Chinese Cyber Timeline - Friday, July 8, 2011
Created by Richard Amores –
Cyber Notebook
USCyberLabs -Blog

China Cyber Timeline -2011 Timeline PDF


Major Incident

1994 -1996

Formation, Expansion and Exploration -


    The Green Army (China's first hacker group) is formed

    China Eagle Union's preliminary web design registered as Chinawill and title "Voice of the Dragon"


    Anti-Chinese riots in Indonesia ignites retaliation from Chinese hackers and provide the catalyst for the creation of the "Red Hacker Alliance"

    Moonlight Maze – The name Moonlight Maze refers to an incident in which U.S. officials accidentally discovered a pattern of probing of computer systems at The Pentagon, NASA, United States Department of Energy, private universities, and research labs that had begun in March 1998 and had been going on for nearly two years. Sources report that the invaders were systematically marauding through tens of thousands of files — including maps of military installations, troop configurations and military hardware designs. The United States Department of Defense traced the trail back to a mainframe computer in the former Soviet Union but the sponsor of the attacks is unknown and Russia denies any involvement. Moonlight Maze is still being actively investigated by U.S. intelligence (as of 2003).[1]


    Cyber conflict between People's Republic of China's and Taiwan over "Two State Theory"

    Commercialism is introduced into the Green Army

    August- Taiwanese and Chinese Hacker War- ERUPTS


    Denial of Nanjing Massacre leads to attack on Japanese web Sites

    Taiwanese elections spark conflict with mainland hackers

    November – Chinese Hacktivist threaten DDOS on Taiwan National Day

    Hacker activity marking the anniversary of the first Sino-US Hacker war squashed by the Chinese government. Chinese hacktivist appear to go Under Ground.

    Beginning of "reckless desire" within the alliance the Green Army falls apart from financial disputes

    Honker Union of China founded by Lion

    China Eagle Union founded by Won Tao

    Javaphile founded by CoolSwallow and Blhuang


    The Red Hacker Alliance attacks Japan over incident

    The Japanese Web Site hit over Prime ministers visit to controversial monument.

    April- First "Sino-US Hacker War" erupts after US EP-3 and PLA F-2 Collided and US crew Detained


Attack on Taiwanese company Lite-On by Javaphile


    Titan Rain – was the U.S. government's designation given to a series of coordinated attacks on American computer systems since 2003. The attacks were labeled as Chinese in origin, although their precise nature (i.e., state-sponsored espionage, corporate espionage, or random hacker attacks) and their real identities (i.e., masked by proxy, zombie computer, spyware/virus infected) remain unknown. The activity known as 'Titan Rain' is believed to be associated with an Advanced Persistent Threat.

    August- Reports of Chinese hackers against Taiwanese government and commercial sites.

    The Chinese government grants licenses to open Internet cafe chains to just 10 firms, including three affiliated to the Ministry of Culture, one linked to the politically powerful Central Committee of China Youth League and six state-owned telecoms operators.


    Chinese hackers hit Japan government web site over dispute over Diaoyu Island.

    July Chinese hacker attacks against Taiwan continues

    November- Media reports of attacks against several US military installations.


    Honker Union of China reforms

    December- In early December 2005 the director of the SANS Institute, a security institute in the U.S., said that the attacks were "most likely the result of Chinese military hackers attempting to gather information on U.S. systems."[1]

    March- Several attacks from sites in allegedly in China against multiple sites in Japan.

    August- Media reporting of Chinese Espionage condemned "Titan Rain"

    September- According to media staff in Taiwan National Security Council is targeted via social engineering e-mails.

    China purchases over 200 routers from an American company, Cisco Systems that allow the government more sophisticated technological censoring capabilities. In October, the government blocks access to Wikipedia.


    British MPs targeted. (Guardian, Smash and Grab, the High Tech Way)

    June- Chinese hackers strike at Taiwan MoD.

    July- Media Report US State Department is recovering from a damaging cyber attack

    August- Official State hostile cyber force have downloaded up to 20tb (Terra Byte = 1024 Gigabytes = 1 Terabyte -20 terabytes of data)

    August- Claims of Congressional Computers being hacked are made

    November- US Naval War College computers infrastructure reportedly attacked.

    January-  a group of former senior Communist party officials in China criticize the internet censorship, warning that it could "sow the seeds of disaster" for China's political transition.

    February-  Google agrees to block websites, which the Chinese Government deems illegal in exchange for a license to operate on Chinese soil. The search engine responds to international criticism by protesting that it has to obey local laws.

    May-  Chinese Internet users encountered difficulties when connecting to Hotmail, Microsoft's popular email service. Microsoft says the break in service is caused by technical problems, but there is widespread speculation that the incident is linked to state censorship. In the last week of May, Google and many of its services also became unreachable.

    July-  researchers at Cambridge University claim to have broken through the Great Firewall of China - the government imposed blocks on large portions of the web.

    November-  the Chinese language version of Wikipedia is briefly unblocked before being shut down again the same month.



    WASHINGTON- The Chinese government hacked a noncritical Defense Department computer system in June, a Pentagon source told FOX News on Tuesday.

    Pentagon investigators could not definitively link the cyber attack to the Chinese military, the source said, but the technology was sophisticated enough that it indicated to Pentagon officials — as well as those in charge of computer security — that it came from within the Chinese government.

    2007 German Chancellery compromised and China accused of being the perpetrator. (Der Spiegel, Merkel's China Visit Marred by Hacking Allegations)

    2007 US Pentagon email servers compromised for an extended period. Cost to recover $100 million. Paul, Ryan. "Pentagon e-mail taken down by hackers." Ars Technica. 22 June 2007 )

    2007 Oak Ridge National Laboratory targeted by Chinese hackers (Stiennon, Haephratic Technique Used to Crack US Research Lab)

    June- OSD (Office of the Secretary of Defense) Computers attacked via malicious e-mail.

    August- Reports emerge of cyber attacks of Germany.

    September- Reports emerge of cyber attacks of UK.

    September- Reports emerge of cyber attacks of NZL (New Zealand).

    October-US Nuclear Labs targeted by malicious e-mail.

    December- MI5 Issues warring on Chinese Cyber Attacks

    January- Hu Jintao, the Chinese president, pledges to "purify" the Internet. He makes no specific mention of censorship, saying China needs to "strengthen administration and development of our country's Internet culture."

    March- access to the LiveJournal, Xanga, Blogger and Blogspot blogging services from within China become blocked. Blogger and Blogspot become accessible again later the same month.

    June-  American military warn that China is gearing up to launch a cyber war on the US -plans to hack US networks for trade and defense secrets.


    March- Reports emerge on cyber attacks on Australia.

    May- Reports emerge on cyber attacks on India.

    May- Reports emerge on cyber attacks on Belgium

    May- US commerce Secretary laptop investigation for data infiltration.

    June- US elections campaign hacking reported.

    November- Hacking of White House Computers alleged.

    November- Massive intrusion on NASA systems released.

    December- French Embassy Web site attacked in protest over meeting with Dali Lama

    April-  MI5 writes to more than 300 senior executives at banks, accountants and legal firms warning them that the Chinese army is using Internet spyware to steal confidential information.

    June- Hu Jintao, the Chinese president, makes his first tentative steps online by answering questions on a web forum.

    August- China faces widespread criticism for Internet censorship in the run-up to the Beijing Olympics. The government surprises critics by lifting some of the restrictions, making the websites of human rights organizations such as Amnesty International accessible for the first time.


    March- GhostNet – China's large-scale cyber-spying -China's global cyber-espionage network GhostNet penetrates 103 countries. A vast Chinese cyber-espionage network, codenamed GhostNet, has penetrated 103 countries and infects at least a dozen new computers every week, according to researchers.

    2009 Three largest resource companies in Australia, including Rio Tinto compromised.(Rio Tinto hacked at time of Hu arrest)

    2009 Google Aurora attacks target user data and source code. (McAfee blog)

    April- Compromise of systems across 103 countries by Chinese cyber spies while Chinese government denies enrollment in GhostNet.

    April- Daily attacks reported against German government.

    April- The Chinese government denies reports of hacking the Australian Prime Ministers e-mail

    April- Reports emerge of Chinese hackers targeting South Korea official with social engineered e-mail.

    March- Bill Gates weighs into the Internet censorship row, declaring that "Chinese efforts to censor the Internet have been very limited" and that the Great Firewall of China is "easy to go around". His comments are met with scorn by commentators on the web.

    March- the government blocks the video-sharing website YouTube after footage appearing to show police beating Tibetan monks is posted on the site.

    June- China imposes an information black-out in the lead up to the anniversary of the Tiananmen Square massacre, blocking access to networking sites such as Twitter as well as BBC television reports.

    June- China faces a storm of criticism over plans to force all computer users to install Green Dam Internet monitoring software. The plan is dropped in August.

    June- Lord West, the British security minister, warns that Britain faces the threat of a "cyber cold war" with China amid fears that hackers could gain the technology to shut down the computer systems that control Britain's power stations, water companies, air traffic, government and financial markets.

    August- The US Government begins covertly testing technology to allow people in China and Iran to bypass Internet censorship firewalls set up by their own governments.

    December- The government offers rewards of up to 10,000 Yuan (£888) to users who report websites featuring pornography. The number of pornographic searches rockets.


    2010- Corollary Aurora attacks against Marathon Oil, ExxonMobil, and ConocoPhillips  (Christian Science Monitor, 2010 Shadows in the Cloud report from SecDev on successful attacks against India's military networks. (Scribd report: Shadows in the Cloud) McAfee Night Dragon provides details of attacks against five large energy companies. (McAfee: Global Energy Cyber Attacks: "Night Dragon")

    January– Operation Aurora – The attack has been aimed at dozens of other organizations, of which Adobe Systems,[3] Juniper Networks[4] and Rackspace[5] have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley[6] and Dow Chemical[7] were also among the targets.

    January- China announces plans to force its 400 million Internet users to register their real names before making comments on the country's many chat rooms and discussion forums.

    January- Around 5,000 people are arrested for viewing Internet pornography and 9,000 websites are deleted for containing sexual images and other "harmful information".

    January- Google threatens to pull out of China if it is not allowed to operate without censorship. The search engine blames the government for "highly sophisticated" attacks on its servers and attempts to target the Gmail accounts of human rights activists.

    The government responds by saying Internet companies have a "major responsibility" to help maintain "social stability and harmony" by "guiding" public opinion. It denies any part in the cyber attacks.

    March- Google shuts down its China-based search engine and redirects users to an uncensored site based in Hong Kong.

    April- A Chinese state-owned telecommunications firm "hijacks" 15 per cent of the world's Internet traffic, including highly sensitive US government and military exchanges, raising security fears.

    June- The government restricts access to Foursquare after players used the geo-location service to draw attention to the 21st anniversary of the Tiananmen Square massacre.

    July- Google stops automatically redirecting users of its Chinese search engine to its Hong Kong site, but continues to allow users to access the uncensored search engine by clicking a separate tab. The following week, the row between the search giant and the superpower seems to have drawn to a close as the government a renews Google's licensed to operate its business in China.

    November- A security report to the US Congress warns that the hijacking of 15% per cent of the world's Internet traffic by a Chinese telecommunications firm may have been "malicious" including data from U.S. military, civilian organizations and those of other U.S. allies.



·       January 14- U.S. warns on China cyber, anti-satellite capability -"Advances by China's military in cyber and anti-satellite warfare technology could challenge the ability of U.S. forces to operate in the Pacific, U.S. Defense Secretary Robert Gates said on Friday during a visit to Japan.


·       February 4- China Attacks British Government Computers - William Hague told a security conference in Munich that the FO repelled the attack last month from "a hostile state intelligence agency". Although the foreign secretary did not name the country behind the attacks, intelligence sources familiar with the incidents made it clear he was referring to China. The sources did not want to be identified because of the sensitive nature of the issue.


·       February 9- Oil Firm Hit by Hackers From China Report Says - Western energy firms have been targeted in cyber espionage attacks, apparently orchestrated by hackers working from inside China, the Wall Street Journal reports:


·       February 17-  Journalists Under Online Attack, in China and Beyond - In March, Andrew Jacobs, a correspondent working for The New York Times in Beijing, peered for the first time into the obscure corners of his Yahoo e-mail account settings. Under the "mail forwarding" tab was an e-mail address he had never seen before. That other e-mail address had been receiving copies of all of his incoming e-mails for months. His account had been hacked.


·       February 17- Foreign Hackers Attack Canadian Government an "unprecedented" cyber attack on Canadian government computers has been traced back to computers in China. From CBC: The attack, apparently from China, also gave foreign hackers access to highly classified federal information and also forced the Finance Department and Treasury Board — the federal government's two main economic nerve centre's — off the Internet.


·       March 10- Spy chief: China's cyber abilities worry U.S.- WASHINGTON — China's growing capabilities in cyber-warfare and intelligence gathering are a "formidable concern" to the United States, the top U.S. intelligence official told a Senate panel Thursday.


·       April 5- Spying on Computer Spies Traces Data Theft to China - The Toronto spy hunters not only learned what kinds of material had been stolen, but were able to see some of the documents, including classified assessments about security in several Indian states, and confidential embassy documents about India's relationships in West Africa, Russia and the Middle East. The intruders breached the systems of independent analysts, taking reports on several Indian missile systems. They also obtained a year's worth of the Dalai Lama's personal e-mail messages.


·       April 19- Rio, BHP, Fortescue Hit by China Computer Hackers, ABC Reports - Rio Tinto Group faced cyber attacks from China at about the time of the arrest of four executives in the country, while BHP Billiton Ltd. and Fortescue Metals Group Ltd. have also been hit, Australian Broadcasting Corp. reported.


·       April 29- Glass Dragon: China's Cyber Offensive Obscures Woeful Defense. Kaspersky Labs' Threat Post reports that China's online defenses have failed to keep pace with its widely hyped offensive capabilities: For the last 18 months, Dillon Beresford, a security researcher with testing firm NSS Labs and divorced father of one, has spent up to seven hours a day of his spare time crawling the networks of China's state and provincial governments, as well as stealthier networks belonging to the PLA and the country's top universities. Armed with free tools like Metasploit and Netcat, as well as Google Translate, he's pulled back the curtains on the state of cyber security in China. What he's discovered may come as a surprise to many U.S. policymakers and Pentagon officials.


·       March 19- EMC –RSA - In an open letter, RSA executive chairman Art Coviello revealed that the information was stolen via an APT (advanced persistent threat) attack. "While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, [it] could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack," he wrote.


·      May 7- China's Spying Seeks Secrets US Info - China is ramping up espionage efforts in the United States. One key component of their strategy is to recruit U.S. citizens to join clandestine defense organizations and pass along information to Chinese handlers. From the Associated Press: He had been a seemingly all-American, clean-cut guy: No criminal record. Engaged to be married. A job teaching English overseas. In letters to the judge, loved ones described the 29-year-old Midwesterner as honest and caring—a good citizen. His fiancée called him "Mr. Patriot."


·       May 25- China Confirms Existence of Elite Cyber-Warfare Outfit the 'Blue Army' China set up a specialized online "Blue Army" unit that it claims will protect the People's Liberation Army from outside attacks, prompting fears that the crack team was being used to infiltrate foreign governments' systems.


·       May 30- China's cyber squad is for defense - Blue Army -At a rare briefing, China's defense ministry spokesman, Geng Yansheng, announced that the 30-strong team was formed to improve the military's security, the Beijing News reported Thursday.


·       May 5- Lockheed Martin - the largest provider of IT services to the U.S. government and military, suffered a network intrusion stemming from data stolen pertaining to RSA. It seems that the cyber-thieves managed to compromise the algorithm used by RSA to generate security keys. RSA will have to replace the SecurID tokens of more than 40 million customers around the world, including some of the world's biggest companies.


·       May 19- Norwegian Military - The attack happened when 100 senior military personnel received an email in Norwegian with an attachment. The attached file was in reality a Trojan designed to steal information. At least one person opened the attachment, but the attack was a failure and no data was lost.


·       May- Citigroup - revealed that information for more than 360,000 U.S. credit card accounts had been compromised by a website hack. The worst thing about this attack is the fact that the data thieves did not even have to hack a server,


·       June 22- China Restricts Popular Report-a-Bribe Websites - Chen's website — — drew 200,000 unique visitors in two weeks. Its anonymous posts wrote about bribing everybody: officials who demanded luxury cars and villas to police officers who needed inducements not to issue traffic tickets. Some ousted doctors receiving cash under the table to ensure safe surgical procedures. Mainstream media spread word about the site, amplifying the outrage among netizens.


·       June 24- China Opens String of Spy Schools - Since 2008, the Chinese government has opened a string of National Intelligence Colleges on campuses around the country in an effort to improve the skills of the nation's spies. The Telegraph reports: The move comes amid growing worries in the West at the scale and breadth of Chinese intelligence-gathering, with MI5 saying that the Chinese government "represents one of the most significant espionage threats to the UK"


·       June- IMF - said it had been targeted by a sophisticated cyber-attack for months, even though the organization has made no public statement about the motivation behind it. The nature of the information stored by the institution would seem to indicate that this was a targeted attack


·       June - European Space Agency - hacked into and a lot of information was stolen and made public. This data included user names, FTP accounts and even FTP login details stored… in plain text files!






Top 10 China Cyber Attacks (that we know of)

1) Titan Rain

In 2004, an analyst named Shawn Carpenter at Sandia National Laboratories traced the origins of a massive cyber espionage ring back to a team of government-sponsored researchers in Guangdong Province in China. The hackers, code named by the FBI “Titan Rain,” stole massive amounts of information from military labs, NASA, the World Bank, and others. Rather than being rewarded, Carpenter was fired and investigated after revealing his findings to the FBI, because hacking foreign computers is illegal under U.S. law. He later sued and was awarded more than $3 million. The FBI renamed Titan Rain and classified the new name. The group is still assumed to be operating.

2) State Department’s East Asia Bureau

In July 2006, the State Department admitted it had become a victim of cyber hacking after an official in “East Asia” accidentally opened an email he shouldn’t have. The attackers worked their way around the system, breaking into computers at U.S. embassies all over the region and then eventually penetrating systems in Washington as well.

3) Offices of Rep. Frank Wolf

Wolf has been one of the most outspoken lawmakers on Chinese human rights issues, so it was of little surprise when he announced that in August 2006 that his office computers had been compromised and that he suspected the Chinese government.  Wolf also reported that similar attacks had compromised the systems of several other congressmen and the office of the House Foreign Affairs Committee.
4) Commerce Department
The Commerce Department’s Bureau of Industry and Security had to throw away all of its computers in October 2006, paralyzing the bureau for more than a month due to targeted attacks originating from China. BIS is where export licenses for technology items to countries like China are issued.
5) Naval War College
In December 2006, the Naval War College in Rhode Island had to take all of its computer systems offline for weeks following a major cyber attack. One professor at the school told his students that the Chinese had brought down the system. The Naval War College is where much military strategy against China is developed.
6) Commerce Secretary Carlos Gutierrez and the 2003 blackout?
A National Journal article revealed that spying software meant to clandestinely steal personal data was found on the devices of then Commerce Secretary Carlos Gutierrez and several other officials following a trade mission to China in December 2007. That same article reported that intelligence officials traced the causes of the massive 2003 northeast blackout back to the PLA, but some analysts question the connection.
7) McCain and Obama presidential campaigns
That’s right, both the campaigns of then Senators Barack Obama and John McCain were completely invaded by cyber spies in August 2008. The Secret Service forced all campaign senior staff to replace their Blackberries and laptops. The hackers were looking for policy data as a way to predict the positions of the future winner. Senior campaign staffers have acknowledged that the Chinese government contacted one campaign and referred to information that could only have been gained from the theft.
8) Office of Sen. Bill Nelson, D-FL
At a March 2009 hearing, Nelson revealed that his office computers had been hacked three separate times and his aide confirmed that the attacks had been traced back to China. The targets of the attacks were Nelson’s foreign-policy aide, his legislative director, and a former NASA advisor.
9) Ghostnet
In March 2009, researchers in Toronto concluded a 10-month investigation that revealed a massive cyber espionage ring they called Ghostnet that had penetrated more than 1,200 systems in 103 countries. The victims were foreign embassies, NGOs, news media institutions, foreign affairs ministries, and international organizations. Almost all Tibet-related organizations had been compromised, including the offices of the Dalai Lama. The attacks used Chinese malware and came from Beijing.
10) Lockheed Martin’s F-35 program
In April 2009, the Wall Street Journal reported that China was suspected of being behind a major theft of data from Lockheed Martin’s F-35 fighter program, the most advanced airplane ever designed. Multiple infiltrations of the F-35 program apparently went on for years.