Tag Archives: China

Lords of Dharamraja: A New Vector for Disinformation and a Call for an Organizational Response

By Fletcher Schoen, Research Assistant
Edited by Dr. Christopher Lamb, Distinguished Research Fellow

In January, 2012, a ‘hacktivist’ group called “The Lords of Dharamraja” released information obtained by penetrating the secure servers at the Indian embassy in Paris.[1] One document was a memo detailing a purported deal between the Indian government and the international telecom firms Apple, Nokia, and Research in Motion. The companies allegedly provided Indian intelligence agencies with a technical backdoor into their mobile devices like the ubiquitous Blackberry or iPhone in return for greater access to the Indian telecom market.  Indian Military Intelligence utilized this backdoor to read the emails of the U.S.-China Economic and Security Review Commission (USCC), a bipartisan panel that reports to Congress on the security and economic relationship between the United States and the People’s Republic of China.[2]  The USCC has not denied that it was the victim of a cyber attack and it has asked the FBI, the lead agency on cybercrime inside the United States, to begin an investigation. The investigation however is not concentrating on Indian intelligence, despite the memo.  The origins of the attack are not what they seem.

At first glance, the memo seems genuine. It has an official layout, some redacted text, and is consistent with Indian bureaucratic language.[3] But according to the Times of India, which interviewed a number of Indian military and intelligence sources, the memo is replete with inaccuracies.  The most glaring is the wrong agency logo at the top of the page.[4]  The letterhead and signature block were lifted from authentic documents but the signatories do not work for the organization that produced the document.  Other sources familiar with Indian Intelligence said text is never redacted in internal documents.[5]  Finally, the Directorate General of Military Intelligence (Foreign Division) deals with defense attachés and foreign military cooperation not signals intelligence.[6] The Times of India’s conclusions are backed by investigations undertaken by The Guardian and Reuters.  All three investigative reports agree the memo is most certainly a forgery.

Recent reports about the ongoing FBI investigation further undermine the memo’s authenticity. American sources say the e-mails were stolen as part of the first stages of a “blended attack” on the USCC rather than alleged Indian signals interception of USCC communications.[7]  Blended attacks involve finding email servers that regularly communicate with the main target but have relatively lax cyber security.  Hacking them can eventually provide access to the harder to infiltrate main networks. Most of the stolen emails came not from the more secure USCC servers but from the personal email account of a former USCC Chairman, William Reinsch, who now heads the pro-trade organization, The National Foreign Trade Commission.  American officials with knowledge of the investigation point out that it is much more likely that hackers associated with Chinese rather than Indian interests would know who Reinsch was and would bother taking the time to track him down.  In any case, the intrusion into Reinsch’s email suggests some third party unconnected with Indian Intelligence committed this cyber attack against the USCC.

Hackers have always taken great care to hide the electronic and national origins of their attacks but this forged memo demonstrates that defensive misdirects can become offensive information warfare tools. Cyber attacks and the subsequent revealing of stolen data can act as a means for disseminating disinformation in a manner that compounds the damage done by the release of sensitive information. The size of a massive electronic data theft would make it difficult to sort out what was real and what wasn’t and the sensitivity of the real documents would make commenting on the fakes a delicate undertaking for the U.S. government. The effects of this kind of attack can be extrapolated from this recent incident. The forged Indian memo was just one document and yet it managed to morph a relatively routine cyber attack into an uncomfortable supposition of espionage between allies that will only be sorted out through careful investigation. All the while the real perpetrators can continue their work.

Dealing with this kind of sophisticated attack in the future will require a coherent interagency approach that combines cyber security with counter-disinformation and strategic communications.  Unfortunately, the response to this cyber attack and forgery has been anything but coherent.  The lack of comment by the FBI about its ongoing investigation is understandable only because revealing details of the attack gives free damage assessment to its adversaries. However the lack of any government response to the forgery is troubling. An information vacuum allows the forgery to have its intended effect. Forgeries like this one are relatively easy to expose and may seem relatively unimportant, but if ignored, over time such disinformation will erode and seriously damage U.S. political relationships.

Sources inside the U.S. government have told me that the United States has a counter-disinformation capability, but I have yet to see an official denunciation of this forgery and it is unclear if the alleged capability is working with the FBI on countering the new cyber vector for disinformation.  This should change, and quickly.  After all, this is not the first time the United States has confronted state-sponsored disinformation on a large scale.  During the last decade of the Cold War the State Department led an interagency working group that became adept at dealing with the Soviet Union’s frequent use of forged U.S. government documents.  Despite spending nearly $300 million on their disinformation apparatus, Soviet forgeries never withstood official American scrutiny and denunciation. Eventually an exasperated Soviet leadership foreswore the use of disinformation.

As China increases its cyber attacks on the United States it would be safe to assume the use of disinformation to support these attacks will increase as well.  China’s political system gives it monolithic control over information management but the United States and its open society retain the supreme advantage in information warfare.  Open expression of ideas will always triumph over manufactured information—eventually.  In the meantime, we need to energize the organizations that can convert this advantage into a concrete response.

Fletcher Schoen is a research assistant with INSS and co-author of “Deception, Disinformation and Strategic Communications: How One Interagency Group made a Major Difference,” a forthcoming study on the Active Measures Working Group to be published by NDU Press. 

[1] Yatish Yadev, “Hackers Invade Server of Indian Embassy in Paris,”  December 17, 2011. http://indiatoday.intoday.in/story/servers-of-indian-embassy-in-paris-hacked/1/164664.html

[2] The USCC also provides “recommendations, where appropriate, to Congress for legislative and administrative action.” http://www.uscc.gov/

[3] Frank Jack Daniel “Fake Memo but real code?  Indian-U.S. Hacking Mystery Deepens.” January 12, 2012.

[4] Charles Arthur and Agencies, “US Accuses China of Hacking emails,” The Guardian, January 20, 2012.

[5] Mark Hosenball, “US probes Commission Hack ,” Reuters, January 10, 2012.

[6] Josey Joseph, “Fake Letter Blows lid off Hacker’s Espionage Claim,” The Times of India, January 12, 2012.

[7] Charles Arthur and Agencies, “US Accuses China of Hacking emails”  The Guardian, January 20, 2012.


Leave a comment

Filed under Asia, Cyber, India, Intelligence, Regional Studies, Strategic Studies

China’s 2012 Defense Budget: Steady As She Goes

Chinese President Continue reading

1 Comment

Filed under Regional Studies, Strategic Studies

Military Transparency in China? One Step Forward, One Step Back….

“Chinese Military Transparency: Evaluating the 2010 Defense White Paper.”
Strategic Perspectives #5
By Phillip C. Saunders, PhD and Ross Rustici, MA


The Chairman of the Joint Chiefs of Staff, Admiral Mike Mullen, was recently in China and toured a number of Chinese military facilities.  During his July 10-14 trip, he visited the Second Artillery Corps headquarters, and an air force base in Shandong, where he sat in a  Su-27 Fighter.

Chairman Mullen in the cockpit of a Chinese Fighter Jet

Admiral Mullen in the cockpit of a PLA Air Force SU-27 fighter jet.

As part of his tour, Mullen also visited a submarine base where he inspected a Yuan class diesel submarine.

Admiral Mullen on a PLA Navy Yuan class diesel submarine.

Admiral Mullen inspects a PLA Navy Yuan class diesel submarine.

Chinese officials, academics, and commentators have cited the People’s Liberation Army’s willingness to show off these bases and weapons systems as an example of China’s move towards greater transparency about its military capabilities and modernization efforts.  ( http://bit.ly/pymAyy and http://on.wsj.com/pMdwo3 )

However, a new INSS Strategic Forum “Chinese Military Transparency: Evaluating the 2010 Defense White Paper” by Phillip Saunders and Ross Rustici evaluates China’s 2010 defense white paper and finds it a step backward in transparency compared to previous editions.  China’s 2010 white paper receives lower transparency ratings than the 2008 paper and provides less information than defense white papers of other major Asia-Pacific powers.

For the original INSS publication explaining the transparency methodology, click here.

For updated charts that compare China’s 2010 white paper to other Asia-Pacific white papers, click here.

Leave a comment

Filed under Uncategorized

South Korean Cybersecurity: Three Questions

By Brett Young, Research Assistant, American University, DC
Center for Technology and National Security Policy


The mid-April paralysis of the National Agricultural Cooperatives Federation (Nonghyup), South Korea’s fourth-largest retail bank, seemed to be another routine cyber incident in the same vein as recent, high-profile intrusions carried out against Sony (where attacks resulted in the breach of 100 million customers’ personal information) and Hyundai Capital (where hackers demanded a ransom for not releasing stolen information.) Preliminary investigations, however, showed that this was not the work of ordinary hackers. In early May, the Seoul Central District Prosecutor’s Office announced that the culprit was North Korea.

A network breach of the financial systems that underpin a vibrant modern economy, particularly one conducted not by a group of profit-seeking hacker-criminals, but by a sovereign nation-state with hostile intentions, raises a number of questions.

How should this alleged incident impact diplomatic relations with North Korea? After a bloody 2010, this year has seen a North Korean “charm offensive” with an emphasis on improving relations between the two Koreas. The North may be seeking food aid to stave off famine conditions, or may want a more stable situation for the 100th anniversary of Kim Il-Sung’s birthday in 2012. At the negotiating table, President Lee Myung-bak’s default position has been to seek apologies for the deaths of 50 citizens at the hands of the North in 2010. Yet any discussion of the Cheonan corvette sinking or the shelling of Yeonpyeong Island is met with vigorous denials and can lead to immediate termination of any talks by the North.

Nonghyup’s security breach was considerably more than a nuisance; since April 12, the bank has spent over $400 million on measures to prevent the loss of customer confidence. When the South sits down at the table with the North, should Nonghyup be on the agenda? Or is silence (or covert retaliation) best?

The North has shown the ability to change their diplomatic posture overnight; their “charm offensive” posture may not last. When dealing with a regime that specializes in provocation, South Korea needs to define what manner of cyber incidents will be permitted to derail ongoing negotiations.

At the national level, how should South Korea pursue cybersecurity down the road? The security team at Nonghyup ignored financial sector regulations regarding strength of passwords, and internally permitted use of passwords that were deemed too weak to be used by their own customers.

Previous cyber intrusions in the ROK were enabled by the malware spread through popular peer-to-peer (P2P) file-sharing websites. In the past, South Korea has tried to combat cyber intrusions by increasing public awareness through mass and social media. But the economic motivation to use P2P websites—and get goods for free—will remain, despite government campaigns. South Korea can create more vigorous laws regarding network protection, but must do so in a fashion that will not create a counterproductive environment where reluctance to cooperate is the preferred corporate response to a network breach.

Internationally, the Nonghyup case will never end up before the United Nations. Last year’s sinking of the Cheonan resulted in a UN Presidential Statement condemning the attack. But in cyberspace, attribution—being able to directly attribute an intrusion to a source—remains the thorniest in a thicket of issues. North Korea’s involvement has been alleged, not proven—as with two other previous cyber incidents in the South. Some experts and media outlets disagreed, noting that technical evidence cited by the National Police Agency can be manipulated by competent hackers. As a state with one of the highest broadband connectivity rates in the world, South Korea is better off continuing to bolster its defenses: it has both a Cyber Warfare Command and Cyber Terror Response Center, and roughly doubled funding for the former in April. 

Finally, there is the broader question of the gradual increase in cyber intrusions against states, and what states are to do about them. Recent years have seen increasingly brazen network intrusions, threatening state secrets, which costs time and money. Intelligence agencies, military planners, and policymakers are grappling with the question of how exactly to respond to certain types of intrusions—and what, if any, level of a cyber incident would require the answer of a real-world, kinetic response.

An event which broke as this went to press will certainly have the attention of Seoul. The Wall Street Journal reported that the U.S. Department of Defense is soon to release its cybersecurity strategy, possibly containing precedent-setting answers to the question posed above.

All three questions bear close scrutiny not only by South Korean policymakers, but by those interested in shaping policy for effective cybersecurity around the world.

Brett Young is a graduate student at American University’s School of International Service, where he focuses on security studies in East Asia. He is currently researching aspects of cybersecurity for NDU’s Center for Technology and National Security Policy. He previously interned at the Korea Economic Institute in Washington, DC.

Leave a comment

Filed under Regional Studies, Strategic Studies

Common Sense and Rare Earth

By Jacob Tremblay, Center for Strategic Research

Yellow Lanterns Hanging at Temple with Chinese CharactersAlthough the diplomatic spat between Japan and China over the detention of a Chinese fishing boat captain near the disputed Senkaku/Diaoyutai Islands has simmered down, Japanese companies are still feeling the effects of an unofficial ban on rare-earth minerals.  Since September 22, Chinese customs agents have prevented shipments of materials vital to high tech gadgets in what is widely viewed as a means of protesting the detention begun when the captain allegedly rammed 2 Japanese Coast Guard vessels near the islands.  In utilizing customs agents, as opposed to announcing an export ban, China has skirted WTO rules designed to prevent such punitive anti-trade measures and avoid suit in a dispute resolutions court.  In doing so, China uses a crude club to browbeat Japan into accepting Chinese demands and make Japanese politicians in the future wary of confronting Chinese officials.

China currently supplies around 97% of the world’s rare-earth minerals which, despite their name, are actually quite common but expensive to mine and refine.  Japanese companies, including Sony and Toyota, rightfully fear that a prolonged de-facto export ban will make production extremely expensive if not impossible for several high tech goods. However, Japan has continued to aggressively pursue alternative sources of supply in a fashion that will thwart Beijing’s exertions aimed at limiting Tokyo’s maneuverability.  The Japanese controlled Sojitz trading company was already engaged in talks with Vietnam and Sumitomo was negotiating with Kazakhstan to begin rare-earth mining operations.  China’s ban will only increase the imperative for Japanese companies to diversify suppliers.

A large question of why China would institute a ban, when, in the short term, it appears that prices for rare-earth minerals will rise and reserves will run low, and Chinese suppliers are likely to be frozen out of the Japanese market as alternative sources come online.  Experience in other sectors shows that supply chain disruptions lead companies to consolidate their operations or search for more reliable suppliers; Boeing did precisely that in the instance of the Dreamliner, and, Gazprom has proposed building an alternative gas pipeline to supply Europe bypassing the oft-troublesome Ukraine.  Is Beijing’s course of action in the context of its dust up with Japan simply an instance of China flexing its muscles in unfamiliar realm, or is it a poor miscalculation that this move would advance Chinese interests?

Leave a comment

Filed under National Security Reform, Regional Studies, Strategic Studies

Is Kim Jong Il Ready to Name a Successor?

By Katherine Walczak, Center for Strategic Research

Kim Jong Il with soldiers

Kim Jong Il

As rumors abound over Kim Jong Il’s failing health, the question as to who will take his place goes unanswered. Believed to have suffered a stroke two years ago, and looking increasing worse when pictured on a recent trip to China, Kim’s health will pose a major concern for North Korea’s future. His deteriorating health was, reportedly, the reason the Workers Party Congress planned for September 15 was postponed, which has been rescheduled for today.

North Korea’s Workers Party Congress has not been held since 1980, where Kim officially accepted his position as the leader of North Korea, meaning this meeting will likely address some important concerns about North Korea’s future. And it is believed that Kim will use this congress to name his son, Kim Jong-un, as his successor.

Kim has three sons, from two different women, all of whom have been considered as possible replacements for their father. Kim’s oldest son, Kim Jong-nam, was the likely choice to be the next leader until he fell from favor in May 2001 after being arrested at the Tokyo International Airport. Kim’s next son, Kim Jong-chul, originally thought to have been Kim’s next choice, has been reportedly overlooked for his younger brother. This leaves the position to Kim’s youngest son, Kim Jong-un.

Very little is known about Kim Jong-un. He’s thought to be 26-28 years old, he may or may not have attended school in Switzerland, and few photos are known to exist of him. Kim Jong-un also might face challenges from his brothers for his position or for positions of power within the government. If Kim Jong-un is chosen, his uncle, Jang Song Taek, will likely take up a regent role to guide the young leader. Kim Jong-un is said to be most like his father in temperament, yet many are unsure whether he will follow in his father’s footsteps as a leader.

North Korea’s future is uncertain, yet there are hopes that today’s Congress will address some of these issues. But even should Kim name a successor, questions still remain over who will be named and what type of leader they will be. Given that the last congress was postponed, there is no guarantee the congress will even be held today. There seem to be plans in the making for the future of North Korea, but these plans are shaky at best, leaving the rest of the world in the dark about what’s to come in North Korea.

Leave a comment

Filed under National Security Reform, Regional Studies, Strategic Studies

Assessing Chinese Military Transparency

by Isaac Kardon, Contract Researcher to Dr. Phillip Saunders, Distinguished Senior Fellow & Director of the Center for the Study of Chinese Military Affairs

Chinese Flags in windTransparency – or rather, lack of it – is among the key points of interest for U.S. officials when dealing with China. In the military domain, the subject is of still greater interest due to the rapid growth and modernization of the Chinese military over the past two decades and the uncertainty surrounding People’s Liberation Army (PLA) intentions for these vastly improved capabilities. National Defense University’s Institute for National Strategic Studies’ Dr. Phil Saunders and Mike Kiselycznyk directly engage this critical issue in a recently published study, “Assessing Chinese Military Transparency.”

The authors present an objective method for assessing China’s military transparency, attempting to build on the PLA’s modest efforts to date in this vein. Targeting defense white papers, the study proposes a venue and a technique for Chinese and other regional militaries to evaluate their comparative degrees of transparency across a wide range of salient areas – including military doctrine, threat assessments and defense policy.

Last week, a piece in China’s state-run Global Times explicitly responded to the study by concurring with the authors’ conclusion that improving Chinese military transparency was an important objective not only for international audiences, but for the Chinese people themselves.

Leave a comment

Filed under Strategic Studies