Documente Academic
Documente Profesional
Documente Cultură
Chapter 12
Seen from the sky in December 2006, the dishes and white domes of Pine Gap
Base, south of Alice Springs, lend it the look of any ordinary satellite station. In
reality, however, it is the crown jewel of the eavesdropping technology employed
by western intelligence to spy on China.
Tourist maps for this region of red Aboriginal lands in the heart of Australia
indicate that it is an off-limits zone, while the local telephone directory lists the
social and medical departments of a 'Joint Defence Facility'. The name itself
suggests that this is not an all-Australian enterprise, and for good reason;
administered by Australia's Defence Signals Directorate (DSD) and the US
National Security Agency (NSA), the station was built in 1966 to intercept and
interpret large scale communication signals – an important part of electronic
warfare. The intelligence community habitually describes this activity as SIGINT,
an American abbreviation for Signals Intelligence.
When this major station first began operating, China was in the throes of Mao
Zedong Cultural Revolution and the US was deep in the Vietnam War. Now, 40
years on, new technologies have seen a significant development in its activities.
Pine Gap records in real time the communications of not only the Chinese army
but also those of the armies of North Korea and Vietnam.
"Almost 800 Australian and American technicians and analysts work in the
interlacing, subterranean bunkers there," explained a former Australian
intelligence technician who I met in Canberra before travelling to Alice Springs.
"They are in direct contact with NSA headquarters at Fort Meade, in Maryland.
The information is interpreted by Group B, in charge of Asia operations."
It was in 1947 when GCHQ set up 'giant ears' to eavesdrop on China from
bases in Hong Kong. These were made up of a station at Little Sai Wan, which
employed 140 Australian technicians, another at Tai Mo Shan, in the New
Territories, and a third which was a satellite station called Fort Stanley, situated
on the Chun Hom Kok peninsula and managed by Britain's Royal Air Force and
Australia's DSD.
Before Hong Kong was handed over to Chinese rule in 19971, the British
dismantled the stations to avoid them falling into the hands of the 'cannibals' of
the Third Department of the People's Liberation Army, China's own SIGINT corps,
otherwise known as the San Bu. In the process, GCHQ set up smaller 'ears' at the
British High Commission housed in a consular building dubbed 'Fort Alamo'.
Australia, meanwhile, set up a separate interception unit also at its consulate in
Hong Kong, which was linked up to the Watsonia base near Melbourne.
The icing on the cake came with the planting, shortly before the Union Jack
was replaced by the Red Flag over Hong Kong, of hundreds of bugs and other
1
Li Kenong's Diaochabu succeeded in infiltrating its Cambridge-educated secret agent
John Tsang within the Little Sai Wan station in Hong Kong (run by GCHQ and the DSD), until
he was finally unmasked in 1961. See: Roger Faligot, Rémi Kauffer, Kang Sheng, op.cit. and
also Duncan Campbell, The Spies Who Spend What they like, in The New Statesman, 16
May, 1980.
listening devices within the Prince of Wales military barracks which would soon be
transformed into the local headquarters of the People's Liberation Army (PLA).
When Operation KITTIWAKE, led by the Fort Stanley satellite station, was
abandoned in 1993, it was retrieved by the DSD which ran it out of the Geraldton
satellite station in Western Australia. The mission remained the same, including
telemetric analysis of Chinese ballistic missile tests, satellite launching, reception
of information from satellites performing photographic intelligence (PHOTINT),
electronic intelligence (ELINT) and other intelligence gathering over China.
But here, in the middle of the Australian desert, the technicians entertain no
moral dilemmas about their job; Red China, regarded as an unscrupulous
dictatorship, set on a threatening path of military development and with an
aggressive economy, is under surveillance night and day. Alice Springs is a site of
choice for specialists. This small town, where tourists mingle both with aborigines
and, unwittingly, intelligence engineers, has a long tradition in communications
and interception for the local topography lends itself to the tasks.
In 1870 a telegraph station was built here by Charles Todd, who gave his name
to the nearby river. The station relayed the towns of Adelaide, on the southern
seaboard, and Darwin, on the northern coast, from where they were linked with
the rest of the British Empire through Hong Kong and other British stations based
in Tianjin and Shanghai2.
2
See Doris Blackwell, Douglas Lockwood, Alice…on the line, Outback Books, Alice
Springs, 2001.
It was during these same Victorian years that Chinese gold-diggers from
Fujian came to Alice Springs, as illustrated by a place known as
Chinaman's Creek which lies just outside the town on the road leading to
the DSD-NSA secret station. But it is the newly-arrived Chinese who today
interest the Australian Security Intelligence Organization (ASIO), a counter-
espionage agency which is convinced that within the wave of dynamic
immigration lurk some 'deep-sea fish', or chendi yu – agents of the
Guoanbu, the Chinese secret services. They are responsible for turning
around and recruiting engineers or linguists of Chinese origin with
sentimental appeals to their allegiance by reminding them that at heart they
belong to the great community of Chinese people overseas, the Huaqiao.
3
James Bamford, Body of Secrets, How America’s NSA and Britain’s GCHQ Eavesdrop
on the world, Arrow, London, 2002.
down Pine Gap – which would have been a proper catastrophe for the
Anglo-American intelligence community. The head of the CIA's East Asia
Division, Theodore Shackley, even went as far as encouraging several
operations aimed at destabilising Whitlam's government, along the same
lines as those practiced against the Labour government of British Prime
Minister Harold Wilson4. Within democracies, the secret services respect
the system and the constitution as long as their prerogatives are not
challenged; some of their chiefs would prefer to live with the Chinese
system, for in Beijing at least the intelligence services are in power,
alongside the party and the army.
In the end, Pine Gap survived the threat, and proved to the Australian
government its worth in the secret war; it was thanks to Pine Gap that
Canberra was alerted to the 1975 Indonesian invasion of East Timor, and
was able to see through the communications of the Chinese army (if not
being able to break the codes, at least to study the large-scale flow of the
communications). Proof of this came on February 17, 1979, when Pine Gap
was the first of any source to detect the Chinese invasion of Vietnam, led
by General Yang Dezhi, former commander of the Chinese "volunteers" in
the Korean War.
4
Brian Toohey, William Pinwill, OYSTER, The Story of the Australian Secret Intelligence
Service, Mandarin Australia, Melbourne, 1990.
for bouncing back from adversity and, drawing upon the lessons of the
debacle in Vietnam, he proposed a wide-ranging reform of the PLA,
beginning with its intelligence and electronic warfare services.
But of course, the US also employs other, less risky methods, encircling
China with ground listening stations jointly operated with Japan, South
Korea and Taiwan7.
5
In the summer of 2007 the Pueblo continued to be a subject of negotiation. With grand
magnanimity, Kim Jong-il suggested the vessel might be handed back to the US in exchange
for concessions over North Korea's nuclear programme.
6
cit. in Bruce Swanson, Le 8ème voyage du Dragon, Histoire de la Marine chinoise, Plon,
Paris, 1982. Translation from the original 'Eighth Voyage of the Dragon: A History of China's
Seapower' published by Naval Institute Press.
7
For more information on the Japanese system, see : Roger Faligot, Naisho, Enquête au
cœur des services secrets japonais, La Découverte, Paris, 1997.
to be seen," Professor Ball told me. "The eyes and ears of Mrs Fu Yi, the
ambassador, are more to be found within the Chinese community 8."
Heading for Coronation Drive the next day, I noticed that just one, narrow
street separates the British High Commission from the Chinese Embassy.
As always, the British have a flourishing collection of antennae, and the
GCHQ team present here under diplomatic cover happily intercept the
communications of their honourable neighbours. It is obviously easier to do
so in Canberra than in Beijing. There, Chinese counter espionage – the
Guoanbu tasked with embassy surveillance – has constructed large
buildings which surround the foreign embassies, all grouped together in
Beijing's Dongzhimen quarter, and which complicates the operation of
embassies' listening equipment. The Guoanbu, meanwhile, has built a
micro-wave tower to capture communications emanating from the
embassies9.
8
Interview with Desmond Ball, Canberra, December 2006.
9
The system is detailed by a former agent of Canada's Communication Security
Establishment (CSE). See: Mike Frost, Michel Gratton, Spyworld Doubleday, Canada, 1994.
frequent ever since the Chinese overtook the spying skills of the former
USSR.
Whether a question of sweet revenge or not, it was during the 1990s that
Chinese presidents Deng Xiaoping, Yang Shangkun (who was accused of
planting bugs in the offices of Chairman Mao during the Cultural
Revolution) and Jiang Zemin all encouraged the creation in their country of
the most powerful electronic surveillance system second only (for now, but
how much longer?) to that of the United States.
The huge empire of Chinese listening services wasn't built from scratch.
As of the 1930s, when Zhou Enlai led the secret war against the
Kuomintang nationalists in Shanghai, Deng Xiaoping (Zou Enlai's comrade
during their time together in Paris), supervised the training of technical units
in communist bases in southern China. Their friend Nie Rongzhen, the
'telegraphist' from the City of Light 10 years earlier, was responsible for
setting up a clandestine radio network in Hong Kong, creating wireless
liaison with the Comintern in Kharbine and Vladivostok. At the same time,
Li Kenong - another former 'Parisian' who would later become head of the
Chinese Communist Party's secret services, organised the infiltration of the
radio services operated by the communists' rivals, the Kuomintang.
Right up to now, the system has hardly changed; when I was in Beijing in
July 2007, General Chen Xiaogong, the son of a friend of Zhou Enlai, was
in turn nominated to this mighty post of Chinese intelligence11. The one
difference is the creation of an additional agency, the Fourth Department
(Si Bu), set up two decades ago to cover new aspects of electronic warfare,
sharing with the Third Department the huge responsibility for the war in
cyberspace. The Internet is a new battlefield on a scale that Mao Zedong
could never even have imagined.
10
Several major intelligence figures succeeded one another in this post. We have already
dealt with several of them, while others figure at the end of this book in the section of mini-
biographies. But to note some of the most prestigious: General Kong Yuan, General Xu Xin,
General Xiong Guangkai, General Chen Xiaogong.
11
See the article on his nomination in Intelligence Online, 23 August, 2007.
General Qiu Rulin contemplates his empire from within his top-secret
Xionghongqi headquarters in Haidian, a district in the north-west suburbs of
Beijing named after ponds dating from the period of the Ming emperors.
Established in 1950, counting among its staff some 20,000 technicians, the
general's Third Department (San Bu) of the PLA is responsible first and
foremost for the interception of communications by foreign armies. But it
has also considerably increased activities of research and development.
Not far from the general's HQ, another Beijing quarter called Xibeiwang
houses the San Bu's largest communications interception station. But even
this is just one of many dozens of bases dedicated to gathering and
decoding all signals emanating from the Russian Federation as well as
Muslim, formerly Soviet, republics, along with India and south-east Asia,
North and South Korea, the two 'priority enemies' that are Taiwan and
Japan and, last but not least, the 'principle enemy' that is the United States.
Other sites are found close to Jilemutu and Lake Kinghathu in north-east
China and on the southern seaboard close to Shanghai and the military
Fujian and Cantonese districts which are on constant alert with Taiwan. Yet
more stations exist in Kunming, north of Vietnam and Myanmar (formerly
Burma), as well as in Lingshui, at the tip of the large southern Chinese
island of Hainan. In 1995 the capacity of the Lingshui base was increased
to cover the South China Sea, the Philippines and Vietnam, the latter being
also targeted by a string of bases close to its border with China and, since
the 1980s, by two others established on the Paracels Islands. In addition to
stations at Kashi and Lop Nor, two others have been set up in the Xinjiang
region of western China; of these, the facility in Dingyuanchen is aimed at
Russia and Muslim former Soviet republics while that in Changli, close to
the Xinjiang capital of Urumqi, is aimed at intercepting satellite
communications.
All of which moved Desmond Ball to comment in 1995 that "China has by
far the widest SIGINT operations of any country in the Asia-Pacific
region."12 It was thus only to be expected that ten years later China had
already caught up with the world's big players in SIGINT, namely the United
States, Great Britain and the Russian Federation.
12
Desmond Ball, Signals Intelligence in China, Jane’s Intelligence Review, August 1995.
In 1991, the Fourth Department (Si Bu) was transferred from
Xionghongqi, where San Bu headquarters are based, to Tayuan, close to
the Summer Palace in Beijing. It was a demonstration of its growth in
importance. There was a simple reason for this; as a department
responsible for electronic warfare it carries out information warfare
activities, employing naval and aerial means such as new spy planes,
notably Chinese AWACS aircraft of Russian origin. Since 1997, these
Ilyushin II-76 planes are operating with Israeli-made Airborne Early
Warning (AEW) systems13.
A veritable ground shift occurred in the early 1990s when PLA strategy
switched from a defensive stance to the adoption of an offensive drive in
electronic warfare - in concert with regional San Bu units across the three
military wings that are the army, air force and navy.
In order to constantly adapt and modernise their systems, the Third and
Fourth Departments are service providers for the major espionage
agencies operating abroad. These include the Second Department, the
PLA's Liaison Department (Lianluobu) - part of the Political Department -
13
Chapter Seven details Jiang Zemin's plan for the development of intelligence activities.
and numerous research institutes and front companies created by the
Commission of Science, Technology and Industry for National Defence
(COSTIND).
None of which stops the Chinese from also selling part of their
technology to other countries, preferentially to allies in Asia and the Middle-
East, through the conduit of the China National Electronics Import and
Export Corporation (CEIEC). We will soon see how, with the turn of the new
millennium, the Third and Fourth Departments moved up to a higher level in
information warfare, entering the virtual battlefield of the Internet and
becoming the top player as regards putting to use its cyberspace war tools.
Ronald Reagan's arrival in the White House in 1980, and with it the
appointment as CIA director of his friend Bill Casey, served to strengthen
the moves for cooperation because of the obsession they shared in
common with the Chinese; that of provoking the fall of the Soviet Union.
The negotiations were finalised by Geng Biao, China's defence chief who
was nominated to the job ten years earlier by Zhou Enlai - then head of the
Chinese Communist Party's International Liaison Department and a
14
Bob Woodward, Veil: The Secret Wars of the CIA, 1981-1987, Simon & Schuster, New
York, 1987. In this book, the celebrated Washington Post reporter explains how the Soviet
authorities would have been astounded had they known the extent of Sino-American
intelligence cooperation – and which was not limited to listening stations (p.386).
specialist in intelligence.
"Admiral Bob Inman, previously director of the NSA who became No2 in
the CIA and who I knew well at that time, brought Chinese technicians over
for training while the listening stations were built with the NSA along the
Chinese border," remembers Desmond Ball. We were discussing China's
collaboration with the West, in particular how the CIA and the Chinese
secret service had already worked together to arm the mujahideen during
the anti-Soviet Afghan War.
Under the code names SAUGUS and SAUCEPAN, the listening stations
at Qitai and Korla, in Xinjiang, were built under management of the CIA's
Science and Technology Directorate. Technical equipment was supplied by
the NSA and the CIA's Office of SIGINT operations (OSO). In the end, the
stations were jointly managed with the Chinese over the period of a
decade. The original brief for the stations was to practice telemetric
monitoring of both Soviet missile trials (part of the observance of the SALT-
2 arms limitation agreements) and rocket launching in central Asia close to
the Aral Sea – as well as possible nuclear trials. Latterly, their SIGINT
activities were widened to include other communications intelligence
gathering missions (COMINT and ELINT).
15
His successor as head of the CIA station, Keith Riggin, is interestingly head of a
consultancy company called Pamir Resources & Consulting, Inc. The SIGINT operation was
baptised 'PAMIR'.
There was yet another, quite novel, side to the operations; technicians
from West Germany's federal intelligence service, the
Bundesnachrichtendienst, (BND), took part in the collaborative missions,
following negotiations initiated after the BND's first permanent Beijing
bureau chief, Herr Reinhart Dietrich, was set up in his post in 1982. In
protest at the massacre of student demonstrators during the June 1989
Tiananmen Square protests, the US decided to pull out of its manning
missions in the China listening stations; they opened others in the more
politically correct site of Outer Mongolia.
The West Germans, now left alone in what had been dubbed Operation
PAMIR, soon increased the importance of their own role. With the
cancellation of any further training of Taiwanese engineers (an activity that
was part of an original agreement for work task division between allies), it
was the technicians of the PLA's Second and Third Departments who now
travelled to Munich to be trained. They were assigned to the BND's school
of communications and to the listening station near Söcking, jointly run with
the West German army, the Bundeswehr. At this time, the BND was in
relations only with the Department structures within the PLA's staff
headquarters, and this because the Chinese military attaché in Germany
was none other than the head of the second Department, General Xiong
Guangkai.
16
Conversation with Erich Schmidt-Eenboom, 14 August, 2007. This former Bundeswher
officer is the author of a history of the BND, Schnüffler ohne Nase, Der BND, ECON Verlag,
Düsseldorf 1994. For more on the organisation and history of the Afghan services, KHAD
and WAD, see Volume Two of our history of world intelligence: Roger Faligot, Rémi Kauffer,
Les maîtres espions, De la guerre froide à nos jours, (prefaced by Alexandre de Marenches),
Robert Laffont/Gérard de Villiers, 1994.
guerrilla forces in Angola, or in Cambodia in operations to supply weapons
to the ousted Khmer Rouges, all the while leaving Beijing free to move its
pawns in concentric zones.
The San Bu also succeeded in exporting its listening bases into zones
where it enjoyed political influence and allegiance, in the main within
dictatorships. Thus it was that such a base had been set up in the heart of
the Chinese embassy in Belgrade. It was the reason for its destruction in
1999 in a US bombing raid during the NATO offensive against Serbia.
Similarly, a SIGINT base operated out of the Chinese embassy in Baghdad
until the US-led invasion of Iraq. The embassy was mysteriously looted in
April 2003, after its personnel had fled to Jordan, when electronic and
computer equipment was stolen.
In the regions closer to China, it is with the ruling regimes of Laos and
Myanmar (formerly Burma) that the Chinese have established best
relations. The SIGINT base at Hop Hau, in Laos, which began operating in
the 1960s was modernised to cover a wider area in 1995. Similarly, in the
early 1990s, Chinese technicians built a SIGINT base on the Myanmar
island of Great Coco, 50 kilometres (30 miles) north of India's Andaman
Islands. It allowed surveillance of the Malacca Straits through which pass
thousands of vessels, as well as tracking Indian missile trials in the Bay of
Bengal. Following on this, the Chinese set up another half dozen bases
along the Myanmar coast.
But they didn't stop at setting up fixed-mast bases to spy upon the larger
regional powers and their neighbours. In 1997 they supplied the Myanmar
junta, then headed by the secret services chief General Khin Nyunt, with
mobile SIGINT units set up in vehicles, giving the Myanmar military the
chance to intercept communications by the guerrilla forces of the United
Wa State Army, a minority group fighting the junta and positioned along the
frontier with the Chinese province of Yunnan17.
But one thing explains the other; the 'little helmsman' wanted to lead a
modernisation and development in the field of communications. Thus the
Chinese embarked upon building ships for information-gathering, the
vessels placed under the authority of either the San Bu offices within
coastal military regions or that of the navy's central intelligence service, the
Haijun Qingbaoju. This large network of maritime listening posts is also
dependent upon the defence ministry's Department of Science and
Technology, which was for years headed by Wang Tongye and General
Nie Li, a specialist in satellite and oceanographic intelligence and vice-
17
Desmond Ball, Burma’s Military Secrets – Signals Intelligence (SIGINT) from 1941 to
Cyber Warfare, White Lotus Press, Bangkok, 1998.
minister of COSTIND. General Nie Li is none other than the daughter of Nie
Rongzhen, the 'Parisian telegraphist', friend of both Deng Xiaoping and
Zhou Enlai and himself a long-time head of the scientific development
programme of China's defence systems.
18
Beijing Information, 13 January 1986. See also an article by Yu Qingtian, Deux villes
scientifiques flottantes, in La Chine en construction, May1987.
19
The Far Eastern Economic Review, 3 August, 1993.
Hong 05 (SIGINT) in 1988 as well as the Xiangyang Hong 10 (COMINT).
From the beginning of the new millennium, this fleet, accompanied by other
new vessels, carried out ever more daring missions, including some brief
incursions into the territorial waters of China's neighbours Taiwan and
Japan in an effort to test their reactions.
May-June 2000: the Haibing navigated the northern sector of the Sea of
Japan before carrying out a circular tour of the archipelago, passing through the
Tsugaru Strait (recognised by international maritime law as a free passage to all
international ships) and entered the Pacific Ocean upon passing Honshu Island.
According to Japanese Self-Defence Forces the vessel was on a military
intelligence mission.
- July 2004: the Nandiao 411 (the vessel's name formerly signifies 'song
of the south' but its Chinese pronunciation allows a double-entendre, the
other meaning being 'to carry out intelligence') is localised by a Japanese
P3-C plane close to the island of Okinotorishima. The Chinese ship, part of
the South China Sea fleet based at Zhanjiang, in the Province of Canton,
returned to the same spot in May 2005.
20
Note here the following vessels: Xing Fengshan (V856), Beidiao N°841, and the Yanha
519 which was modified and relaunched as the Yanha 723. For detailed descriptions, see:
Bernard Prézelin, Les flottes de combat.
But with the beginning of the 21st Century, the PLA succeeded in
widening the realm of its maritime listening posts well beyond such regional
coasting missions - by implanting itself in Cuba.
In 1961, during the quarrel between the USSR and Albania, 12 Soviet
navy Whiskey-class submarines were scuttled and abandoned by their
crews in the Albanian port of Vlorë. China negotiated possession of four of
the submarines. Italian intelligence services informed NATO four years later
that the same submarines, crewed by Chinese sailors, were carrying out
exercises in the Adriatic (tantamount to the Mediterranean).
Perhaps the US had been mistaken to cut off its SIGINT alliance with
China in 1990. On many occasions I have been struck by the history of the
turning and swapping of such alliances, in which the Chinese show an
astonishing capacity to always keep two irons in the fire; they keep tabs on
the Soviets through the Americans, then the Germans, and they keep tabs
on the Americans using the very techniques the US has taught them - but
using Soviet facilities.
During this same period another battle field was developing, that of
information warfare, a hand-down from what was initially an invention of the
US army developed during the Vietnam war: the Internet.
21
See Intelligence Online, N°529, 25 August 2006.
22
The Asociación de Amistad Cubano-China. See: Nuestra historia aún se está
escribiendo, La historia de tres generales cubano-chinos en la revolución cubana – Armando
Choy, Gustavo Chui, Moisés Sío Wong, (Published by Mary-Alice Waters) Pathfinder Press,
New York, 2005.
links with the fields of science and technology. Golden Cards was a plan to
distribute a credit card system of payment to 300 million Chinese, and
Golden Customs was yet another plan to streamline foreign trading23.
Fearing the anarchy of the World Wide Web, (or Wan Wei Wang in
Chinese, meaning 'ten thousand three-dimensional networks'), Jiang
Zemin's team created in 1995 a special central regulation agency, while the
post and telecommunications ministry set up a commercial network called
ChinaNet. The following year four state-controlled access providers offered
global internet access; ChinaNet, with a China Telecom infrastructure;
ChinaGBN, using the same infrastructure but dedicated to serve the
ministry of industry and electronics; CERNET, which served the State
Education Commission and CSTNet, attributed to the Chinese Academy of
Sciences were both given their own, separate infrastructures. During this
same period, CBnet director Zhang Ping offered a subscription to the China
Business Information Network, with an archive system for the China Daily,
and connection to the internet24.
Without entering into the technical detail of the matter, suffice it to say
that as of 1998 national security considerations were threatened by the
23
Details of this operation and many others feature in a thesis by second lieutenant
Sébastien Manzoni, L’infrastructure nationale de l’information en République populaire de
Chine – une illusion de liberté, written under the supervision of Catherine Sarlandie de la
Robertie, Social and Political Sciences Division, Ecole Spéciale militaire de St-Cyr, école
militaire interarmes, école militaire du corps technique et adiministratif, June 2003.
24
Correspondence between the author and Zhang Ping (Beijing, 10 November 1994).
existence of any private networks outside the monopoly of China Telecom.
Nevertheless, parallel networks such as Unicom and China Netcom were
allowed to operate. Despite the danger posed by the 'e-democracy', the
Chinese government (including the PLA, the Communist party and the
intelligence services) saw an opportunity with the Internet. Propaganda
operations were handed over to an 'Internet Propaganda Bureau' as of
2000, while the New China News Agency and the PLA developed quite
elaborate websites. The central committee's International Liaison
Department (ILD), a major political intelligence service, created its own
website as did also the China Institute of Contemporary International
Relations (CICIR) which, as already mentioned, is run by the 8th Bureau of
state security, the Guoanbu. Naturally, the Public Security Bureau, which
controls the police, also created its own website with sections dedicated
regional information and address details allowing citizens to contact local
authorities directly.
On all of these sites the URL pages in Chinese are by far richer in
information than those pages in English, resulting in interesting differences.
An example is the censorship of the English-language pages on a site run
by the University of Tsinghua, in the History section telling the story of
Chinese intelligence and the role of Li Kenong, the former head of the
CCP's special services25.
25
http://history.54tsinghua.cn/9-12-1-12.htm
security, China-wide web operating within a closed circuit26.
If the Chinese have worked upon all these different ways of controlling
and protecting their use of the Internet, with impregnable encryption and
undetectable transmissions, their special services are also engaged in a
worldwide offensive of intrusion, hacking and bombarding spam and
viruses against foreign websites and data banks.
An army of cyberwarriors
26
These studies were handed down to a provincial organisation, the Sichuan Zhongcheng
Network Development Company Ltd. see Manzoni, L’infrastructure nationale, op.cit. p.72.
her Chinese counterpart Wen Jiaobao expressed his sorrow upon learning that
computer systems in her chancellery and others in a number of German ministries
had recently been the target of hackers.
Brought up in the former West Germany, Frau Merkel is well aware of the
double talk common to communist regimes. But is that enough to explain
why it is only Germany which has shown the courage to raise the problem
with China's leaders - while doing business with them?
Perhaps the most worrying of all these different attacks was that against
Japan, about which I published my own investigation in the Tokyo
magazine Sapio in 2005. A first wave of attacks occurred on April 15,
2005, when the Mitsubishi Corporation and a Chinese subsidiary of Sony
were targeted. Other companies preferred, for economic reasons, not to
divulge that they too were attacked, commenting when asked that they
were used to computer system intrusions but that their firewalls afforded
protection.
27
See article by Michel Alberganti, Le dernier virus informatique envoie son butin en
Chine,published in Le Monde, 16 January 1999.
target of cyber attacks following declarations by a number of the country's
politicians denying that Japan's Imperial Army was involved in the 1937
massacre of Chinese in Nanking (the then capital of China occupied by
Japanese forces). In all these cases, the attacks involving systems to wipe
out data banks were found to have originated in China, from where they
were re-routed via foreign Internet Service Providers (ISP's).
The PLA, which led the operations, first went on the offensive in 1999.
On the initiative of the Central Military Commission, a task force was set up
at the end of the last century, essentially made up of the six services
specialised in this theatre of information warfare. These included the PLA's
Second Department (Er Bu), who's then head was General Luo Yudong;
the Department of Communications (Tongxin Bu), led by General Xu
Xiaoyan; the PLA's Third Department (San Bu), headed by Qiu Rulin; the
ministry of defence's Department of technological intelligence; the Institute
of Military Sciences' Department of special technologies, otherwise known
as 'Department 553, and the 10th and 13th Bureaux (communications) of
State security (Guoanbu). The task force was led by Xie Guang, vice-
minister of COSTIND and one of the China's cyberwarfare theoreticians28.
General Si Laiyi was given the job of setting up the PLA's University of
science and techniques, in order to train and develop highly-skilled
technicians and several telecommunications research institutes were
merged together to produce these cyberwar cadres (Xinxi Zhanzheng).
Their very thorough practical and theoretical instruction studies use
manuals such as 'Unrestricted warfare' by Colonel Qiao Liang and Colonel
Wang Xiangsui, and Western publications like 'War in cyberspace' by
French journalist Jean Guisnel and which was translated into Chinese in
28
According to Indian sources, the task force in 1999 also included the following: General
Fu Quanyou, chief of PLA General Staff, and generals Yuan Banggen, Wang Pufeng, Wang
Baocun, Shen Weiguang, Wang Xiaodong, Qi Jianguo, Liang Zhenxing, Yang Minqing, Dai
Qingmin, Leng Bingling, Wang Yulin and Zhao Wenxiang.
2000 by New China Publishers29.
Once they have qualified, these officer cadets and technicians of all
grades go into battle playing internal wargames or carrying out very real
attacks like those just described against Japan or, later, Germany. But back
in the early days, they were faced with another 'invisible army' as an
enemy, one which was actively retaliating against China's offensives and
which was known as 'the Hong Kong Blondes".
Ten years later, during the summer of 1999, a team of Guoanbu hitmen
was sent to Saint-Nazaire, in France's Brittany region, to kill him. Beijing
wanted him wiped out because he was one of the leaders of the so-called
'Hong Kong Blondes', a group of extremely skilled 'cyber dissidents' who
were leading attacks against the computer systems of the Chinese army.
Blondie Wong was no longer in western France - if indeed he ever had
been - when the hit men arrived. Wong is a master of disinformation and
spin. A rumour had it that he had left for Canada, where he was living
under armed guard.
29
Jean Guisnel, Guerres dans le cyberespace, Services secrets et internet, La
découverte/Poche, Paris, 1997. In Chinese: Jang.Jinei’er (Jean Guisnel), Huliangwang
shangde jiandiezhan, translated by Xu Jianmei, Xinhua Chubanshe,
The Hong Kong Blondes were a group of hackers who proved it was
possible to defeat China's enormous computerized mechanism for
controlling its population. For the PLA and its huge empire of cyberwarriors,
it was a case of the biter being bit.
Ever since their establishment in 1989, the 'Blondes' ran a rumour mill on
the Internet in such a way as to cover their tracks, succeeding in continuing
their attacks on Chinese government networks even after the handing over
of Hong Kong; this was particularly daring given, as I have detailed, how
the Chinese special services had taken control and place of the local
police.
The Guoanbu took their chase to Vancouver, then onto Toronto. There
they learnt that Wong had already fled to India with a woman member of
the group, Lemon Li. She had lived in exile in Paris after a period of
imprisonment in China, and it was in fact Lemon Li who had, at one time,
settled in Saint-Nazaire.
It is said that the only true blonde in this ghost-like grouping is a former
technician from Britain's MI5, Tracey Kinchen, who helped both the Blondes
and the Yellow Pages. It is but a small step, on the basis of this, to imagine
that the British Intelligence Service is involved in assisting the dissidents
with their small-scale, guerrilla cyberwarfare attacks against the weaker
units of a numerically superior army.
Next they moved the threat of their actions up a notch into altogether
more sensitive territory - downloading confidential codes, including
information on satellite guidance. They then sprung a series of attacks to
wipe out specific databases, launching disinformation campaigns and
bombarding websites until they froze (DoS or Denial of Service) in precisely
the same sort of attack as those carried out by the PLA's cyberwarriors.
It is even said that the Hong Kong Blondes were able to install codes so
as to carry out surveillance or put the Chinese computer systems on alert.
According to Lo Yik Kee, head of Hong Kong's police computer crime
squad, there were 228 cyber attacks against China in 1999 which
originated in the former British colony. Set up at the beginning of 2000, the
squad initially centred its attention on identifying the cybercafés from where
the attacks against the PLA originated. Meanwhile, the Gonganbu, never
shy to provide statistics behind the bamboo curtain, numbered attacks over
this period at 72,000, of which 200 were successful.
When a journalist found Tracey Kinchen in Bangkok, the MI5 spy gave a
very zen account of the group's activities; Blondie Wong and the Hong
Kong Blondes, she suggested, wished no harm on anyone. They followed
the non-violent principles of Mahatma Gandhi and Martin Luther King30.
30
An interview by Anthony C. LoBaido, correspondent for WorldNetDaily. The article
reports that the Blondes received assistance from US engineer staff at Cal Tech as well as
MIT, Baylor, Texas A&M, West Point, Liberty Baptist and even the Air Force Academy in
The Chinese, however, saw it as nothing other a very involved sabotage
campaign, ever since a cyber attack against one of their communications
satellites in 1998.
Colorado. This no doubt explains Chinese claims that the CIA are behind the attacks.
31
Zhanshibao
32
Mingbao, 27 February 1999.
Along with organising numerous intrusions into foreign Internet networks,
the Chinese secret services were also given the mission of organising a
vast system for controlling the Chinese population, in particular the young
generation who enjoy surfing the net but increasingly avoid cybercafés to
do so.
In 1995, when use of the Internet had properly taken off in Japan and the
Sino-Corean world, there were in China just a few thousand academics
who wished to use the Internet to stay in contact with their foreign
colleagues. They were required to register with the ministry of post and
telecommunications, which ran the China-Pack link to the worldwide web.
At that time, initial control resided with the Information Bureau of the State
Council which was run by Zeng Jianhui, a propaganda specialist and
notably vice-president of the Xinhua News Agency. After having closely
studied Internet control methods in Singapore, he handed over his post in
1996 to Ma Yuzhen, vice-minister of information and a former Chinese
ambassador to the UK.
Ten years later a very elaborate surveillance system had been put in
place. A system controlling every user of the Internet was set up in Tibet
by the Public Information Bureau (PIB) belonging to the Lhasa Bureau of
Public Security (Gonganju) headed by 'Luobu Donzhu' (who's real, Tibetan
name is Norbu Dondrub). It was without doubt no coincidence that Tibet
was chosen as the first test laboratory for computer surveillance, before the
system could be widened to cover other regions of China.
The mission of these technical services is "to fight Internet crime". But by
all accounts their fellow colleagues in the Lhasa section of the State
Security (Guoanbu) Bureau, responsible for offensive counter-espionage
operations against India, are also interested in monitoring possible coded
email correspondence between the Dalai Lama's Research and Analysis
Centre (RAC) in Dharamsala and Tibetan resistance networks.
The two Security ministries, the Gonganbu and the Guoanbu, recruit
talented computer engineers, and these include students who have
specialised in Information Technology (IT) at US universities and who are
given substantial financial incentives to steer them away from the private
sector. Just like Western counter espionage agencies, they have also
succeeded in recruiting brilliant and repented hackers, like a young cyber
'pirate' recruited in Shanghai in 2003 and now one of Chinese security's
star technicians33.
33
Willy Wo-Lap Lam, Chinese Politicis in the Hu Jintao Era (New Leaders, New
Challenges), M.E.Sharpe, New York, 2006.
Cybercafé managers often ask for their passports before assigning them
a computer which will then keep trace of their Internet path, just like hotel
computers. I was told by one Internet specialist I met in Beijing that the
capacity of surveillance units had been significantly increased for the
Olympic Games.
With its public launch of the Golden Shield (Jindun) programme in April
2006, the Ministry of Public Security (Gonganbu) enlarged its surveillance
methods even further. It boasted of being able to combat websites
dangerous to China thanks to a network of some 640,000 computers
working under 23 different systems across the country (with the exception
of Hong Kong and Macau). The system is so sophisticated that the
Gonganbu claimed it could solve online crime, thus reducing overall crime
rates by controlling Internet users.
Costing $10 million, the Golden Shield is a sort of giant intranet managed
by the Chinese security forces. They are able to block or spy on websites at
will, and to watch over web users. The novelty is that the Golden Shield
contains a programme to filter key words used in Chinese cyberspace,
setting off either surveillance action or an automatic block on
communications, or the two together. It is similar to the system developed
by the US National Security Agency for the ECHELON network, with its
'dictionaries' that allow for the tapping of conversations in which pre-
programmed words appear. The difference between the two systems is
that, with few exceptions, the end game under ECHELON is not to actually
block the URL pages, blogs or chatrooms of, for example, Islamic websites
promoting violence.
Commonly used words, and even legendary ones, can become suspect
when placed together; Dragon-Tiger-Leopard (Long Hu Bao) is the title of a
Hong Kong erotic magazine publication as well known in the region as
Playboy, which is also another forbidden reference. Another example here
is the expression 'group of pigeons' (Ge Pai), which is categorised as
referring to a hidden attack on communist leaders. Yet worse for the
authorities is the expression 'the great law' (dafa) because of its reference
to principles of the Falun Gong.
The methods of the Golden Shield will without doubt prove to be ever
less effective in hunting 'counter-revolutionary criminals' – even when the
system is able to analyse the activities of every single computer in China.
This is primarily because younger generations use thousands of everyday
common words and slang as a code in their intimate conversations and
which in Chinese are by nature particularly rich in imagery. The Gonganbu
will be forced into modifying its Orwellian programme which is already
struggling to cope with the consequences of a grand linguistic confusion.
Information highway
Xinxi gaosu gonglu, 'a high-speed road for information'
信息高速公路
connection
shang wang 'to connect to the network' 上网
Cyberwar
Xinxi zhanzheng 信息战争
Computer offence
Shuzi huafanzui 'digital crime' 数字化犯罪
Email
Dianzi youjian电子邮件
A more popular term, for reasons of pronunciation,
is yi meir (meaning 'little sister') : 伊妹儿
Spying on the Net
Hulianwang shangde jiandiezhan 'War of spies on the Net'
互联上网的间谍战
Hacker, computer pirate
Heike 'black host', 'black intruder' 黑客
World Wide Web WWW
Wan wei wang 'ten thousand three-dimensional networks' 万维网
Ends.