Updated August 28, 8:50am EDT
A standard, even boring, piece of Chinese military propaganda screened in mid-July included what must have been an unintended but nevertheless damaging revelation: shots from a computer screen showing a Chinese military university is engaged in cyberwarfare against entities in the United States.
The documentary itself was otherwise meant as praise to the wisdom and judgment of Chinese military strategists, and a typical condemnation of the United States as an implacable aggressor in the cyber-realm. But the fleeting shots of an apparent China-based cyber-attack somehow made their way into the final cut.
The screenshots appear as B-roll footage in the documentary for six seconds—between 11:04 and 11:10 minutes—showing custom-built Chinese software apparently launching a cyber-attack against the main website of the Falun Gong spiritual practice, by using a compromised IP address belonging to a United States university. As of Aug. 22 at 1:30pm EDT, in addition to Youtube, the whole documentary is available on the CCTV website. But by Aug. 25, multiple media noted that the video had been removed.
The screenshots show the name of the software and the Chinese university that built it, the Electrical Engineering University of China’s People’s Liberation Army—direct evidence that the PLA is involved in coding cyber-attack software directed against a Chinese dissident group.
The software window says “Choose Attack Target.” The computer operator selects an IP address from a list—it happens to be 220.127.116.11—and then selects a target. Encoded in the software are the words “Falun Gong website list,” showing that attacking Falun Gong websites was built into the software.
A drop-down list of dozens of Falun Gong websites appears. The computer operator chooses Minghui.org, the main website of the Falun Gong spiritual practice.
The IP address 18.104.22.168 belongs to the University of Alabama in Birmingham (UAB), according to an online trace.
The shots then show a big “Attack” button on the bottom left being pushed, before the camera cuts away.
“The CCP has leaked its top secret here,” says Jason Ma, a commentator for New Tang Dynasty Television. “This is the first time we see clearly that one of the top Chinese military universities is doing this research and developing software for cyber-attacks. There’s solid proof of it in this video,” he said.
The Chinese Communist Party has consistently denied that it is involved in cyber-attacks, but experts have long suspected that the Chinese military engages in them.
“Now we’ve got proof,” Ma says. “They’re also extending their persecution of Falun Gong overseas, attacking a civil website in the U.S. These are the clear messages revealed in these six seconds of video.”
Network administrators at UAB contacted on Friday took a look at the IP address on their network and said it had not been used since 2010.
One of the technicians also recalled that there had been a Falun Gong practitioner at the university some years ago who held informal Falun Gong meetings on campus. They could not confirm whether that individual used that IP address.
A UAB network administrator assured The Epoch Times that they have safeguards against both network intrusions, and that their network is not compromised.
After the short interlude, the documentary continued with the themes it had started with for another nine minutes.
Last month McAfee, a network security company, said that an unprecedented campaign of cyber-espionage—affecting over 70 organizations or governments around the world and implicating billions of dollars in intellectual property—was being carried out by a “state actor.”
Later evidence traced IP addresses involved in the attack to China, and a growing mountain of other circumstantial evidence also suggests that the attacks originated from China.
The military documentary on July 17, on the other hand, was meant to show that the United States is the real aggressor in cyberspace, and that China is highly vulnerable to cyber-attacks. “America is the first country to propose the concept of a cyberwar, and the first country to implement it in a real war,” the narrator said at one point.
It might have worked, except for those screenshots.
UPDATE 2: On Aug. 26 Government Computer News (GCN)—a publication for U.S. government IT professionals—called the six seconds of cyber-attack footage “the smoking gun on China’s U.S. cyberattacks.” In July, GCN had published a report on the anatomy of a cyber-attack that appeared to originate in China. It was an attack on a “honeypot” network—a trap GCN created specifically to attract an attack to examine hackers’ modus operandi. GCN’s John Breeden writes that the type of “push of a button” attack documented in the CCTV footage, “is exactly what I said happened to the GCN honeypot network.”
GCN “focuses on how to buy, build and manage the technologies that run [U.S.] federal, state, and local government,” according to its online description.
UPDATE: The University of Alabama at Birmingham made a statement after the news broke, noting that the IP address belonged to a website that was decommissioned in 2001 because it had been created against UAB rules. They said that they believe the purpose of the action demonstrated in the video was not to launch an attack from that website, but to block access to it, and that they’re not aware of any such attack, past or present.
Follow Matthew on Twitter @mprobertson.
Follow Helena on Twitter @HelenaZhu.
Follow The Epoch Times’ China feeds on Twitter @EpochTimesChina.