Skip to content

Chinese Cyber Army Shows its True Face, Secrets of U.S., Japan, and Korea’s Cyber Armies Revealed

[Editor’s Note: In May, the news that China has set up a special “Online Blue Army” drew widespread attention from the international media. The following Beijing Evening News article gives a more detailed account of the force, and the thoughts behind building the army. Below is the full translation of the article.] [1]

Senior Colonel Geng Yansheng, Director of the News Service Bureau, China’s Ministry of Defense, revealed on May 25, 2011, that the People’s Liberation Army (PLA) had established an “Online Blue Army,” whose aim is to improve the level of security of the army’s network. This message immediately drew attention from army fans as well as from the Western media. Some foreign media reported the next day that China maintained that the purpose of developing the “Online Army” was self-defense, but as a matter of fact, Chinese hackers have been seen as the world’s largest network attacking force. In this regard, our Ministry of Defense responded that the “Online Blue Army” was formed from existing forces, and it is part of the training courses of the conventional forces.

So, what is the so called “Online Blue Army”? Why do we need to establish such a force? How big are the “Online Armies” in other countries? Today, this military page will guide you through everything.

Term Explained

What is the “Blue Army”?

Military commentator Song Zhongping explained that “blue army” is a term in international military management. It is part of what we often refer to as the “red-blue drill,” in which the “blue army” usually plays the role of the opponent. For instance, in the U.S. Air Force’s “Red Flag,” through the “blue army’s” realistic simulation of the opponents’ military strength and tactics, they are able to achieve the purpose of training their forces in a simulated, realistic situation. In general, our domestic forces rotate in playing the “blue” role in order to have everyone trained. In order to build a strong “blue army,” many countries spend a lot of money to develop or purchase advanced weapons and equipment to arm the “blue army,” so that the “blue army” has the same real strength as its rival. Therefore, the “blue army,” in general, is relatively strong.

Now the “Online Blue Army,” as the name suggests, is a network army built to have strength similar to the opposing Western network forces. (Thus they can simulate the level of attacks from Western forces.) We then use this to train our “Online Red Army,” which will defend the network.  This itself reveals that the “Online Red Army” already exits.

Zero Exposure

Dealing with Cyber Attacks; Saving Training Costs

China’s “Online Blue Army” Is Not Hackers.

After the news broke that the Chinese military had created an “Online Blue Army,” it drew immediate attention from Western media. The next day, the U.S.’s Time Magazine reported that, although the Chinese claimed that developing the “Online Blue Army” was for the purpose of self-defense, Chinese hackers have been seen as the world’s largest cyber attacking force. Our Ministry of Defense responded that the “Online Blue Army” was created from existing forces; they are neither professionals through recruitment dedicated to that purpose, nor are they specifically independent of conventional troops. They were just taken from the regular forces, as everyone commonly undergoes this training. Major General Luo Yuan, Deputy Secretary-General of the China Military Science Society, said that China’s “Blue Army” is merely a code name for military training purposes. This specific training is for taking preventive measures to deal with cyber attacks.

In late April of this year, the Guangzhou Military Region organized a simultaneous remote exercise [between the “red” and “blue” armies]. Instead of adopting the previous “one-on-one” confrontation mode, the “Online Blue Army” launched offensives through multiple channels. Calmly using their new network tactics made the online battle more intense and exciting in the invisible “one-to-many” battlefield. With its professional advantages, the “Online Blue Army” simultaneously attacked four “Red Armies” swiftly and fiercely. They sometimes employed “virus attacks,” sometimes bombarded with a massive barrage of “junk mail,” and sometimes launched stealth missions into the inner networks of the “Red Army” to steal information such as troop deployment, marching roadmaps, and so on, forcing the “Red Army” commander to continuously develop new counter-tactics. This “network red-blue drill exercise,” in fact, is just an extension of a simulated real world “red-blue drill.”

It has been reported that in order to improve the online training efficiency, the Guangzhou Military Region (GMR) invested tens of millions of yuan to build the first military regional-level training network by connecting the networks of the military regions, army level units, combat division and brigade level units, and the training base. GMR chose over 30 network specialists from the entire military region and built the first professional “Online Blue Army.” Li, the deputy commander of a base, said, “Now if we wanted to have an online network scrimmage exercise, from scenario design to device debugging, it would take no more than 10 days to complete. The birth of the ‘Online Blue Army’ saves us more than 80% in training costs and has improved our training efficiency.”

Words from Our Army Fans

Comments on the Two Major Difficulties of China’s Cyber Army

Compared with the U.S. Cyber Army, the Chinese Cyber Army faces two major difficulties. First, data show that China produces less than 10% of the IC chips we use. To achieve network security, the first step is to ensure absolute hardware security and chip security; it is one of the core concerns of hardware security. Second, the different versions of Microsoft’s operating systems occupy 98% of China’s market. Software security is another core concern of network security, and the fact that we did not write the basic operating system we use, poses another security risk.

China has recognized these two issues. As early as when I was in college, my teacher mentioned that microscopic analyses have been done for all the chips we import. The purpose is to be able to reproduce them in case they can no longer be imported. This step is even more essential for the chips used in the military. As to what analyses the operating system software has gone through, I do not know, but I believe that our software experts must have carefully analyzed the assembly codes of the operating systems we imported from other countries.

Nevertheless, I still worry that we could have overlooked something, because if the opponent were to deliberately insert items with a special purpose, they would be disguised or hidden in some form and it would be difficult for us to pick out all of them. In cyber warfare, because our rivals control both the core software and the core hardware, our cyber army is certainly faced with great difficulties. Therefore, the spokesman for our Ministry of Defense said, “China’s network security is still relatively weak.” That was not being humble; it is indeed the case. Hulunbeier

A Battlefield without Gunsmoke

The United States Cyber Command, using the excuse of a threat from foreign hackers, participates in warfare in cyber space

In the U.S. media reports, “Chinese hackers” have always been all-powerful, often easily breaking through the network defense systems of the White House and the Pentagon and “stealing” confidential information. After U.S. Defense Secretary Robert Gates made the June 23, 2009, announcement establishing a cyber command, the world-at-large seemed to understand immediately the true intention of the U.S. frequent speculation on the “Chinese hacker threat.”

Exaggerating the “Chinese hackers” threat is only one step in a series of attempts on the part of the U.S. to strengthen its network combat power. In fact, the history of U.S. forces building cyber attack capability is far more than what the outside world could ever imagine. Even before the term “Chinese hacker” appeared, the U.S. already applied network warfare in real combat. In the 1991 Gulf War, the U.S., through its intelligence system, planted computer viruses into Iraq’s air defense system that was purchased from France, and remotely activated these viruses before the U.S. air strikes. By the time the U.S. air force flew over Baghdad, the Iraqi air defense system had already been paralyzed.

As the birthplace of the Internet, the U.S. has “natural advantages.” The 1999 Kosovo war and the 2003 Iraq war have clearly seen the shadow of cyber warfare. According to the assessment of U.S. defense expert Joel Harding, the U.S. military currently has a total of 3000-5000 information warfare experts, with 50,000 to 70,000 soldiers deployed in the online battlefield. If the original electronic warfare personnel are included, the U.S. military’s cyber warfare troops should number around 90,000.

Of particular note is the Obama administration’s increased investment in network security and the accelerated buildup of cyber warfare units while substantially reducing missile defense systems and F-22 aircraft procurement. According to the U.K.’s Guardian, the U.S. wants to integrate high-tech military units scattered around the country in order to launch cyber wars toward hostile countries when necessary.

From the perspective of military experts, the U.S. creation of an “online army” has an even greater far-reaching significance. It is that the form of human warfare will enter into a new historical stage. One military expert said that the U.S.’s establishment of a cyber warfare command means that, in the future, cyber warfare is likely to enter into human history as a new type of national warfare. If a future cyber attack occurs, the U.S. can declare it is an act of war and fight back.

South Korea’s cyber warfare units recruit hackers from civilians mainly to deal with North Korea

South Korea’s Ministry of National Defense (MND) has recently decided to elevate the existing network command as an independent force in order to wage an offensive cyber war while responding to hackers attacks.

According to South Korea’s Chosun Ilbo, the Korean military decided to upgrade the cyber command that is currently part of the Defense Intelligence Headquarters, the independent command directly under MND. The program will soon enter the legislative process. In addition, MND also plans to double the current number of 500 personnel who work in the cyber command and to enhance its function. South Korean media also noted that the Korean military plans to double or quadruple the number of troops at the cyber command over the next three years, with a long-term plan of building a force of thousands of cyber warfare troops.

Regarding the substantial military buildup, the South Korean military said it is to deal with the hackers from the North. Korean military sources claim that the North Korean military is training professional hackers on a large scale to upgrade its network warfare capability. With South Korea’s current capacity, it can only monitor and defend. South Korea’s Economic Daily website quoted military sources saying that South Korean military forces aim to reach the combat level of U.S. cyber forces.

South Korea’s cyber command was created in January 2010. Since its inception, it has recruited a large number of hackers with strong field experience from civilians. In addition to training and recruitment, South Korea also conducted cyber attack and defense drills during the Key Resolve and the Ulchi Freedom Guardian joint South Korea-U.S. military exercises. Regarding the upgrade of the cyber command, South Korea’s JoongAng Daily published an article saying that, currently, cyber warfare is considered to be the most lethal form of warfare, because it enables the acquisition of the enemy’s entire combat plan.

Iranian cyber police launch “cyber patrol” to face and engage in U.S. cyber warfare.

Iran’s new cyber police department started formal operation in January this year (2011). Its role is to prevent someone from using the Internet to engage in espionage and sabotage activities against Iran.
Iran’s Fars News Agency quoted a senior police officer, Seyed Kamal Hadianfar, who said that IT tools play an undeniable role in political, security, economic, trade, ethical, and religious rivalries at the national and international levels. “The Cyber Police can prevent espionage and sabotage in Information Technology (IT) tools.” The first cyber police to patrol the web are based in Tehran. By early 2012, cyber police will be in all police stations across the country.

Japan’s Cyberspace Defense Team guards against hackers and protects sensitive information.

The Japanese Ministry of Defense decided to set up a special “Cyberspace Defense Team” to guard against hackers’ attacks and enhance the ability to protect essential information.

Initially the “Cyberspace Defense Team” will have 60 troops. This “online army” is responsible for collecting and analyzing the latest viruses, and conducting anti-hacker drills. The 2010 Ministry of Defense budget already includes 7 billion yen (US$75.25 million) for “counter cyber attack” projects.

[1] Beijing Daily, “Chinese Cyber Army Shows Its True Face; Secrets of U.S., Japan, and Korea’s Cyber Armies Revealed,” May 29, 2011.