« Press Complaints Commission & Espionage cases | Main | Compulsory universal national DNA database "debate" »

Titan Rain - is there any evidence of actual Chinese government cyber attacks on the United Kingdom ?

Following on from the media reports that the German Chancellor Angela Merkel about email malware targeted at German government computer systems when she visited the Chinese communist regime in Beijing, on Monday, the Financial Times reported vague or anonymous US reports about an allegedly similar campaign targeting the US Defense Department bureaucracy, dubbed "Titan Rain".

Subsequently, on Tuesday the Financial Times reported via Reuters that the Chinese government denied all such accusations ("well, they would, wouldn't they ?" ),

Wednesday's The Guardian had its front page dominated by the headline: Titan Rain - How Chinese hackers targeted Whitehall, a story which relied on Royal United Services Institute people and anonymous Whitehall sources, which claims that the UK central Government and presumably other non-governmental parts of the Critical National Infrastructure had also been targeted allegedly by the Chinese People's Liberation Army.

So where is the actual evidence that these are either co-ordinated cyberspace attacks or that they are really by the Chinese communist People's Liberation Army ?

If such Chinese military spying via cyberspace is true, then why is it not being treated at least as seriously as the resumption of Russian cold-war style attempts to penetrate United Kingdom airspace with military bomber reconnaissance aircraft ?

Surely the Whitehall bureaucrats and spin doctors do not trust "evidence" such as DNS or network lookups from email headers, which appear to point to, say, a Chinese academic institution or commercial ISP service ? Does that really means that no other countries could be using such computers as cut out bastion hosts, to obscure the real source of such alleged attacks, something which is bog standard practice for phishers and spammers, many of whom are actually Americans or Russians ?

To be convinced of actual PLA involvement, we would have to see far more than say, a list of IP addresses, such as those which allege US National Security Agency involvement, which are dubiously published without any critical analysis, on Cryptome, which misleadingly claim that whole class B address ranges are somehow involved espionage activities.

Is there any other evidence which ties in the Chinese PLA to such alleged internet spying attacks ?

The Chinese Ambassador in London does not appear to have been sent for and given a stiff Diplomatic Note by Foreign Secretary David Miliband.

There have been no expulsions of Chinese diplomats from the UK.

There do not appear to be any UK Government threats to boycott the Beijing Olympic Games next year, over this alleged cyberspace spying affair, even though that might be the moral thing to do anyway, simply on human rights grounds.

There do not seem to be any alerts or warnings from the UK Government's Computer Emergency Response Team GovCertUK .

There is no warning about any new, custom written Chinese malware from the people based in MI5 the Security Service, who are meant to guard the UK's Critical National Infrastructure, the Centre for the Protection of National Infrastructure

If there is a prototype version of a William Gibson Neuromancer style "Chinese military ICEbreaker" then has its threat to the rest of the United Kingdom's internet users been neutralised, by giving the details to the commercial anti-virus and anti-spyware industries, or is all still a "secret" ?

'What is this thing? he asked the Hosaka. 'Parcel for me.'

'Data transfer from Bockris Systems GmbH, Frankfurt, under coded transmission, that content of shipment is Kuang Grade Mark Eleven penetration program. Bockris further advises that interface with Ono-Sendai Cyberspace 7 is entirely compatible and yields optimal penetration capabilities, particularly with regard to existing military systems...'

'How about an AI?'

'Existing military systems and artificial intelligences.'

'Jesus Christ. What did you call it?'

'Kuang Grade Mark Eleven'

'It's Chinese?'



Thursday's Guardian has another report, >Cover-up allegation over Chinese hackers with quotations from Labour MP Andrew MacKinlay and Conservative Home Affairs spokesman David Davis, echoing how serious this incident is if true, and bemoaning the UK Labour government appeasement of Chinese communists and their communist style secrecy and coverup.

The FO declined to discuss the attacks, saying only: "We do not comment on security issues." However, well-placed government officials yesterday confirmed the Guardian report, though they would not say what other Whitehall departments had been attacked by China.


In response to a parliamentary question tabled by Mr MacKinlay last year, the then home secretary, Charles Clarke, revealed that the National Infrastructure Coordination Centre had issued a warning in 2005 of "concerted Trojan email attacks from the far east against UK government and business interests". He said the scale of the attacks as "almost industrial".

Written answers Monday, 13 February 2006, Home Department, Internet (China)

Mr MacKinlay last year told Mr Straw: "I cannot help feeling that the Chinese government authorities are either the inspirers of this or with full knowledge and with full consent allowed this to happen from China and that for wider foreign policy reasons your department ... do not want this raised."

Mr Straw replied: "You will have to excuse me, but I am not intending to add to anything I have already said on this issue, which I know is not a great deal."

In a later Commons debate, a member of the parliamentary intelligence and security committee confirmed that it had been briefed on the issue, but declined to comment on it in relation to China.

Asked if ministers were concerned about individuals or countries hacking into computer systems, the prime minister's spokesman said: "The government has in place procedures and mechanisms to deal with these sorts of issues."

David Davis, the shadow home secretary, said in a statement: "This is extremely serious and would be even more so if the Chinese military was involved. It could affect the security and privacy of every British citizen."

So when will some Chinese hackers be extradited to face British justice here in the United Kingdom ?


As usual, there is some interesting and insightful analysis from The Yorkshire Ranter, which puts the mainstream media to shame.


Lady Dame Jane Pauline Neville Jones Fan Club mongering a little fear and paranoia late night in the RUSI Mess bar.

Guradian have to misprint something on the front page.

Internet Espionage: The China Cyber Army

Since 2003 Sept, we have found first big scale intrusion event, the victim
is the National Police Agency, attacked by at least 2 groups of china hackers,
from HuBei and JianSu.

2003 Oct. Taiwan Military Missile Plan Leakage.
2004 Jan, Executive Yuan 300+ PC compromised.
2004 Apr. Fake Official Dept. E-mail with Trojan found
2004 Sep. Ministry of Foreign Affairs and embassy compromised.
2004 Nov. DPP compromised.
2005 May. Big scale: Gov, High-Tech,on-line banking, Science Park(200+ companies compromised)
2005 Jul. Ministry of Foreign Affairs again.
2005 Sep. National Security council compromised.
2005 Nov. Military Central Command compromised.
2006 Mar. Legislative Yaun, Reporters compromised.
2007 Apr. Military Operation plan leakage due to USB data collect backdoor.

There are a least 8 China Hacker Groups. we call them as HuBei Jun(Jun for military troop)
ShangHai Jun, Beijing/TienJing Jun, GuoDong Jun, FuJian Jun, SiChuan Jun, JianSu Jun, SiAnn Jun.

Through incidents handling and investigation with law enforcements,
we found some evidences to prove the china hackers (targeted attack/ spearing phishing)
were come from government (military,intelligent dept and public security).

We have inspect the tools, from the begining trojaned e-mail, backdoor, and realy tools in the way stations.
At first, using Microsoft word (*.doc) file with exploit, to drop backdoors or download spyware from other way stations.
And the backdoor connect back to way station, when hacker came from China (fixed IP or ADSL) to remote controlling victims.

What they want is to collect the contact list files (outlook, MSN ...) to build a huge database about relationships for future use,
from the contact list, hackers can send a 'well-make' trojaned mail to the others in the contact list, then victims
will trust the e-mail's subject and fake e-mail source, open it and been compromised. And, periodically jump back to collect the lastest
documents in all file types. Even steal your mail account to have a copy of your mail boxes.

From the official document shows, the cyber operation was directly sponsored or supported by General Staff Department Sec. Four. And the evidences shows they:

(1) Organized: have principle, formal check-in/out time,
in our domain name (used by backdoor) observations, they start to work at 0700 GMT+8 Round 1, 1150 Lunch, 1400 Round 2, 1730 Take a break,
then, depends on group, have night team, to hack foreign countries.

(2) the Tools. not common seen in public Internet .
some hacker groups using the same military produced/purchased hacking tools.

(3) the source IP we sniffer from incident handling, can be directly mapping to military regions of China.

the story is on going everyday!

Next Time.. we will announce who they are.

@ Charlie Chen - interesting, but you need much more than just an IP address apparently from a particular fixed IP or ADSL range allocation to prove official People's Liberation Army involvement.

How do you tell that these are not "zombie" infected machine, controlled from somewhere else on the internet, by amateurs, by criminals or by other intelligence agencies ?

Taking a break for lunch, could simply be due to the infected PC going into power saving standby mode, when the ignorant user goes to lunch, unaware of what his PC is really doing in the background

Why have Taiwanese government systems been so vulnerable, for such a long time ?

Did you pass on the details of the email trojans etc. to the anti-virus and anti-spyware companies, so that the rest of the world might have some measure of protection against them, or are they still being kept secret ?

Chinese Military Hackers Attack Foreign Government Computers?
By Xu Wu


Post a comment