Wednesday, October 26, 2016

Do You Wish to Share Your Location?

Could Chinese-made consumer electronics be a threat to our aircraft carriers?

The military doesn't trust Chinese-made electronic devices:

The [Department of Defense J-2] report warned that use of Lenovo products could facilitate cyber intelligence-gathering against both classified and unclassified—but still sensitive—U.S. military networks.

One official said Lenovo equipment in the past was detected “beaconing”—covertly communicating with remote users in the course of cyber intelligence-gathering.

“There is no way that that company or any Chinese company should be doing business in the United States after all the recent hacking incidents,” the official said.

Back in 2006 I speculated that the Chinese plans to sink our carriers with land-based ballistic missiles might shorten their kill chain (the process that starts with finding and ends with hitting a target) by putting a homing beacon on our carriers:

What if Chinese agents placed a signalling device on the keel of an American aircraft carrier while in port? Or a homing device in the galley's coffee machine before it is installed? Or buried in the storage bins of some bulk product? What if the Chinese maneuvering ballistic missiles were designed to home in on the signal of such a device and the Chinese had a means to turn on the device when needed?

We have few carriers at sea at any time, so the list of ships to be tagged is pretty small.

And given the Internet of things problems we are having with Internet-connected appliances being used for botnets, the coffee machine reference is no longer hyperbolic.

And since then, I've apparently (I say this because when I started this post I had forgotten earlier posts on the subject) noted developments that indicate that what was once considered fanciful could in fact work.

American efforts to break the Chinese kill chain to sink or disable our carriers (and I think my post compares well to a CRS look at the issue) would be less relevant if the Chinese manage to put a bunch of Chinese-made devices capable of "beaconing" on our carriers or even their surface escorts.

Of course, staying out of range of the DF-21 is the best solution.

UPDATE: Interesting:

Chinese hackers attempted to gain information about an American aircraft carrier by sending fake emails to foreign government officials scheduled to tour the ship. Visitors to the USS Ronald Reagan were targeted with malware in an attempt to access their computers, according to the Financial Times.

It didn't work. And would have not provided tactical intelligence as much as strategic intelligence about the effect of the visits on those who visited the carrier.

But what if the Chinese targeted the carrier crew? Could malware be used to turn on the location feature of a crew member's smart phone while at sea?

I assume the answer is a resounding no, since obviously there would be no cell towers in the middle of the ocean, and who would have satellite-linked smart phones?

But every year it seems like opportunities for this type of tracking improve.