Since Donald Trump became President, one can’t open a webpage or turn on the news without hearing “Russia” and “hacking” in the same sentence… and with good reason.
In mid-February, Trump’s own national security advisor, H.R. McMaster was forced to admit Russian meddling in the 2016 election was “incontrovertible” and Robert Mueller charged thirteen Russian nationals and three Russian entities with interfering with the election.
Whatever the outcome of the Mueller Investigation, Trump’s doth protest too much misdirection and self-incriminating Russia-related Twitter meltdowns mean suspicious eyes will continue to gaze only as far east as Moscow. Which is exactly what the Chinese want.
THE GREAT WALLS OF CHINA
Vast, rugged and clouded in secrecy, China has been largely inaccessible ever since emperor Qin Shi Huang protected its citizens from attack behind The Great Wall two thousand, two hundred years ago. Nowadays, China’s online population of 731 million are ‘protected’ by the world’s largest censorship and surveillance system, The Great Firewall or Golden Shield Project. Chinese netizens receive a highly restricted Internet which doesn’t include access to Google, Facebook, YouTube or Twitter without a VPN.
These strict censorship laws make getting facts, figures and reliable information out of the country difficult, but it’s not only Chinese policy that makes reporting troublesome. The West, and in particular The United States, continues to dictate the narrative that China is a boogeyman intent on taking over the world.
In a January 2018 interview with the BBC’s security correspondent, the Director of the CIA, Mike Pompeo stated that China is “as big a threat to the US (as Russia)” and “We’ve seen Chinese cyber attacks throughout the world.”
HOW DID THE USA’S CYBERWAR WITH CHINA BEGIN?
To understand the future, we must first look to the past. Hacking is inextricably linked with political events, and Chinese hackers’ first known cyberattack came in 1999 after the U.S. bombed the Chinese embassy in Belgrade, Kosovo killing three Chinese reporters. Patriotic hackers planted messages denouncing “NATO’s brutal action” on several U.S. government websites including the White House. CNN reported a brewing cyberwar.
In the same year, the government launched DDoS attacks against foreign websites associated with Falun Gong, a spiritual movement banned in China. Then, in 2001, after a mid-air collision killed a Chinese fighter pilot and led to the forced landing and detention of the American crew, Chinese hackers defaced thousands of U.S.-based websites with cyber graffiti, including the White House. The New York Times monickered this web-terrorism “The First World Hacker War”.
Over the next decade, China’s interest in cyberespionage became alarmingly apparent: A series of cyber intrusions – usually masked by proxy, zombie computer, spyware/virus infected malware with code-names like “Titan Rain”, “Byzantine Hades” and “GhostNet” were traced back to computers in China.
Between 2003 and 2007, the “Titan Rain” hackers, thought to be associated with the Chinese army, invaded and stole sensitive data belonging to The Pentagon, Britain’s Ministry of Defence and U.S. Department of Defense contractors.
In 2010, “Operation Aurora”; an ultra-sophisticated Advanced Persistent Threat by The Elderwood Group, who has ties to the People’s Liberation Army, used unprecedented tactics that combined encryption, stealth programming and a zero-day vulnerability in Internet Explorer. These targeted attacks on corporate infrastructure hit at least 34 companies in the tech, financial and defence sectors including seeking source code from Google and Adobe.
Back-and-forth attacks continued for a decade as Chinese hackers stole intellectual property and government secrets including designs for military weapons systems and the advanced F-35 stealth fighter.
Something had to be done, and relations between America and China improved in 2013 when Presidents Obama and Xi Jinping shook hands across the Pacific. President Xi claimed the talks as “a new historical starting point.” But all good things come to an end, and in 2014 hackers working for the Chinese state twice breached the Office of Personnel Management’s (OPM) computer system, compromising the personal data of 22 million federal employees.
Obama and Xi Jinping met again in 2015, and the two nations reached an official Cyber-Agreement to stem cyber espionage, curb the theft of intellectual property, agreed that their governments would not conduct or knowingly support cyber-enabled theft of business secrets and set up channels for cyber cooperation.
China arrested hackers from Shanghai-based hacking group Unit 61398 in connection to the OPM intrusion, but American-Sino cyber relations soured and have never truly recovered. Indeed, American cyberintelligence firm CrowdStrike’s 2015 Global Threat Report identified “dozens of Chinese adversaries targeting business sectors… and 28 groups going after defense and law enforcement systems alone.”
HOW IS CHINA CHANGING CYBERWARFARE?
As with all forms of warfare, weaponry and tactics evolve fast. In addition to the traditional malware, trojans, worms, logic bombs, DDoS attacks and zero-day exploits, China is coming up with ingenious new ways to hack. By turning their existing manufacturing strengths to their advantage, it’s not just governments, security agencies and cyber analysts that will be affected, but also tech corporations and Android-based smartphone users on the street; like you and me.
The last six years has seen Huawei Technologies grow to become the largest telecoms equipment manufacturer in the world. The Shenzhen-based company produces more smartphones than Apple and its founder and CEO; Ren Zhengfei just so happens to be a former officer and engineer in the People’s Liberation Army; effectively an arm of the Chinese government.
As a result, the NSA believes the Chinese may have installed backdoors in Huawei equipment, enabling it for surveillance. In mid-February 2018, the heads of five other major US intelligence agencies including the CIA and FBI warned American citizens against products and services from Huawei and ZTE. FBI Director, Christopher Wray also told Congress the company’s products “provide the capacity to conduct undetected espionage.”
MADE IN CHINA
If the idea of your Android-based smartphone spying on your for the Chinese government sounds far-fetched, malware has also been found loaded on Xiaomi, Lenovo and other Chinese smartphones. In 2016, mobile security firm Kryptowire uncovered Chinese-authored malware on as many as 700 million budget Android devices. Hidden in a benign support app, the pre-installed, third-party software would covertly send call history, text messages, contact lists, location data and other sensitive information to a server in Shanghai every 72 hours to “tailor advertising to users.”
In late 2017, three Chinese nationals Wu Yingzhuo, Dong Hao, and Xia Lei, who worked for Chinese cybersecurity firm, Boyusec, were charged with coordinated cyber attacks against computer networks at Moody’s Analytics, Siemens AG and Trimble Inc.
Boyusec, it turns out, and hacking group APT3 are one in the same, and an internal report by The Pentagon’s J-2 Intelligence Directorate identified Boyusec and Huawei as working together to produce security products that could allow Chinese intelligence to remotely steal data from phones and computers.
While Huawei is banned from competing for US Government contracts, China’s huge telecoms manufacturing industry means offensively; the country could already be exploiting huge cybersecurity flaws/backdoors in every device it manufactures.
Defensively, China is ahead of the rest of the world, too. The Great Firewall can act as a forcefield, redirecting inbound internet traffic to attack sites as it did in 2015 when Github and GreatFire experienced the largest DDoS attacks in their history, the latter receiving 2.5 billion spoof requests per hour.
China also has a new Cybersecurity Law, which came into effect in June 2017. Compliance rules now require network operators to store personal data on domestic servers (within The Great Firewall) and allow authorities to conduct mandatory spot-checks on a company’s network operations.
Beijing asserts the law is intended to bring China in line with European and American cybersecurity and data management best practices. But with companies such as Apple migrating local users’ encryption keys to local server farms on Chinese soil, all those mandatory data requests, together with China’s repressive legal environment, could make government snooping that much easier.
SIX OF ONE AND HALF A DOZEN OF THE OTHER
For all this talk of Chinese aggression, let’s not forget that cyber espionage works both ways. In addition to dealing with the USA, China also faces the same attacks from North Korea, the Middle-East and probably Russia as the rest of the world… despite President Xi having a bilateral cyber non-aggression pact with Putin.
Chinese Internet security company Qihoo 360 stated the 2017 WannaCry ransomware attack had infected close to 30,000 Chinese organisations. Between January and October 2016, China was hit by 17.5 million cyber attacks, most of them Trojan viruses and bots from the United States, according to the National Computer Network Emergency Response Technical Team and Coordination Center, the country’s top security risk-monitoring authority.
China isn’t the only party guilty in this spiral of mistrust. Edward Snowden’s 2013 intelligence leaks underscored the sophistication and extent of internet surveillance by the United States and its allies against targets worldwide, including China.
WILL THE REAL CYBER THREAT PLEASE STAND UP?
In the aforementioned BBC interview, America’s spymaster general, Mike Pompeo gleefully states “We are the world’s finest espionage service, I’m incredibly proud of that. We’re going to go out there and do our damnedest to steal secrets” while China’s People’s Daily newspaper has described the United States’ accusations as “a thief crying ‘stop thief!’”
The fact of the matter is, the USA engages just as aggressively in cyber campaigns; we just don’t hear about it because of China’s secrecy and the fact that, like it or not, we are unwitting slaves to our mainstream media outlets.
Is China really an existential threat or is this cyber warfare the new face of creating a necessary boogeyman; a continuation of the paranoia and political muscle-flexing that’s been going on for decades?
Until this cyber arms race turns from an ideological war to a real war in The United States via a cyber Pearl Harbor or death by a thousand cuts by China, it will be difficult to say… especially if you’re Donald Trump.
In the meantime, we netizens in the west should just keep buying more Chinese-made Internet of Things (IoT) connected devices… and hope we don’t hear Chinese whispers coming from our widescreen televisions anytime soon.