Angry Chinese Blogger
 |
 |
Angry Chinese Blogger:
The news and views about China that the big media can't, or won't, tell you The is no single truth Menu: Home |
|
Entries By Country
   |
Enemy at the Gate: Did Chinese Hackers Infiltrate US Power Grid?
posted Saturday, 31 May 2008
As an Analyst and China Watcher, ACB often finds themselves reading the work of other Analysts and China Watchers. Sometimes ACB finds such works to be interesting because of what was included, sometimes ACB finds them to be interesting for what is left out, and sometimes ACB finds them to be interesting because of the questions that they raise. Though such questions are not always about the text, but often rather about the writer, them self.
One recent document that tweaked ACB's interest was an article titled "China’s Cyber-Militia" by Shane Harris, which can be found in the last edition of National Journal: A political publication aimed at Washington insiders, and those hoping to influence them.
According to Harris, Beijing and the PLA have long been actively engaging is so called "cyber-espionage" against the US: Using teams of elite computer hackers to make off with American military and industrial secrets.
To be honest ACB doesn't find the idea of Chinese hacking into US systems to be particularly surprising, or even particularly noteworthy. Since just about everybody else is doing exactly the same thing (Including Washington, itself) China would be missing a trick if it wasn't taking every opportunity to peak into America's networks.
What ACB does find interesting, however, is that Harris has taken the ever apocryphal China-Cyber-Threat story and has advanced it in a less than conventional direction. Going so far as to implicate Beijing sponsored hackers in two blackouts which left millions of people sitting in the dark. One in August 2003 that effected North East America and South East Canada, the other in February 2008 which effected Florida.
According to official accounts, both blackouts were the result of accidents and coincidences, with a conflagration of circumstances coming together which allowed small problems and issues to escalate into something much bigger. Harris thinks otherwise.
The Harris Hypothesis
According to Harris:
For some reason ACB has always been fascinated by conspiracy stories, especially those originating from the US. They seem to have many more twists and turns than those from anywhere else, and they seem to be able to throw together all sorts of coincidences, subjective viewpoints, and suppositions into a single narrative in a way that people in other countries simply can't match. They are also, often, somewhat more interesting than what really happened. Hence their popularity.
Readers should note the way that many of the cases that Harris cites don't even mention Chinese hackers, just that hacking of some nature was involved, or they mention Chinese hackers taking on computer systems that are unrelated to the power network. In fact the closest that Harris actually comes to linking China to either blackout is a brief admission by Washington counterintelligence official Joel Brenner that it was technically feasible for a Chinese agent to infiltrated and disrupt America's power network 'because it required similar skills to hacking other, unrelated, computer networks', and an assertion by former lobby group head Tim Bennett that unidentified US security officials had told him that PLA hackers had once probed an unidentified power company system in a region that later suffered a serious blackout. A blackout which was later found to be the result of a maintenance technician switching off two safety systems during a routine repair.
ACB especially likes the suppositions of an individual that Harris refers to only as "second information-security expert" whom manages to systematically state that Chinese hackers are both smart and dumb at the same time. Smart enough to be a threat that needs countering, but dumb enough to cause harm to the US by accident rather than deliberate effort.
It's almost as good as the arcetyple neo-con view of an Arab terrorist. They are uneducated, uncultured and they hate freedom. Yet they are also fully capable of masterminding complex plots against the US, under the banner of one of the world's biggest religions, in in support of their brothers whom are being persecuted overseas.
Of course, one of the things that makes conspiracy stories so compelling is that some of them are true. However, at the end of the day, ACB thinks that what Harris has latched on to (as far as the portion of his writing on blackouts goes, that is) is less of a Chinese hacking conspiracy, and more that a group of people are desperately looking for any explanation other than official one - That a liberal approach to regulation, and underinvestment in infrastructure, twice shut down large areas of America - because they are unwilling to believe that the richest nation of our time can be shaken so dramatically by anything other than a directed assault by an powerful and directed enemy.
Maybe one day the Chinese-Blackout conspiracy will be as famous as the moon landing hoax conspiracy is in the US, or the belief that America and Japan are conspiring to keep the mainland down is in China. But ACB thinks not
Official Explanation
Officially, the August 2003 North East blackout was caused by failings in the power distribution system after overhead cables in Cleavland, Ohio: maintained by FirstEnergy Corp, were damaged by tree branches causing instability in the system which was not countered by load balancing and cutoff systems. FirstEnergy Corp escaped federal punishment due to a loophole in US energy regulations: Under US regulations no set standard existed by which to judge quality of service from an energy provider, thus a 0 percent service cold not be deemed to be in breach of regulations.
Authorities have officially rulled out hacking as a cause of the blackout, saying that while it was difficult to identify hackers as individuals it was a much simpler matter to identify their actions one inside a system.
One recent document that tweaked ACB's interest was an article titled "China’s Cyber-Militia" by Shane Harris, which can be found in the last edition of National Journal: A political publication aimed at Washington insiders, and those hoping to influence them.
According to Harris, Beijing and the PLA have long been actively engaging is so called "cyber-espionage" against the US: Using teams of elite computer hackers to make off with American military and industrial secrets.
To be honest ACB doesn't find the idea of Chinese hacking into US systems to be particularly surprising, or even particularly noteworthy. Since just about everybody else is doing exactly the same thing (Including Washington, itself) China would be missing a trick if it wasn't taking every opportunity to peak into America's networks.
What ACB does find interesting, however, is that Harris has taken the ever apocryphal China-Cyber-Threat story and has advanced it in a less than conventional direction. Going so far as to implicate Beijing sponsored hackers in two blackouts which left millions of people sitting in the dark. One in August 2003 that effected North East America and South East Canada, the other in February 2008 which effected Florida.
"Chinese hackers pose a clear and present danger to U.S. government and private-sector computer networks and may be responsible for two major U.S. power blackouts."
Harris, Shane, China’s Cyber-Militia, National Journal
Harris, Shane, China’s Cyber-Militia, National Journal
According to official accounts, both blackouts were the result of accidents and coincidences, with a conflagration of circumstances coming together which allowed small problems and issues to escalate into something much bigger. Harris thinks otherwise.
The Harris Hypothesis
According to Harris:
Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.
One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.
Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. The blackout prompted President Bush to address the nation the day it happened. Power was mostly restored within 24 hours.
There has never been an official U.S. government assertion of Chinese involvement in the outage, but intelligence and other government officials contacted for this story did not explicitly rule out a Chinese role. One security analyst in the private sector with close ties to the intelligence community said that some senior intelligence officials believe that China played a role in the 2003 blackout that is still not fully understood.
Bennett, whose former trade association includes some of the nation’s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations. Bennett said that the chief executive officer of a security firm that belonged to Bennett’s trade group told him that federal officials had hired the CEO’s company to investigate the blackout for evidence of a network intrusion, and to “reverse engineer” the incident to see if China had played a role.
Bennett, who now works as a private consultant, said he decided to speak publicly about these incidents to point out that security for the nation’s critical electronic infrastructures remains intolerably weak and to emphasize that government and company officials haven’t sufficiently acknowledged these vulnerabilities.
The Florida Blackout
A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake. “The hacker was probably supposed to be mapping the system for his bosses and just got carried away and had a ‘what happens if I pull on this’ moment.” The hacker triggered a cascade effect, shutting down large portions of the Florida power grid, the security expert said. “I suspect, as the system went down, the PLA hacker said something like, ‘Oops, my bad,’ in Chinese.”
The power company has blamed “human error” for the incident, specifically an engineer who improperly disabled safety backups while working on a faulty switch. But federal officials are still investigating the matter and have not issued a final report, a spokeswoman for the Federal Energy Regulatory Commission said. The industry source, who conducts security research for government and corporate clients, said that hackers in China have devoted considerable time and resources to mapping the technology infrastructure of other U.S. companies. That assertion has been backed up by the current vice chairman of the Joint Chiefs of Staff, who said last year that Chinese sources are probing U.S. government and commercial networks.
Asked whether Washington knew of hacker involvement in the two blackouts, Joel Brenner, the government’s senior counterintelligence official, told National Journal, “I can’t comment on that.” But he added, “It’s certainly possible that sort of thing could happen. The kinds of network exploitation one does to explore a network and map it and learn one’s way around it has to be done whether you are going to … steal information, bring [the network] down, or corrupt it.… The possible consequences of this behavior are profound.”
Brenner, who works for Director of National Intelligence Mike McConnell, looks for vulnerabilities in the government’s information networks. He pointed to China as a source of attacks against U.S. interests. “Some [attacks], we have high confidence, are coming from government-sponsored sites,” Brenner said. “The Chinese operate both through government agencies, as we do, but they also operate through sponsoring other organizations that are engaging in this kind of international hacking, whether or not under specific direction. It’s a kind of cyber-militia.… It’s coming in volumes that are just staggering.”
The Central Intelligence Agency’s chief cyber-security officer, Tom Donahue, said that hackers had breached the computer systems of utility companies outside the United States and that they had even demanded ransom. Donahue spoke at a January gathering in New Orleans of security executives from government agencies and some of the nation’s largest utility and energy companies. He said he suspected that some of the hackers had inside knowledge of the utility systems and that in at least one case, an intrusion caused a power outage that affected multiple cities. The CIA didn’t know who launched the attacks or why, Donahue said, “but all involved intrusions through the Internet.”
Donahue’s public remarks, which were unprecedented at the time, prompted questions about whether power plants in the United States had been hacked. Many computer-security experts, including Bennett, believe that his admission about foreign incidents was intended to warn American companies that if intrusions hadn’t already happened stateside, they certainly could. A CIA spokesman at the time said that Donahue’s comments were “designed to highlight to the audience the challenges posed by potential cyber intrusions.” The CIA declined National Journal’s request to interview Donahue."
Harris, Shane, "China’s Cyber-Militia (Extract)", National Journal
One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.
Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. The blackout prompted President Bush to address the nation the day it happened. Power was mostly restored within 24 hours.
There has never been an official U.S. government assertion of Chinese involvement in the outage, but intelligence and other government officials contacted for this story did not explicitly rule out a Chinese role. One security analyst in the private sector with close ties to the intelligence community said that some senior intelligence officials believe that China played a role in the 2003 blackout that is still not fully understood.
Bennett, whose former trade association includes some of the nation’s largest computer-security companies and who has testified before Congress on the vulnerability of information networks, also said that a blackout in February, which affected 3 million customers in South Florida, was precipitated by a cyber-hacker. That outage cut off electricity along Florida’s east coast, from Daytona Beach to Monroe County, and affected eight power-generating stations. Bennett said that the chief executive officer of a security firm that belonged to Bennett’s trade group told him that federal officials had hired the CEO’s company to investigate the blackout for evidence of a network intrusion, and to “reverse engineer” the incident to see if China had played a role.
Bennett, who now works as a private consultant, said he decided to speak publicly about these incidents to point out that security for the nation’s critical electronic infrastructures remains intolerably weak and to emphasize that government and company officials haven’t sufficiently acknowledged these vulnerabilities.
The Florida Blackout
A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake. “The hacker was probably supposed to be mapping the system for his bosses and just got carried away and had a ‘what happens if I pull on this’ moment.” The hacker triggered a cascade effect, shutting down large portions of the Florida power grid, the security expert said. “I suspect, as the system went down, the PLA hacker said something like, ‘Oops, my bad,’ in Chinese.”
The power company has blamed “human error” for the incident, specifically an engineer who improperly disabled safety backups while working on a faulty switch. But federal officials are still investigating the matter and have not issued a final report, a spokeswoman for the Federal Energy Regulatory Commission said. The industry source, who conducts security research for government and corporate clients, said that hackers in China have devoted considerable time and resources to mapping the technology infrastructure of other U.S. companies. That assertion has been backed up by the current vice chairman of the Joint Chiefs of Staff, who said last year that Chinese sources are probing U.S. government and commercial networks.
Asked whether Washington knew of hacker involvement in the two blackouts, Joel Brenner, the government’s senior counterintelligence official, told National Journal, “I can’t comment on that.” But he added, “It’s certainly possible that sort of thing could happen. The kinds of network exploitation one does to explore a network and map it and learn one’s way around it has to be done whether you are going to … steal information, bring [the network] down, or corrupt it.… The possible consequences of this behavior are profound.”
Brenner, who works for Director of National Intelligence Mike McConnell, looks for vulnerabilities in the government’s information networks. He pointed to China as a source of attacks against U.S. interests. “Some [attacks], we have high confidence, are coming from government-sponsored sites,” Brenner said. “The Chinese operate both through government agencies, as we do, but they also operate through sponsoring other organizations that are engaging in this kind of international hacking, whether or not under specific direction. It’s a kind of cyber-militia.… It’s coming in volumes that are just staggering.”
The Central Intelligence Agency’s chief cyber-security officer, Tom Donahue, said that hackers had breached the computer systems of utility companies outside the United States and that they had even demanded ransom. Donahue spoke at a January gathering in New Orleans of security executives from government agencies and some of the nation’s largest utility and energy companies. He said he suspected that some of the hackers had inside knowledge of the utility systems and that in at least one case, an intrusion caused a power outage that affected multiple cities. The CIA didn’t know who launched the attacks or why, Donahue said, “but all involved intrusions through the Internet.”
Donahue’s public remarks, which were unprecedented at the time, prompted questions about whether power plants in the United States had been hacked. Many computer-security experts, including Bennett, believe that his admission about foreign incidents was intended to warn American companies that if intrusions hadn’t already happened stateside, they certainly could. A CIA spokesman at the time said that Donahue’s comments were “designed to highlight to the audience the challenges posed by potential cyber intrusions.” The CIA declined National Journal’s request to interview Donahue."
Harris, Shane, "China’s Cyber-Militia (Extract)", National Journal
For some reason ACB has always been fascinated by conspiracy stories, especially those originating from the US. They seem to have many more twists and turns than those from anywhere else, and they seem to be able to throw together all sorts of coincidences, subjective viewpoints, and suppositions into a single narrative in a way that people in other countries simply can't match. They are also, often, somewhat more interesting than what really happened. Hence their popularity.
Readers should note the way that many of the cases that Harris cites don't even mention Chinese hackers, just that hacking of some nature was involved, or they mention Chinese hackers taking on computer systems that are unrelated to the power network. In fact the closest that Harris actually comes to linking China to either blackout is a brief admission by Washington counterintelligence official Joel Brenner that it was technically feasible for a Chinese agent to infiltrated and disrupt America's power network 'because it required similar skills to hacking other, unrelated, computer networks', and an assertion by former lobby group head Tim Bennett that unidentified US security officials had told him that PLA hackers had once probed an unidentified power company system in a region that later suffered a serious blackout. A blackout which was later found to be the result of a maintenance technician switching off two safety systems during a routine repair.
ACB especially likes the suppositions of an individual that Harris refers to only as "second information-security expert" whom manages to systematically state that Chinese hackers are both smart and dumb at the same time. Smart enough to be a threat that needs countering, but dumb enough to cause harm to the US by accident rather than deliberate effort.
"The [Chinese[ hacker was probably supposed to be mapping the system for his bosses and just got carried away and had a ‘what happens if I pull on this’ moment."
Unnamed, "China’s Cyber-Militia", National Journal
Unnamed, "China’s Cyber-Militia", National Journal
It's almost as good as the arcetyple neo-con view of an Arab terrorist. They are uneducated, uncultured and they hate freedom. Yet they are also fully capable of masterminding complex plots against the US, under the banner of one of the world's biggest religions, in in support of their brothers whom are being persecuted overseas.
Of course, one of the things that makes conspiracy stories so compelling is that some of them are true. However, at the end of the day, ACB thinks that what Harris has latched on to (as far as the portion of his writing on blackouts goes, that is) is less of a Chinese hacking conspiracy, and more that a group of people are desperately looking for any explanation other than official one - That a liberal approach to regulation, and underinvestment in infrastructure, twice shut down large areas of America - because they are unwilling to believe that the richest nation of our time can be shaken so dramatically by anything other than a directed assault by an powerful and directed enemy.
Maybe one day the Chinese-Blackout conspiracy will be as famous as the moon landing hoax conspiracy is in the US, or the belief that America and Japan are conspiring to keep the mainland down is in China. But ACB thinks not
Official Explanation
Officially, the August 2003 North East blackout was caused by failings in the power distribution system after overhead cables in Cleavland, Ohio: maintained by FirstEnergy Corp, were damaged by tree branches causing instability in the system which was not countered by load balancing and cutoff systems. FirstEnergy Corp escaped federal punishment due to a loophole in US energy regulations: Under US regulations no set standard existed by which to judge quality of service from an energy provider, thus a 0 percent service cold not be deemed to be in breach of regulations.
Authorities have officially rulled out hacking as a cause of the blackout, saying that while it was difficult to identify hackers as individuals it was a much simpler matter to identify their actions one inside a system.
"it's virtually impossible to get in without leaving some tracks..... They can cover their tracks as far as who they are but they cannot cover their tracks about where they've been."
Michel Gent, President of the North American Electric Reliability Council
Michel Gent, President of the North American Electric Reliability Council
The later February 2008 Florida blackout was ruled to be the result of maintenance engineers working for Florida Power and Light erroneously switching off two relay protection systems while repairing a faulty switch at the Flagami substation, causing a cascading failure in the regional power network.
"We don't know why the employee took it upon himself to disable both sets of relays"
Armando Olivera, President, Florida Power and Light
Armando Olivera, President, Florida Power and Light
Harris's report titled: China's Cyber Militia, can be read in full in the latest edition of National Journal magazine. As the cover story it is a little hard to overlook.
View Comments/Add a Comment (5)
1. The Angry Chinese Blogger left...
Saturday, 7 June 2008 9:00 pm
I have not deleted the comments here, they have vanished from the system.
Even my own comments. I am currently investigating.
2. The Angry Chinese Blogger left...
Saturday, 7 June 2008 9:08 pm
(Restored comment by Rick Vandercamp
3. The Angry Chinese Blogger left...
Saturday, 7 June 2008 9:09 pm
(Restored comment)
4. Dave left...
Saturday, 28 November 2009 10:30 am
Sure,right,the Chinese that are hacking our grids "hate our freedoms"...
If that were true of the Chinese and the Arabs who supposedly hate
freeedoms then why aren't they hacking into Switzerland's systems?,or
Iceland's?
That stupid claim is usually used by Zionists and their
compliant lapdogs in the media to get the gullible sheep in the US to
submit their children for assorted wars,primarily in the ME for Israel's
security.
I'm surprised that it's being blamed for the electric grid
hackers as well.
5. ACB left...
Sunday, 29 November 2009 3:55 am
Dave: