UPDATE on Jan 13, 2010: Citing this paper and the one I added at the bottom, Google today announced that hacking concerns in China have prompted a broad review of the company’s business operations in China. They are considering withdrawing from China.
Fascinating study done by Northrup Grumman Corporation for the US government’s US-China Economic and Security Review Commission about the Chinese government’s Cyberwar capability.
In fact, it presents techniques in such a way as to offer a “How To” guide for aspiring state-sponsored hackers.
Among the many concrete examples is a description of how hackers presumed to work for the Chinese government operate coordinated teams with separate members for “network infiltration” and “data exfiltration”.
One detail: The hackers moved out the data in a series of files of exactly the same size. The report repeatedly details the planning and discipline shown by the hackers in this case. Files in adjoining folders on similar topics, for example, were ignored in favor of a series of specific files held by the unnamed company.
Based on the progress of the attack at studies of the keyboard habits of the hackers, the report constructed this team diagram. Further description of the report below, but for all the details, download the full report yourself!. (h/t to David Wolf)
There is also a timeline of Chinese hacking incidents:
The paper’s introduction states:
This paper presents a comprehensive open source assessment of China’s capability to conduct computer network operations (CNO) both during peacetime and periods of
conflict. The result will hopefully serve as useful reference to policymakers, China specialists, and information operations professionals. The research for this project encompassed five broad categories to show how the People’s Republic of China (PRC) is pursuing computer network operations (CNO) and the extent to which it is being implemented by examining:
a) The PLA‘s strategy for computer network operations at the campaign and
strategic level to understand how China is integrating this capability into overall
planning efforts and operationalizing it among its field units;
b) Who are the principal institutional and individual “actors” in Chinese CNO and
what linkages may exist between the civilian and military operators;
c) Possible targets of Chinese CNO against the US during a conflict to
understand how the PLA might attempt to seize information control over the
US or similar technologically advanced military during a conflict;
d) The characteristics of ongoing network exploitation activities targeting the US
Government and private sector that are frequently attributed to China;
e) A timeline of alleged Chinese intrusions into US government and industry
networks to provide broader context for these activities.