Chinese computer hackers are allegedly breaking into high-security networks in the U.S. and other countries. Is Beijing creating an army of Internet warriors?
Tan Dailin lets out an audible gasp when he is told that he was identified in the U.S. as someone who may have been responsible for recent security breaches at the Pentagon. "Will the FBI send special agents out to arrest me?" he asks. Much as they might want to talk with him, though, FBI agents don't have jurisdiction in Chengdu, the capital of China's Sichuan province, where Tan lives. And given that he has been lauded in China's official press for his triumphs in military-sponsored hacking competitions, Tan is unlikely to have problems with local law enforcement. But Tan and his seven companions, who make up the self-proclaimed Network Crack Program Hacker (NCPH) group, are taking no chances. A couple of weeks after they spoke to TIME, they shuttered the group's website, on which they used to proudly post specially designed hacking programs that could be downloaded for free. Visitors now find only a notice that the page is being redesigned.
Tan and his fellow hackers may be lying low for now. But the controversy over the activities of hundreds of Chinese like them will only continue to grow. Though the evidence remains mostly circumstantial, a picture is emerging of a coordinated effort by Chinese-military authorities to recruit hackers such as Tan and his group to winkle out information from computer systems outside China and launch cyberattacks in future conflicts.
China has long regarded cyberwarfare as a critical component of asymmetrical warfare in any future conflict with the U.S. From China's perspective, it makes sense to use any means possible to counter America's huge technological advantage. A current wave of hacking attacks seems to be aimed mainly at collecting information and probing defenses, but in a real cyberwar, a successful attack would target computer-dependent infrastructure, such as banking and power generation. "Can one nation deliver a crippling blow to another through cyberspace?" asks American Sami Saydjari, head of the private computer-security group Cyber Defense Agency and former president of Professionals for Cyber Defense. "The answer is a definite yes. The Chinese know we are much more dependent on technology, and the more you depend on it, the more vulnerable you are."
Hacking attacks from the Middle Kingdom aren't new. In 1999, after U.S. planes bombed Beijing's embassy in Belgrade, and again in 2001, when a Chinese fighter crashed after a collision with a U.S. surveillance plane, Chinese hackers conducted cyberbattles with their U.S. counterparts. For several years beginning in 2003, U.S. government servers were subjected to a coordinated series of hacker attacks, code-named Titan Rain, which officials said had originated in China.
The scale and sophistication of the activities apparently conducted by Tan and his group--and their alleged ties to the People's Liberation Army (PLA)--are an insight into China's effort to establish a corps of civilian cyberwarriors. A recent series of intrusions into the systems of Western governments and major corporations was blamed on China (though none of the intrusions have been specifically tied to Tan and his group). This month British media reported that the country's top antiespionage official had sent a letter to 300 major corporations warning that they faced attacks from "Chinese state organizations." In May computers in the office of German Chancellor Angela Merkel were compromised by programs that had originated in China. In June U.S. military officials said an attack from China had penetrated a computer system at the Pentagon--though nonclassified, it included a server used by the office of Defense Secretary Robert Gates. Beijing denies that it is behind hacker attacks. Jiang Yu, a spokesman for China's Foreign Ministry, described such reports as "wild accusations" and said they reflected a "cold war mentality."
Outside China, however, the worries continue. "Recent events have made Western governments very nervous that this is just the tip of the iceberg," says Saydjari. "[The Chinese] have launched the equivalent of a Sputnik in cyberspace, and the U.S. and other countries are scrambling to catch up."
Meet the Geek Brigade
Gathered around the table at a restaurant in Chengdu on a recent evening, Tan, a.k.a. Withered Rose, and seven other members of the NCPH workshop don't look as though they could bring the U.S. economy to a halt. All in their early 20s, rail thin and with the prison pallor acquired from long nights spent hunched over monitors, they look like what they are: a bunch of nerds. They refuse to give their real names, referring to one another by nicknames--Blacksmith, Firestarter, Fisherman, Floorsweeper, Chef, Plumber, Pharmacist. All vehemently deny having anything to do with attacks on U.S. government systems. "Messing with the U.S. Department of Defense is no small thing," says Floorsweeper. "We read about arrested terrorists, about Guantánamo. Who gets away with messing with the U.S. government?"
O.K., so what does the NCPH, which Tan founded in 2004 when he was a student at Sichuan University of Science and Engineering, actually do? The answer starts out vague, but eventually pride gets the better of the young men. They acknowledge that the group first got its reputation by hacking 40% of the hacker associations' websites in China. That was during their "young and hotheaded college days," as Fisherman puts it. The NCPH is also famous for the remote-network-control programs they wrote and offered for download. These programs, which allow hackers to take over other computers, are exactly the kind that were used to obtain documents, spreadsheets and other materials from U.S. government offices in the most recent attacks.
But according to two detailed studies by iDefense, a branch of VeriSign, an Internet-security company based in Mountain View, Calif., the NCPH created 35 programs that took advantage of vulnerabilities in Microsoft Office to implant so-called Trojans--programs that take partial control of an infected computer and can be used to send documents, spreadsheets and other files over the Internet. The two iDefense reports say that beginning in May 2006, the Chengdu group "launched a barrage of attacks against multiple U.S. government agencies ... The result of all of this activity is that the NCPH group siphoned thousands--if not millions--of unclassified U.S. government documents back to China." Citing evidence of Tan's close ties to the military and other Chinese hackers' organizations that have been suspected of acting on behalf of the military, the reports conclude that Tan and the NCPH were almost certainly acting on behalf of and funded by the Chinese armed forces. "Most likely," the reports suggest, "hundreds of these groups exist in China." Tan declined to comment on the studies.