Times sure have changed. It used to be, if you were interested in politics, you went into politics—maybe built up credentials in foreign affairs or law. And if you liked technology, you went into science, computer science, or some related discipline. But those idyllic days of relative separation are long gone. Now, we inhabit a world where tech is not only political, it’s social, it’s financial, and it’s educational. But more alarmingly, tech has also been deeply weaponized into a whole new breed of animal known as cyber warfare.Most recently making the rounds in the headline news? U.S. President Donald Trump accused China of cyber-meddling in the midterm elections. Whether or not that particular claim is accurate, the fact remains that Chinese attackers have been targeting U.S. computer systems and networks for decades.
The start, maybe
Two decades ago, the first widely publicized cyber attack originating from China occurred after the U.S. mistakenly bombed the Chinese embassy in Belgrade. That attack consisted of planting anti-NATO messages on several U.S. government websites. Now that seems like child’s play compared to more recent, sophisticated attacks that have infiltrated critical infrastructure, commercial, and military computer networks.
Even back in 2007 and 2008, it was suspected that Chinese hackers had gained control of two U.S. satellites. And in 2012, General Keith Alexander, head of the National Security Agency, testified to members of Congress that China was behind hacks to “a great deal” of military-related intellectual property, admonishing that something needed to be done.
A deal, now in the dust
By 2015, the prevalence of such attacks was so large and so well-known that President Barack Obama signed an agreement with China’s president Xi Jinping in which both sides agreed not to cyber spy on each other’s commercial enterprises, as it was seen as being mutually bad for trade between the two countries. That seemed, by most accounts, to be working until fairly recently, when a significant rise in Chinese-based cyber attacks was detected by cybersecurity analysts.
This increase corresponds to the U.S. government’s announcement of trade sanctions and tariffs against the Chinese, which went into effect this past July. As early as June, researchers detected evidence of renewed, harder-to-trace attacks by Chinese state-sponsored hacking teams linked to the People’s Liberation Army and the Ministry of State Security. Some infiltrations are at first camouflaged as attacks by persons or groups unaffiliated with the Chinese government, only to be revealed after considerable sleuthing to be associated with Chinese government agencies.
China, the suspect
It’s widely suspected that such government agencies recruit, or perhaps force, what are ostensibly private companies to do their hacking for them—or the companies themselves are a front for the agencies. For instance, the electronic footprints of a hacker named “Mr. An”—already thought to be a member of a group called APT10 that’s blamed for many intrusions—led to a company by the name of Tianjin Tiaoyiye Technology Development Co Ltd. Yet a cyber-sleuthing group calling itself Intrusion Truth published, just this past August, information that suggests Mr. An has ties to the Chinese Ministry of State Security.
Severe enough for a DHS warning
This recent surge is so threatening, the U.S. Department of Homeland Security saw fit to publish an alert in early October that specifically warned against attacks by APT10 (also known by other names such as Cloudhopper) on managed service providers. Such MSPs can be pathways into their many clients, which in turn might be firms engaged in a virtually limitless variety of domains: manufacturing, energy, healthcare, communications, and technology supply chains, as was reported by Bloomberg, also in early October. It’s widely speculated that what’s driving this Chinese cyber-theft into so many areas is the “Made in China 2025” plan, which was announced in 2015 and has as its goal Chinese manufacture of 70% of “core materials” by 2025. It sounds like a nice objective for achieving economic self-sufficiency, except that the means to the end has resulted in theft of U.S. intellectual property that some estimates put as high as over $107 billion for 2017. (Worldwide numbers for what’s been called a pandemic of IP theft are up to $600 billion for last year.)
Defense — the ultimate target
Perhaps even more worrisome than intellectual property theft are the direct hacks into American defense-related infrastructure, industries, and even weapons systems. According to a report released in June 2018 by the Symantec Security Response Attack Team, a group of cyber attackers operating from computers inside China are currently targeting U.S. satellite communications and defense sectors as part of a “wide-ranging” operation. Symantec’s researchers think that these hackers are trying to learn how to infect computers that run and monitor satellites and have also infiltrated systems of telecommunications operators.
The most alarming intrusions might be those of direct defense industry participants. We likely don’t hear about all of them for reasons of national security, but in February 2018, U.S. Director of National Intelligence Daniel Coats testified that most of the detected Chinese cyber operations against U.S. industry focus on defense contractors or tech firms supporting government networks.
One unfortunately successful breach became public in early June of this year, when it was reported that Chinese government hackers stole over a terabyte of data from an unidentified Navy subcontractor. The “loot” included secret plans for a supersonic anti-ship missile, submarine encryption and sensor information, and more. It’s already recognized within defense circles that much of China’s modern military hardware such as advanced missiles, drones, and even stealth aircraft are based on U.S. designs stolen through hacking. Most recently, the new Chinese J-20 stealth fighter that became operational in September looks remarkably like the Lockheed-Martin designed F-22.
Seems like cyber warfare emanating from China is here to stay. The question is, what are we going to do about it?
Related Resources:
Reeling From Cyberattacks, EU Revamps
How to Protect Mid-Tier Enterprises