Suspicion

The Chinese government has long been viewed by by western governments as being the force behind cyber attacks against western targets.

In early 2010 a diplomatic incident was triggered when Google threatened to withdraw from China because of damaging attacks dubbed Operation Aurora against it during 2009.

The US Secretary of State Hillary Clinton used a speech to call on the Chinese government to conduct a thorough and transparent inquiry into the matter, despite the Chinese government repeatedly denying any involvement. The Chinese typically responded angrily to Clinton’s speech.

And the matter did not end there. As recently as this June Google revealed a large-scale, spear-phishing attack on Gmail, focused on government officials and activists. Also American defence contractors have been targets. Unknown attackers have also breached Department of Energy’s Oak Ridge National Laboratory and defence contractor Lockheed Martin this spring.

Chinese Denials

The Chinese government for its part has always vehemently denied any involvement in these attacks, a denial that rings somewhat hollow considering the video footage. Earlier this month China even linked US IP addresses to increased cyber-attacks on its websites.

That said, it could be that Western nations are not innocent of hacking charges. Iran for example recently accused the US and Israel of attacks including the StuxNet worm.

In the UK defence secretary Dr Liam Fox has previously warned that Britain is under constant attack from hackers, and that last year 1,000 potentially serious offensives were blocked. In May the British government also acknowledged it had begun work on a “toolbox” of offensive cyber-weapons to complement its existing defensive capabilities.

Earlier this month a former CIA counter-terrorism expert told Black Hat attendees that a major cyber-attack was imminent.