Cyberattacks on the US are often blamed on China
Analysts say China's cyber operations are an active threat
Now, hackers are targeting neighboring Asian countries like Taiwan and Hong Kong
Editor’s Note: Kristie Lu Stout is the host of “On China,” a talk show on CNN International. The latest episode looks at China’s military.
It’s the nagging glitch in the US-China relationship that was inevitably mentioned during the first US presidential debate this week between Donald Trump and Hillary Clinton – cyber warfare.
(Or, as Trump put it, “the cyber“).
During the debate, Trump questioned whether Russia was indeed behind a series of cyberattacks on the Democratic National Committee – a conclusion that US officials and his election rival have reached.
“She says, ‘Russia, Russia, Russia,’” said Trump. “It could be China.”
’Cloak-and-dagger to bits-and-bytes’
In the dark world of cyber-espionage, the finger of blame has often been pointed at China.
Earlier this year, China’s cyber spies were accused of hacking into dozens of workstations and servers at the Federal Deposit Insurance Corp.
Last year, Chinese hacking was blamed for the massive data breach at the US Office of Personnel Management which compromised the data of over 21 million people.
And in May 2014, US federal prosecutors indicted members of the People’s Liberation Army (PLA) for cyber-espionage for economic gain.
China has all along denied the allegations of state-sponsored hacking. But analysts say China’s cyber operations are an active threat.
“Military intelligence has rapidly moved from cloak-and-dagger to bits-and-bytes over the last fifteen years… and China’s no exception to that,” says Bryce Boland, Asia-Pacific CTO of FireEye, a cybersecurity firm.
“China has been developing its capabilities within the PLA for a number of years, going back at least a decade. And their capabilities have now also been brought together into a single, strategic organization that is essentially a new branch of the military.”
Shift in behavior
China is of course not the only actor in this era of cyber warfare.
But it has taken a significant step forward with the United States to establish some ground rules in a new domain of conflict with no widely-held norms.
During President Xi Jinping’s state visit to the US last year, the China and the US formally agreed not to conduct or knowingly support economic cyber-espionage.
“I think China, after that, has tried to comply with that agreement,” says Tong Zhao of the Beijing-based Carnegie-Tsinghua Center for Global Policy.
“China increasingly realizes it is in China’s interests to promote a rule-based system.”
And since the agreement, FireEye has observed a significant change in Chinese cyber activity.
“We’ve seen a shift in behavior since the Obama-Xi agreement. And that shift in behavior has resulted in a decrease in attacks against US and Western organizations for the purposes of stealing their intellectual property,” says Boland.
“We’ve almost seen a pivot towards Asia. We’ve seen more targeted attacks now focused on information gathering and intelligence collection from countries on the periphery of China – anyone with a land boundary or involved in a maritime dispute. And that kind of activity is much more focused on intelligence.”
China’s cyber-spies target Asia
China’s cyber-spies are pivoting away from stealing US trade secrets as they move towards gathering intelligence in a region fraught with geopolitical tension.
Take Taiwan, for instance.
Relations with Taipei and Beijing have been tense since the landslide election of Tsai Ing-Wen, Taiwan’s first female president. Her Democratic Progressive Party (DPP) has traditionally leaned in favor of formal independence from China.
After the DPP’s election win, its website was compromised and replaced with a spoofed site to collect data on visitors.
And then, there’s Hong Kong.
Two years after Hong Kong’s pro-democracy “Umbrella Movement,” the city’s first legislative elections since the mass demonstrations provided a platform for a small but vocal independence movement – much to the chagrin of Beijing.
Before the election, two Hong Kong government agencies were targeted by cyber-attackers using new malware tools.
According to FireEye, both incidents were the work of Chinese state-sponsored hackers.
“We know those that those attacks were originated from China… they were clearly politically motivated attacks,” says Boland.
“The only logical consequence is that they are operated by a group of people who had a political activity to conduct, so we believe they were state-sponsored.”
Not all attacks officially sanctioned
But not all hack attacks originating from China have the official red seal of approval.
After an international court ruled that China did not have a historic right to a disputed area in the South China Sea, flight information screens at Vietnam’s two biggest airports were hacked to show messages criticizing the Philippines and Vietnam and their territorial claims in the region.
Analyst Tong Zhao is convinced that the Vietnam airport hack was not the work of Chinese state agents.
“We used to assume that China is a country having a very centralized political system – the central government must be in control of everything. I think that assumption is inaccurate,” Zhao says.
And he’s right. As powerful as it may be, China is not a single monolith. It’s a vast system of many different actors – military or civilian, state-backed or for-hire.
But China’s many cyber actors can come together for a common goal – to advance China’s security interests and its standing in the information age.