Aug 6, 2008 | 19:31 GMT

6 mins read

China: Cybersecurity and Mosaic Intelligence

It is difficult to overstate the scale and scope of the Chinese government's exploitation of cyberspace. Though it faces challenges –- such as sorting mountains of acquired data — Beijing continues to grow the scope and sophistication of its capabilities.
Editor's note: This is part of a series of analyses on the emergence of cyberspace as battlespace. The scale and scope of the Chinese government's exploitation of cyberspace is difficult to overstate. While Russian attacks on Estonia in 2007 were perhaps more high profile, there is little doubt that Beijing commands the planet's most expansive capability to penetrate computer systems around the world — especially in the United States. Broad Chinese pinging and penetration of government, military, law enforcement, government contractor and corporate computer systems is nothing new. Traditionally, most of the traffic has been fairly low-tech scouting by automated bots functioning with simple search criteria, but the volume is incredibly high and increasing in sophistication. While any one incident is highly deniable for the Chinese government, there is no doubt that much of the traffic is coordinated — or actually conducted — by Chinese government and military personnel. Any computer connected to the Internet is potentially subject to this same sort of assault, but the danger is particularly high in China itself or in places like Afghanistan, where half the Internet traffic is routed through China. Foreign government, military and contractor computers are prime targets. It is already fairly common corporate practice among IT-savvy firms to dispatch employees to such areas only with "disposable" computers stripped to the greatest extent possible of sensitive or proprietary information. Indeed, some companies will actually physically shred laptops that have been connected to the Internet through China in special machines because they are considered permanently compromised when it comes to sensitive or classified information. Malicious software (malware) has been discovered in other parts of the computer outside the hard drive. There are even studies suggesting that a computer's firmware (the code that is embedded in a computer's hardware) could be infected; some cybersecurity professionals already consider this a real concern. Indeed, computer hardware, including hard drives, now are even coming out of the factory infected with malware (USB "thumb" drives reportedly have notoriously high infection rates). This is hardly limited to China — again, like much in cyberspace, culprits usually are extremely difficult to pinpoint — but Beijing is a particular concern. Now that this new avenue of infection — the factory floor — has been developed, the possibilities for infection and the implications of that infection are immensely broad. This has profound implications for global computer security. Computers could be ready-made bots for activation in a crisis or programmed to stream user activity and files to a data dump in China. This is especially troublesome, as more and more computer hardware is fabricated in East Asia. Moreover, while some of these issues are certainly criminal in nature or the work of independent hackers, they are best understood geopolitically in relation to the way China collects intelligence. Beijing relies heavily on a model known as mosaic intelligence, which consists of maximizing the quantity of raw material collected — not targeting anything specific, simply seeing what bits of data can be found — seeing what comes back, and then piecing the information together into a "mosaic" in China. While this might not seem like the most efficient means of collection, China enjoys a demographic position where manpower is not a primary concern. But collection is only one aspect of intelligence. Sifting through and analyzing raw data is just as important and, in ways, much harder. Qualitative manpower requirements are much more demanding. It is far from clear just how effectively China can parse through the mountains of data it collects, but it is clear Beijing is short on critical skills such as top-level English speakers. The Chinese nevertheless undoubtedly are refining their methods even as they continue to expand their net. The mosaic model essentially yields data on everything, but maximizes the processing challenges and leaves little capacity for pursuing more hardened information. For example, shallow, but persistent, Chinese penetration of the U.S. nuclear enterprise reportedly allowed Beijing to create a mosaic of details that helped military engineers shrink their nuclear warheads considerably. By comparison, good signals intelligence — long a crutch of the U.S. intelligence community — allows global communications to be monitored, but is limited to conversations via electronic media. Human intelligence, which Washington is still struggling to rebuild a capacity in, is good for deep coverage of specific targets but misses much of what is not specifically pursued. The example of the Soviet Union just prior to its collapse, when no one at the top had any idea what was about to befall them, comes to mind. This is not to suggest that Beijing's efforts cannot become more targeted, extending from internal security and proprietary corporate information to the internal communications of foreign governments and military systems. For example, dissident Chinese Web sites are often penetrated by Beijing and infected so that any who access the site are then targets of Chinese malware, often in order to gather even more information (sometimes as simple as an e-mail client's address book). Computers of U.S. think tanks reportedly have even been infected this way. A U.S. trade delegation led by Commerce Secretary Carlos Gutierrez in 2007 also reportedly had some of its electronic devices infected while visiting China. Beijing has expansive capabilities in cyberspace, from monitoring dissidents to extensive mapping out of critical foreign computer systems and building an understanding of how they work — and where they are vulnerable — to prepare for their exploitation in a cyberwarfare scenario. And Beijing is clearly marrying these capabilities with its mosaic intelligence model. While China is still bringing in more raw information than it can properly digest, the combination could ultimately prove to be a powerful intelligence capability. In addition, this is all highly deniable for Beijing, and its looser judicial system allows the Chinese government to more easily organize and exploit unofficial groups of hackers inside the country as well as to train cadres for actual government or military service. But while much is being done behind the scenes in the United States already, the recent uptick in the public acknowledgment of the cyberwarfare threat by U.S. government and intelligence officials is emblematic of a country playing catch-up even as the scale and sophistication of Chinese cyberintrusions is on the rise. Next: Georgia, Russia: The Cyberwarfare Angle

Article Search

Copyright © Stratfor Enterprises, LLC. All rights reserved.

Stratfor Worldview


To empower members to confidently understand and navigate a continuously changing and complex global environment.