BEIJING – Following the high-profile news that Google had allegedly been hacked in China in 2010, U.S. Secretary of State Hillary Clinton pointedly responded in a statement: “We look to the Chinese government for an explanation.”
CCTV-7 is China Central Television's military and agricultural focused channel.
China’s response at the time was: "Accusations that the Chinese government participated in cyber attacks, either in an explicit or inexplicit way, is groundless and aims to denigrate China.”
Over the years, Beijing has consistently faced widespread accusations of hacking – albeit based almost completely on circumstantial evidence. Some of the allegations are that the central government is either actively engaged in, or contracts out to civilians, the job of hacking American defense and corporate servers in order to raid valuable U.S. defense and business trade secrets.
China has always voraciously denied such allegations, claiming that its state Internet intentions were “transparent and consistent” and that efforts to link the country to hacking was merely an attempt to smear the mainland. Last year, Chinese digital security officials went so far as to even play the victim, claiming 60 percent of its Netizens have been hacked and 30 percent have had passwords stolen.
Which is why it came as a surprise this week that China’s state broadcaster, CCTV, debuted a 20-minute documentary last month on its military channel (CCTV-7) entitled, “Military Technology: Internet Storm is Coming,” which may have inadvertently shown custom designed hacking software.
How to hack advice
Thirteen minuts into the broadcast, the story shows footage of a computer screen as a user appears to open a hacking program known as a DDOS, or "distributed denial-of-service.” A DDOS is a simple hacking tool that swamps websites with data in order to disable them. During the show, when the computer program opens, the viewer is presented with a series of options as well as a list of “targets” to attack.
The video has since been pulled off the CCTV website but was still available to watch on YouTube (see below, 35 seconds into start of video). The channel’s website and Sina Weibo account made no comment on the matter. A translation of the program’s options and text is below (hat tip to Shanghaiist for the link).
A screen grab of the DDOS program employed is seen above. The translated lines of text (by line) are:
1)People's Liberation Army Information Engineering University
2) Select Attack Destinations
4) List of Falun Gong sites:
5)Falun Dafa in North America
6)Falun Dafa web site
7) Meng Hui web site
8)Witnesses of Falun Gong web site 1
9) Witnesses of Falun Gong web site 2
10) ATTACK CANCEL
A ‘smoking cursor?’
The authenticity and functionality of the alleged hacking program is of course open to debate, but the fact that hacking software with an obvious offensive capability was shown on state television raises important questions regarding the reasons behind the software’s inclusion in the report.
Given China’s resolute steadfastness that it is not involved in state sanctioned hacking and the overall tone of the documentary that generally supported that argument, it is entirely likely that the footage found its way into the piece simply because the editor was unaware of the political significance and repercussions of such video being seen by foreign viewers.
In a post on his online research newsletter, China SignPost, Dr. Andrew S. Erickson, an associate professor at the U.S. Naval War College's China Maritime Studies Institute, suggested that the program was a “smoking cursor” or proof of the existence of Chinese offensive hacking software. However, in the case of this program, Erickson suggests that the software may have been a decade old and part of stock footage given to the producers of the show by the PLA:
Perhaps the least unlikely explanation is that program producers sought specific footage to document specific cyber attack techniques. For reasons of Chinese pride, and perhaps PLA assertiveness, they wanted to show that China could do something itself in the face of perceived threats. Falun Gong, particularly despised by Beijing, offered a politically-correct and “morally justified” target even for ideologically dubious techniques. Footage from previous interviews and interaction with the PLA Electronic Engineering Institute may have happened to be available in convenient form, and met visual requirements…
Perhaps most importantly, the CCTV-7 software contents appear to correlate so closely with a set of attacks that China is alleged to have engaged in a decade ago that their construction would appear to be tedious for the production schedule of a major weekly television program.
Regardless of whether the software is real or not, the presentation of offensive hacking capabilities put together by PLA research institutes presents for Beijing the unwelcome perception the government is actively involved in cyber-warfare.
The timing of this revelation is troublesome as it comes months after the U.S. announced a new cyber strategy that advocated responding with military force to foreign cyber attacks. Or as one military official put it at the time: "If you shut down our power grid, maybe we will put a missile down one of your smokestacks."
It also comes on the heels of the release of the Pentagon’s annual report on China’s military forces, which argued the mainland was “steadily closing the technological gap with modern armed forces.”