The nature of U.S. government data targeted for ‘exfiltration’ by...

Northrop Grumman, the report said Chinese military strategists have “come to view information dominance as the precursor for overall success in a conflict.” The strategy drives the People’s Liberation Army to develop “more comprehensive computer network exploitation techniques” that can be used to create “blind spots.” Those are parts of a system that can be exploited at “predetermined times or as the tactical situation warranted.” Such attacks will be “widely employed in the earliest phases of a conflict, and possibly preemptively against an enemy’s information systems.” The PLA is reaching out to commercial industry, academic and “possibly select elements of China’s hacker community” to staff its cyber-intrusion missions, the report said. It cited “limited cases of apparent collaboration between more elite individual hackers and the [government’s] civilian security services.” China is using “disciplined, standardized operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks and an ability to sustain activities inside targeted networks, sometimes over a period of months,” the report said. Analysis of intrusions suggests that Chinese black-hat hackers involved in illegal activities are being tapped to develop customized tools for zero-day exploits. “The depth of resources necessary to sustain the scope” of intrusions is beyond the ability of “virtually all organized cybercriminal enterprises and is difficult at best without some type of state-sponsorship.” Data historically targeted have “no inherent monetary value to cybercriminals,” such as credit card numbers, the report said. If stolen data are being brokered through a third party to interested countries, regardless of who is doing the hacking, the activity can be considered state-sponsored, it said. Targeted data to date could help a country’s defense industry, space program, some high technology industries, “foreign policymakers interested in U.S. leadership thinking on key China issues,” and foreign military planners looking for U.S. weaknesses that could be exploited in a crisis, the report said. China would probably use its abilities to attack certain nodes on the military’s nonclassified NIPRNET and unclassified Defense Department and civilian contractor networks in the U.S. and allied Asia-Pacific countries, with the intent of delaying U.S. deployments and harming effectiveness of troops already deployed. The only difference between exploitation of a network and attack is the intent of the hacker, the report said. If China is responsible for just some of the current exploitation efforts, it may already have a “mature and operationally proficient” capability in computer network operations.