China's Blue Army: When nations harness hacktivists for information warfare

China's Blue Army: When nations harness hacktivists for information warfare

Summary: The methodology used in offensive cyber warfare is fairly simple -- if you're attacking us we reserve the right to strike back at you. That methodology is just plain wrong.


China has recently announced the existence of the Blue Army, a government sponsored cyber warfare unit similar to those launched by the U.S, the United Kingdom, Australia and Israel.

Although the majority of the cyber warfare units have been established for defensive purposes, it's the offensive cyber capabilities that are worth discussing in the context of establishing a borderline for offensive cyber operations. The methodology used in offensive cyber warfare operations is fairly simple - if you're attacking us we reserve ourselves the rights to strike back at you.

It's a methodology that is totally wrong, taking into consideration the fact that the attack may be coming from a country that is basically abusing the infrastructure of another country, in a combination with reliance of localized attack kits and tactics typical to those used by what is originally perceived as the attacking country.

It's been a decade since the release of the Chinese "Unconventional warfare" book, and a lot has changed from a conceptual perspective. From symmetric to asymmetric shift in the concepts, to the currently in progress of implementation unrestricted warfare military doctrines, the Chinese has proven that they they're not just able to keep up with the developing environment, but to dominate it with new concepts in cyberspace.

What constitutes unrestricted warfare in the cyberspace realm, really? Basically, it's the reliance on civilians for executing government sponsored or government tolerated cyber operations, the so called people's information warfare concept. The concept is fairly simple. Instead of establishing a dedicated cyber warfare unit, a country such as China is actively harnessing the potential of its hacktivist community for executing military operations and activities across the Web.

A number of questions remain for each and every cyber warfare department compared to the people's information warfare empowered civilians:

  • Would they be allowed to embed sites of human rights watch activists with malicious software, and develop custom malware?
  • Would they be allowed to hijack an existing botnet for the purpose of data mining for OSINT-gathering practices?
  • Would they be allowed to launch offensive cyber warfare practices such as Denial of Service attacks against compromised infrastructure residing in a 3rd country?
  • Would take take into consideration island hopping tactics before striking back?
  • Would they be allowed to develop practical web exploitation tools assisting in massive exploitation attacks?
  • To what degree would they be allowed to outsource their operations to providers of malicious underground services, instead of developing in-house solutions?

The answer to the majority of these is probably no, as the majority of these tasks are already actively executed by the Chinese cybercrime underground and the extremely vibrant hacktivist community inside the country -- China Eagle Union, the Hacker Union of China, and the Red Hacker's Alliance for starters. This has become possible due to the China's military realization of the untapped potential for asymmetric cyber dominance, thanks to the government tolerated and nurtured vibrant hacktivist community.

The Chinese underground and hacktivist community is developed well enough to manage the tasks of a fully operational cyber warfare unit, because it relies on the people not on the department.

The net is vast and infinite, and trying to establish a borderline for cyber warfare operations based on the actions of the actual cyber warfare units, and not on the vibrant hacktivist communities and cybercrime underground within the countries, is totally wrong.

Topics: Government US, Government, Security, China

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Al Qaeda Plotting Cyber Attack on U.S. Banking

    <a href="" target="_blank" rel="nofollow"></a><br><br>Worth remembering that the war industry was promoting Bin Laden cyber attacks on America for years. When they actually caught Bin Laden, he was living in a crappy concrete house, without internet, an old CRT TV. Just a bloke, not a supervillain.<br><br>This is an Aussie newspaper quoting a unnamed Chinese 'ex general' (unlikely) using cyber war phrases to describe a basic sys-admins job. Is more likely to be some Chinese person they interviewed with the writer projecting that cyber-nonsense to make it a more interesting story.<br><br>Quit building up imaginary enemies into super villains. If as much effort had gone into getting Bin Laden in 2004 as went into marketing the 'cyber-terror' (now 'Cyber war') brand, then you'd have got him 7 years earlier.

    If Lockheed had puch as much effort into keeping their firewalls up to date, as they do in marketing the 'cyber-war' meme, then they wouldn't be claiming to be a victim of a sustained cyber attack, they'd be calling it nuisance traffic like everyone else does.
  • Payload Mass, Vehicle Mass and Speed

    A 12 ton payload on a 275 ton vehicle seems rather low. I wonder what the payload to vehicle mass is for most other systems? I think a chart comparing payload mass, vehicle mass and speed would be interesting.
    • RE: China's Blue Army - departmental warfare VS people's information warfare concept


      What? What does that have to do with anything? I think you responded to the wrong article. Or maybe the wrong site.
  • No network is fool proof.

    As long as networks allow the human error element their will always be holes. One such way is to infiltrate an unsuspecting employees computer using social engineering methods then install a back door, capture keystrokes or snif unencrypted packets, or aquire password database. Excalate to admin rights, steal confidiential information which can be anything from customer identities and credit card info, to national secrets. No firewall or anti-malware suite can protect aganst the internal user.