A video broadcast on Chinese state TV could be the first direct evidence of the government’s involvement in cyber attacks on foreign targets.
A TV programme broadcast last month entitled "Military Technology: Internet Storm is Coming" was supposed to demonstrate the country’s cyber defense capabilities.
However, one clip shows a system being operated that allows the user to "Select Attack Destinations", and offers a list of target IP addresses that relate to the Falun Gong religious opposition movement, including one US university.
The system is visible 30 seconds into the video below.
The system, which appears to be a distributed denial of service tool, is credited to Information Engineering University of China’s People’s Liberation Army.
The video clip was first reported in the Epoch Times, a pro-Falun Gong newspaper. However, security company F-Secure says it has confirmed the newspaper’s translation of the system options, that the video was originally broadcast on state TV and that one of the target IP addresses is allocated to the University of Alabama.
If genuine, the video could represent the first direct evidence of state involvement in Chinese cyber attacks. So far, there has only been circumstantial evidence, such as attacks using China-based IP addresses and targeting enemies of the Chinese government.
Neither of these prove state involvement, explains Sean Sullivan, security adviser at F-Secure. "The circumstantial evidence makes it quite clear that there’s Chinese nationals involved, but largely its people who believe in the motherland and take it upon themselves."
However, Sullivan says that evidence from Chinese ‘hacker blogs’ shows that the People’s Liberation Army "sponsors hacking tournaments, in order to develop talent."
The fact that the system is credited to a PLA university, therefore, strongly implies state involvement. "We don’t have a direct link between Chinese military command and the person that designed that interface, but its definitely part of the flow of money that sponsors this type of talent."
That said, Sullivan points out that if the Chinese government were to say the video had been included in the programme by accident, it would still have "plausible deniability".
From what little is known about it, Sullivan says that the system in question does not seem that unusual or sophisticated.
"It’s a pretty rudimentary tool, from the looks of it," he says. "It’s very similar to tools we’ve seen in Arabic that were used to take down some American websites. I’ve seen consumer vigilantes using tools like this since back in 2005."