The purported evidence showed up, likely inadvertently, in a recently released 20-minute Chinese military documentary, titled “Military Technology: Internet Storm is Coming,” which addresses cyberwarfare.
For about six seconds, the video appears to offer a rare glimpse of an actual state-sponsored hacking tool being used to attack a U.S. website affiliated with the dissident Falun Gong religious movement that is banned in China.
The video is currently available on YouTube. The film originally aired last month on the government-controlled China Central Television (CCTV)
“While they are speaking about theory, they actually show camera footage of Chinese government systems launching attacks against a U.S. target,” Mikko Hypponen, chief research officer of anti-virus firm F-Secure, wrote in a blog post Tuesday. “This is highly unusual.”
Images of the military attack tool appear during the video at the 11:04 mark, according to the Epoch Times, which first reported news of the video on Sunday. During the clip, a software window is shown that reads, in Chinese, “Select Attack Target.” An unseen user chooses from a drop-down list of Falun Gong websites, then presses a button labeled “attack” in Chinese.
The Epoch Times reported that the video depicted an attack being launched against a Falun Gong website using a compromised IP address belonging to the University of Alabama at Birmingham (UAB). Later reports, however, stated that the attack was actually launched against the UAB IP address, 18.104.22.168, which once hosted Falun Gong information.
Dale Turnbough, a spokesman at UAB, said in a statement sent to SCMagazineUS.com on Wednesday that it appears the purpose was not to launch an attack from the UAB site, but to block access to it. The school is not aware of any attacks that have leveraged that IP address, he said.
“It is impossible to tell how old the archival footage used in the military technology program is,” Turnbough said. “UAB decommissioned the website in question, which had been posted by a student in violation of university rules, in 2001.”
Images of the tool indicate that it was developed at the Information Engineering University of China's People's Liberation Army.
“The most likely explanation is that this footage ended up in the final cut because the editor did not understand the significance of it,” Hypponen wrote.
In a tweet Wednesday, incident response and forensic provider MANDIANT said the video offers “proof of Chinese government launching online attacks.”
The Chinese government has been accused of sponsoring attacks against a number of U.S. companies for espionage and political purposes. However, Chinese officials have historically denied such claims and said Chinese companies often are attacked as well.
Some have pointed to China as the originators of such offensives such as Operation Shady RAT, which reportedly plundered intellectual property from some 72 companies across 14 nations, and Operation Aurora, which impacted dozens of high-profile companies, including Google.
In 2009, a report prepared for the U.S.-China Economic and Security Review Commission concluded that the Asian nation is likely using his sophisticated IT systems to spy on America.
The report analyzed China's information warfare strategy and offered up a case study in which an unnamed U.S. company was infiltrated by hackers to collect research-and-development information. Prepared by defense contractor Northrop Grumman, the report cited evidence that suggested the Chinese government endorsed that mission.