The Chinese Cyber Army - An Archaeological Study from 2001 to 2010

DEF CON 18

Presented by: Wayne Huang, Jack Yu
Date: Saturday July 31, 2010
Time: 18:00 - 18:50
Location: Royale 1
Track: Track 2

Operation Aurora, GhostNet, Titain Rain. Reactions were totally different in the US and in Asia. While the US media gave huge attention, Asia find it unbelievable and interesting, that cyber warfare and government-backed commercial espionage efforts that have been well established and conduced since 2002, and have almost become a part of people's lives in Asia, caused so much "surprise" in the US.

Here we'll call this organization as how they've been properly known for the past eight years as the "Cyber Army," or "Wang Jun" in Mandarin. This is a study of Cyber Army based on incidences, forensics, and investigation data since 2001. Using facts, we will reconstruct the face of Cyber Army (CA), including who they are, where they are, who they target, what they want, what they do, their funding, objectives, organization, processes, active hours, tools, and techniques. Examples of incidences studies will include, for example, recent intrusions into United Nations and CSIS. Our data was collected over a long period of time, through intelligence trading, and through our involvement in helping Asian governments in their investigation efforts.

Attendees will gain a good understanding of the Chinese Cyber Army, including:

A. Who they are

B. Where they are

C. Who they target

D. What they want

E. What they do

F. Their funding, objectives, organization, processes, and active hours

G. Their tools, and techniques

H. The threat and the countermeasures


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats