The Times: PLA war-hackers can switch off US navy

Yellow Peril causes wet knickers among excited scribes


Unnamed Pentagon figures continue to get big ink for their thesis that Chinese military cyber assault is a threat of trouser-moistening magnitude. Last week's media bandwagon, initiated after Financial Times hacks in Washington obligingly got things rolling, is now thundering along unstoppably as foaming tech-dunce scribes pile aboard.

On Friday it was The Times' turn to play ventriloquist's dummy.

"Chinese military hackers have prepared a detailed plan to disable America’s aircraft battle carrier fleet with a devastating cyber attack, according to a Pentagon report obtained by The Times," says the Thunderer.

Crikey - the aircraft battle carrier fleet, eh? (A rather excitable way, one might take it, of referring to one or more US carrier battle groups; each group consisting of a carrier plus supporting vessels. It's true that China doesn't like carrier groups, as they could interfere very seriously with any attempt to invade Taiwan.)

Anyway - a carrier fleet, or something - disabled by a devastating cyber attack? That sounds pretty scary. Normally if you were going to "disable" a US Navy carrier group you'd want an enormous air or submarine force, and/or a load of hypersonic missiles, or maybe a very large nuclear bomb; something pretty damn major. Truly, this would be a "devastating cyber attack," indeed.

And this is quality information. It's in a "Pentagon report obtained by The Times." That has to mean a serious intelligence document, surely - probably mega secret poop, the kind of thing that the US top brass rely on. It'll be pukka intel based on spy satellite intercept, maybe; or reports from undercover agents in China. Information that ordinary folk seldom see or even get to hear of, unless they're bigshot Times hacks.

Or, you know, it could be a load of old cobblers that's been kicking about in the public domain for years.

"The plan to cripple the US aircraft carrier battle groups was authored by two PLA air force officials, Sun Yiming and Yang Liping," says The Times.

How on Earth did the "Pentagon" spooks get hold of the Yellow Peril's "devastating" new "cyber attack" plan, apparently capable of reducing a hundred billion dollarsworth of sea-going hardware to an irrelevance? If the Commies had something like that they'd keep it pretty secret - you'd think. The American spies who wrote the report "obtained" by The Times must have had to do something pretty amazing to get hold of the secret Chinese plans.

Or maybe not, as in fact the "cyber attack plan" is a chapter in a technical reference book, openly produced by the Chinese academic press. Tactical Datalinks in Information Warfare was published by the Beijing Post and Telecommunications College Press in 2005.

So actually the Pentagon spies just had to buy a copy of it.

American spooks might have done that back in 2005; but if so they aren't telling. However, someone who is telling is Dr Larry Wortzel, author of the "Pentagon report" obtained by The Times. Who is Wortzel? Some kind of super-brainy Pentagon computer analyst nerd, probably. The one in the movie who gets bullied by the macho special-ops guys: but by God, he knows his computer stuff.

Or, as we have here, a retired colonel with a PhD in political science from the University of Hawaii, who has also worked at Conservative Washington thinktanks. But he's written lots of books and stuff about China; and he's read Tactical Datalinks in Information Warfare. It's terrifying stuff, he says:

"Sun Yiming and Yang Liping... have carefully consulted dozens of corporate websites and... technical manuals, to produce a virtual guidebook for electronic warfare and jamming to disrupt critical US... communications, computers, and intelligence..."

The inscrutable little fiends! They've looked at our God-damn websites! And our tech manuals, which we often publish openly! Aiee!

Well, that's it. The US Seventh Fleet may as well pack up and go home; a couple of PLA guys have done a Google search and written a book. All the hundreds of intensively trained electronic warfare guys in each fleet, and all their billion-dollar, triply-encrypted megawatt deathware have been sidestepped. And bizarrely, the PLA have chosen to publish their cyber attack plan to the world.

This is, not to put too fine a point on it, crap. The PLA have next to no chance of seriously threatening the US navy any time soon. And if they did, they'd scarcely publicise their methods. And if that happened, you'd scarcely expect the Pentagon to be relying on political-science thinktank blowhards to analyse such a deeply technical matter for them. And then, supposing all of that had occurred, you wouldn't think the American brass would let their important intel get handed out to the British press.

Again, they didn't. The "Pentagon report obtained by The Times" is a chapter written by Wortzel in a paper published last week by the Strategic Studies Institute of the US Army war college. The Institute is a defence-talking shop similar in nature to the UK's Royal College of Defence Studies: a place where senior government types go to have seminars and do courses and so on. In his screed, Wortzel cut-and-pastes in the same text on Yiming and Liping's book that he used in a previous mongraph of his last May, discussing the Chinese nuclear forces. Those two Chinamen will do to big up any threat you like, it seems.

OK, theoretically this is a "Pentagon report," as the Institute is Pentagon-funded. The Reg has "obtained" the document too, by downloading it (pdf - page 197). It would be a lot more honest, though, to call it an essay, or a whitepaper, or a load of old strat-studies waffle.

So let's just run that first Times paragraph through the translator.

"Chinese military technicians wrote a book on electronic warfare two years ago, according to a bloke with a PhD in politics. We downloaded some of his stuff. He reckons the Chinese are getting more tech savvy."

That's pretty weak. So is the rest of the piece:

"The Pentagon logged more than 79,000 attempted intrusions in 2005 ... The Pentagon uses more than 5 million [networked] computers."

That seems to be about 0.01 attempted intrusions per computer per year: an unbelievably low figure. If it's actually true, the US military can relax.

The "cyber war" against Estonia last February gets trotted out yet again, too. "A massive cyber attack on Estonia by Russian hackers demonstrated how potentially catastrophic a preemptive strike could be on a developed nation," says the The Times. Blimey, yes; there's nothing north of Latvia but ruins, nowadays.

Apparently Linton Wells, "the chief computer networks official at the Pentagon," said that the Estonia attacks “may well turn out to be a watershed in terms of widespread awareness of the vulnerability of modern society".

That seems to be true; many people are actually becoming less aware of the world around us, and bumbling off into some cloud-cuckoo land where the PLA can switch off a carrier strike force at the click of a mouse. This problem is probably most widespread among Times readers.®


Other stories you might like

  • Intel to sell Massachusetts R&D site, once home to its only New England fab
    End of another era as former DEC facility faces demolition

    As Intel gets ready to build fabs in Arizona and Ohio, the x86 giant is planning to offload a 149-acre historic research and development site in Massachusetts that was once home to the company's only chip manufacturing plant in New England.

    An Intel spokesperson confirmed on Wednesday to The Register it plans to sell the property. The company expects to transfer the site to a new owner, a real-estate developer, next summer, whereupon it'll be torn down completely.

    The site is located at 75 Reed Rd in Hudson, Massachusetts, between Boston and Worcester. It has been home to more than 800 R&D employees, according to Intel. The spokesperson told us the US giant will move its Hudson employees to a facility it's leasing in Harvard, Massachusetts, about 13 miles away.

    Continue reading
  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined
    Developer interactions sometimes contain their own kind of poison

    Analysis Toxic discussions on open-source GitHub projects tend to involve entitlement, subtle insults, and arrogance, according to an academic study. That contrasts with the toxic behavior – typically bad language, hate speech, and harassment – found on other corners of the web.

    Whether that seems obvious or not, it's an interesting point to consider because, for one thing, it means technical and non-technical methods to detect and curb toxic behavior on one part of the internet may not therefore work well on GitHub, and if you're involved in communities on the code-hosting giant, you may find this research useful in combating trolls and unacceptable conduct.

    It may also mean systems intended to automatically detect and report toxicity in open-source projects, or at least ones on GitHub, may need to be developed specifically for that task due to their unique nature.

    Continue reading
  • Why Wi-Fi 6 and 6E will connect factories of the future
    Tech body pushes reliability, cost savings of next-gen wireless comms for IIoT – not a typo

    Wi-Fi 6 and 6E are being promoted as technologies for enabling industrial automation and the Industrial Internet of Things (IIoT) thanks to features that provide more reliable communications and reduced costs compared with wired network alternatives, at least according to the Wireless Broadband Alliance (WBA).

    The WBA’s Wi-Fi 6/6E for IIoT working group, led by Cisco, Deutsche Telekom, and Intel, has pulled together ideas on the future of networked devices in factories and written it all up in a “Wi-Fi 6/6E for Industrial IoT: Enabling Wi-Fi Determinism in an IoT World” manifesto.

    The detailed whitepaper makes the case that wireless communications has become the preferred way to network sensors as part of IIoT deployments because it's faster and cheaper than fiber or copper infrastructure. The alliance is a collection of technology companies and service providers that work together on developing standards, coming up with certifications and guidelines, advocating for stuff that they want, and so on.

    Continue reading
  • How can we make the VC world less pale and male, Congress wonders
    'Combating tech bro culture' on the agenda this week for US House committee

    A US congressional hearing on "combating tech bro culture" in the venture capital world is will take place this week, with some of the biggest names in startup funding under the spotlight.

    The House Financial Services Committee's Task Force on Financial Technology is scheduled to meet on Thursday. FSC majority staff said in a memo [PDF] the hearing will focus on how VCs have failed to invest in, say, fintech companies founded by women and people of color. 

    We're told Sallie Krawcheck, CEO and cofounder of Ellevest; Marceau Michel, founder of Black Founders Matter; Abbey Wemimo, cofounder and co-CEO of Esusu; and Maryam Haque, executive director of Venture Forward have at least been invited to speak at the meeting.

    Continue reading
  • DataStax launches streaming data platform with backward support for JMS
    Or move to Apache Pulsar for efficiency gains, says NoSQL vendor

    DataStax, the database company built around open-source wide-column Apache Cassandra, has launched a streaming platform as a service with backwards compatibility for messaging standards JMS, MQ, and Kafka.

    The fully managed messaging and event streaming service, based on open-source Apache Pulsar, is a streaming technology built for the requirements of high-scale, real-time applications.

    But DataStax wanted to help customers get data from their existing messaging platforms, as well as those who migrate to Pulsar, said Chris Latimer, vice president of product management.

    Continue reading
  • Infor to stop developing on-prem software for IBM iSeries
    ERP vendor had promised containerized options, but looks set to focus on the cloud

    ERP vendor Infor is to end development of on-premises and containerized versions of its core product for customers running on IBM iSeries mid-range systems.

    Born from a cross-breeding of ERP stalwarts Baan and Lawson, Infor was developing an on-premises containerized version of M3, dubbed CM3, to help ease migration for IBM hardware customers and offer them options other than lifting and shifting to the cloud.

    Infor said it would continue to run the database component on IBM i (Power and I operating system, formerly known as iSeries) while supporting the application component of the product in a Linux or Windows container on Kubernetes.

    Continue reading

Biting the hand that feeds IT © 1998–2022