What would I do if I was Chinese PLA

“Never interrupt the enemy while he is making a mistake” ~ Napoleon


UPDATE: I wrote this blog post on 14th March 2014, today is November 21st 2014 and somehow it’s finally become news. Keep up people.


First thing I want to stress here is this is a theoretical scenario, theoretical but entirely possible, if not probable.
In case some of you are unaware the Peoples Liberation Army of China has a special unit known as Unit 61398, the analysts over at Mandiant did a giant expose of them last year. I’m not going to labor on all the details as it’s out of scope for this post but, the skinny of why 61398 are important is that they develop and deploy all kinds of malware and other nasties for the sole purpose of infiltrating US systems. These systems are not confined to defense related boxes either. They are actively targeting US manufacturing and other commercial entities, with a view to literally stealing intellectual property. You can bet if Ford are designing a new vehicle the PLA probably already know about it and a vehicle that looks remarkably like our the new Ford, is already rickshaw-dodging around Beijing.


How *might* this be happening?


While I will dock my cap, and admit, 61398 are dedicated and VERY ‘talented’ cyber operators for China, it’s entirely possible that we are defending the wrong perimeters. That’s not to say those perimeters don’t need defending, but while we are concentrating on their right hand the left is sucker punching us. I don’t think these guys are coming at us over the wire and defeating our corporate and government IDS, IPS, Firewalls, and DMZs as much as we think (well not all the time anyway).


I’m getting to the point, I promise…


‘Vaping’. In case you weren’t aware ‘vaping’ is the new smoking. Its not as cool as smoking used to be back in the James Dean era just yet but it’s gettting there, and the US is a big ole market. Vaping is basically a battery, a ‘tank’ containing a flavor + nicotine if you so wish and and atomizer. All in a handy little tube, some even look like actual cigarettes if only for their crazy green glow when you take a pull.


So these ‘vaping kits’ all require a charger like this:



The one you see above comes with the ‘eGo’ kit freely available in the US and ‘handily’ comes with a detachable wall socket bit, because we all know it’s easier to just throw it in our PC right? After all it’s only a charger for a vape pen, what harm can it do?


Well it’s Model number: EK-928-C and it’s ‘Made In China’.


And I’d like to know why every time I plug it into my freaking Windoze PC, a TCP connection opens up to Chinese IP space, from a service or persistent process that is present on most Windows PC’s that resides in a well-known area of a Windows filesystem?


But when I take it out it’s gone again? That’s some freaky shit. And who are you contacting on a TCP connection on port 8646 via a service/app thats prevalent on lots of corporate workstations??



So lets imagine for a moment, that this is a ‘zero day’ exploit, an exploit that has not been discovered within common programs or services that exist on most Windows PC’s. This is just one example, I also noticed iexplore.exe going ballistic when plugging in the benign ‘vape pen’ charger. If you were China would you go full disclosure?






.. and think. Smoking in the workplace has been vilified for years now, people are turning to ‘vaping’, while you may not be able to physically ‘vape’ in your booth at Booze, or Northrup Grumman, or wherever, you can still charge your ‘vape-pen’ right?



Yes I agree, in a SCIF you wont get away with plugging in your ‘vape-charger’ – but what about the sub-contractors?



But it gets worse, you know all those desk toys, like the coffee warmer, and the mexican jumping bean thing, all those ‘office toys’ you can get from ‘thinkgeek.com’ and similar, that only come with a little USB plug you have no choice but to drop in you PC (whichever PC you are near) they are all made in China.



Ask yourself this. Where’s the wall adapter, and why is it so convenient that I plug this purely ‘power charging’ device into my PC, its got no storage, or phone home capability? Right?



This shit has already been done, why we never learned from the greeks trojan horse, I’ll never know. That’s what is getting into US. Not over the wire ‘hacks’ – They don’t need to waste thousands of man-hours of Unit 61398, while we buy their trinkets. Everything else is a fucking distraction. They already ‘got’ us. Through trade. Worse still it was through trading office toys and chargers with no wall sockets.



Who’s the asshole now? Much as it burns the skin off you, there’s no need to spend time breaching perimeter defenses and firewalls if China is already inside.



Stay Frosty.





PS: Is this sounding outrageous yet? Google Huawei PLA