Return to

June 2, 2011
Notes from the Pentagon

China linked to cyber-attack
A U.S. intelligence official tells Inside the Ring that China is the main suspect in the sophisticated computer attack on the defense giant Lockheed Martin announced Sunday.

The Bethesda-based company said in a statement that its computer network was targeted May 21 with a "a significant and tenacious attack on its information systems network." The attack was thwarted and no data was compromised, the company said.

"The fact is, in this new reality, we are a frequent target of adversaries around the world," Sondra Barbour, Lockheed's chief information officer, said in a letter to employees. She said one new measure was for the company to upgrade "our remote access SecurID tokens" used by employees to access the network.

The intelligence official said the link between the attack and China is based on initial analysis of the methods used. Unidentified hackers used counterfeit SecurID tokens to break through security barriers and breach the Lockheed Martin network. The tokens generate codes that, when mated to a secure computer, provide the first step in providing secure off-site access to networks.

The tokens used to gain unauthorized access to Lockheed Martin were reproduced from public key cryptology technology used by the security company RSA that was targeted in an attack originating from China several months ago, the official said. Analysts believe the Chinese were able to obtain critical data that allowed them to reproduce keys for RSA's SecurID keys that help authenticate computer users who access secure networks remotely.

A second U.S. cyber security official said: "It certainly wouldn't be a surprise if the Chinese were somehow involved."

Art Coviello, RSA executive chairman, stated in a May 17 open letter to customers posted on the company's website that "recently our security systems identified an extremely sophisticated cyber-attack in progress being mounted against RSA."

"Our investigation has led us to believe that the attack is in the category of an Advanced Persistent Threat," he stated. "Our investigation also revealed that the attack resulted in certain information being extracted from RSA's systems. Some of that information is specifically related to RSA's SecurID two-factor authentication products."

Mr. Coviello said the company is confident that the stolen data would not permit direct attacks on any customers, but he noted "this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack."

Neither Lockheed nor RSA said their cyber-attacks came from China. Both, however, said U.S. authorities were investigating.

Chinese Embassy spokesman Wang Baodong said China has been a responsible player in cyberspace, and as a victim of cyber-attacks, opposes such activities. "It's irresponsible to make unwarranted allegations against China and habitually and wilfully link it to cyber hacking events," Mr. Wang said in an email.

Chinese proliferation
A classified State Department cable made public May 26 provides new details on China's decadeslong policy of ignoring U.S. appeals to halt transfers of dangerous arms and missiles.

The July 21, 2009, cable from Secretary of State Hillary Rodham Clinton said that "since March 2008, the U.S. has provided Chinese officials with information regarding a number of cases of missile-related proliferation concern."

"In the cases described below, we have received little or no response from China on the status of its investigations or on steps it is taking to address the concerns we have outlined," said the cable, stamped "secret." It was released by the anti-secrecy website WikiLeaks.

The cable is a "talking points/non-paper" sent to the U.S. Embassy in Beijing that appeared intended to diplomatically seek an explanation from the Chinese government for its failure to respond to nine U.S. cases in which Chinese state-run companies supplied missile and nuclear weapons-related goods to rogue states.

They include:

  • Transfer by Beijing Tianlianxing Scientific Ltd. of 1,000 kilograms of specialty steel to Pakistan's Aginel Enterprises, a firm linked to Pakistan's nuclear weapons and missile programs. The steel is used for Pakistan's Ghaznavi short-range ballistic missile and was banned under the Missile Technology Control Regime.

  • Sale by the Suzhou Testing Instrument Factory in 2009 to Pakistan's Intralink Inc. of a vibration test system used with the Ghaznavi. The system is a key tool in simulating flight vibrations and shocks on rockets and unmanned aerial vehicles during launch, stage separation and normal flight.

  • Transfers of components and materials by the Dalian Sunny Industries, a longtime arms proliferator, to Iranian missile producers.

  • Transfers by the Shanghai Yuanshan Industry and Trade Co. of specialty aluminum to Syria's Industrial Solutions, a front company for the Scientific Studies and Research Center that builds Syria's ballistic missiles.

    The aluminum "can be used to produce structural components in ballistic missiles and in some forms is controlled by the Nuclear Suppliers Group and Wassenaar Arrangement," the cable said.

  • Sale of a wind tunnel by well-known arms proliferator China Precision Machinery Import/Export Corp. and China Academy of Aerospace Aerodynamics. The wind tunnel "is controlled by the [Missile Technology Control Regime] to support missile-related research and development in Pakistan," the cable said.

  • Polytechnologies, another well-known Chinese arms supplier to rogue states, also was singled out in the cable for using false documents to illicitly transfer a coil-winding machine and integrated optical chips to Pakistan's Advanced Engineering and Research Organization, which is part of the Air Weapons Complex that builds nuclear weapons delivery systems, cruise missiles and unmanned aerial vehicles.

  • Several Chinese companies together helped Pakistan's missile program, specifically ring-rolling and flow-forming machines.

  • The Shenyang Huali Economic Trading Co. worked through North Korean intermediaries to act as "a key source of raw materials and technology for a North Korean ballistic missile development project in Syria," the cable said.

  • The Hong Kong Most Group Co. was listed for selling Iran Chinese-origin aluminum plates used in the production of structural components in Scud missiles.

    "We appreciate your interest in advancing our mutual nonproliferation goals and look forward to hearing your responses regarding these proliferation cases at the earliest possible time," the cable said.

    Former State Department China specialist John Tkacik, commenting on the cable, noted the above paragraph was a "nice touch."

    "That, alas, cannot be true even in the vaguest interpretation of syntax," Mr. Tkacik said. "Given the secretary of state's comment that 'we have received little or no response,' I'd say that reflects that the U.S. and China share 'little or no' ... 'mutual nonproliferation goals.'"

    Counterintelligence website
    The Centre for Counterintelligence and Security Studies this week launched its new website providing a one-stop resource for information on foreign spying and terrorism.

    Founded in 1997 by former FBI Agent David Major, the project is called SPYPEDIA and provides an array of details on a large number of spy cases. Its traditional espionage case file alone lists 280 current and past cases, along with 125 economic espionage cases, many of them Chinese-related.

    "We are extremely proud to offer this exciting new product to the private and government security and national defense communities, along with the academic [community] and general public," said Mr. Major, CICentre president. "After well over a decade's worth of R&D, based upon customer input from around the world to include multinational experts, we are confident that SPYPEDIA will exceed our members' expectations and bring a deeper understanding of the importance of security and the need to invest in this crucial strategic discipline."

    The database is available by subscription at

    Former CIA operations officer Peter Earnest, now director of the International Spy Museum, said the service is "comprehensive, current, and tightly focused - it is an indispensable tool."

    The CICentre provides training courses to the U.S. government on counterintelligence and security.

  • Return to