IT-Harvest Confidential
Shawn Carpenter and the inside story of Titan Rain
Richard StiennonChief Research AnalystIT-Harvest
Blog: ThreatChaos.com twitter.com/stiennon
IT-Harvest Confidential
Blog: www.ThreatChaos.com twitter.com/cyberwar
Agenda
China and the RMA
Shawn Carpenter
Repercussions
Past is prologue
3
China Revolution in Military Affairs
4
Sun Szu on spies
“Only a brilliant ruler or a wise general who can use the highly intelligent for espionage is sure of great success.”
5
Allen Dulles on Sun Tzu
6
“It is no wonder that Sun Tzu'sBook is a favorite of Mao Tse-Tung and is required reading For Chinese Communist tacticians”
-A.W. Dulles, The Craft of Intelligence
A Chinese Communist Tactician
“Sun Tzu is a grand strategist
without parallel in history”
-Chai Yuqui, Nanjing Army Command Academy,
Speaking at 6th annual international conference on
Sun Tzu and the Art of War, 2004, Beijing
7
Chinese Thinking
Wang Qingsong, Modern Military-Use High Technology, 1993Zhu Youwen, Feng Yi,and Xu Dechi, Information War Under High Tech Conditions1994Li Qingshan, New Military Revolution and High Tech War, 1995Wang Pufeng, InformationWarfare and the Revolution in Military Affairs, Beijing: 1995;Zhu Xiaoli and Zhao Xiaozhuo, The United States and Russia in the New Military Revolution,1996;Li Qingshan, New Military Revolution and High Tech War, 1995Dai Shenglong and Shen Fuzhen, Information Warfare and Information Security Strategy, 1996
Shen Weiguang, On New War 1997
8
Decoding The Virtual Dragon
“Network confrontation technology
—intercepting, utilizing, corrupting, and
damaging the enemy’s information and
using false information, viruses, and
other means to sabotage normal
information system functions through
computer networks.”
-General Xu Xiaoyan, the former head of the
Communications Department of the
Chinese General Staff. 2004
9
Thomas Makes a Point
“If Xu’s suggestions were accepted, then one
might expect to see more active reconnaissance
and intelligence activities on the part
of the PLA(as seems to be occurring!)”
That exclamation point is Thomas’s. It refers to Shawn Carpenter and Titan Rain
10
Shawn Carpenter Cyber Warrior
11
Introducing Shawn Carpenter
12
Introducing Shawn Carpenter
13
Introducing Shawn Carpenter
14
One Good Thing About IPv4
A source IP address from an attack on Lockheed Martin is noticed.
“I had accessed a Chinese server that
was involved in the compromises. And during that
access I discovered a file on that server entitled
1.txt. That file contained an internal port scan or
an internal scan of Fort Dix military installation.”
-Shawn Carpenter Deposition
15
Backhacking
. "I backhacked into a computer system and found evidence that perhaps hundreds of defense contractors had been compromised," Carpenter testified. He determined that breaches occurred at Fort Dix, the Redstone Arsenal, the Defense Contract Management Agency and the World Bank, and that the hacking was coming from South Korea.
-Albuquerque Journal
16
Sandia's Response
"We don't care about any of this. We only care
about Sandia computers. Stop what you're doing.
Stop whatever you are doing."
Shawn's immediate supervisor
17
Shawn works with Military Counter Intelligence
18
The summer of 2004 Shawn works with CI to uncover sources of attack
Shawn becomes a confidential informant for FBI
19
Initial meeting with FBI October, 2004Trade craft: Meeting in the stacks of the University Be careful when working with geeks!
All's Well That Ends Well. NOT
20
Chinese Cyber Espionage Continues
21
Northrup Grumman United States-China Economic and Security Review Commission report. 11-1-09
Aftermath Past is Prologue
22
Ghost Net, Google, Oil and Gas
23
•Pentagon email compromise, 2007•Ghostnet report published by SecDev March 2009•Google Hacked December 2009•Oil and gas commercial attacks 2009-10•US Secretary of States goes on record•China denies