The number of hacker infiltrations of US security systems has increased over the past few years. A growing share of these infiltrations seem to originate in China.
入侵美国国家安全网络系统的黑客越来越多,其中一大部分似乎来自于中国。
In the American film The Matrix, Keanu Reeves goes by his hacker pseudonym “Neo.” “Neo” is portrayed as the epitome of coolness and mystery while his real world self is dull and lifeless.
This portrayal of hackers is typical in American culture. However, such a misdirected view of hackers by Americans has recently undergone a rude awakening.
On April 8th this year, according to a Wall Street Journal report, national security officials confirmed that overseas hackers had compromised the energy grid of the United States.
Janet Napolitano, Secretary of Homeland Security, said in regards to the energy grid hacking, “The vulnerability has been something that the Department of Homeland Security and the energy sector have known about for years… I can confirm the vulnerability.”
A few weeks later, on April 21, it was reported that foreign computer spies hacked into computers holding plans for the Joint Strike Fighter, the United State’s most technologically advanced fighter aircraft and most expensive weapons program ever.
Where does China come into this story? IP addresses reveal that many of the hackers who broke into these high profile systems came from China. While not naming numbers, a senior intelligence officer said, “The Chinese have attempted to map our infrastructure, such as the electric grid.”
Furthermore, in the Pentagon’s annual report, “Military Power of the People’s Republic of China,” the Pentagon acknowledges that, “China has made steady progress in recent years in developing offensive nuclear, space, and cyber warfare capabilities – the only aspects of China’s armed forces that, today, have the potential to be truly global.”
While many people see nuclear weapons and terrorist attacks as main security threats to the United States, James Lewis of the Center for Strategic and International Studies thinks people are looking past a crucial issue.
“[Hacking] already is a main security threat up there with terrorism,” Lewis says. “What people have trouble understanding sometimes is that it is a different type of security threat. Terrorists want to blow things up, while hackers want to commit espionage.”
Explosions are devastating of course, but cyber attacks could be even more disruptive and dangerous. Espionage via hacking could jeopardize national security in many ways.
So what is the relationship between the Chinese government and Chinese hackers? Lewis thinks that the fact that there have been very few instances where the Chinese government has condemned the actions of its own hackers hints at their implicit approval.
“A lot of these hackers are in some ways linked to, or employed by the Chinese government… It’s not something that’s being done without the consent of the Chinese government,” Lewis says.
The type of information that is hacked is evidence suggesting that the Chinese government plays a role in these cyber attacks.
An article from the Far Eastern Economic Review explains, “the scale of the intrusions and the type of information being taken from U.S. defense computer networks—military manuals, logistics information, weapon performance and design information—leaves little doubt that the bulk of the activity is directed by the Chinese government or intelligence services.”
Furthermore, Chinese state-run China Daily reports that hacker academies are popping up all around the country, with the industry itself generating over US$34 million last year which is mainly attributed to hacker training fees. Companies, such as Yinhe Hacker Training Academy, are now publicly advertising and recruiting young students interested in network security.
Although these academies are outside governmental control, the government is fully aware of them and tolerates them as long as they don’t hack Chinese sites. Lewis says the Chinese government monitors these teams and often recruits those that show the most talent.
However, the government’s policy towards hackers could backfire. There could be a correlation between the rise of Chinese hackers and an increase in domestic freedoms such as free speech, which could lead to hackers becoming dissidents or supporting dissidents. Already, some hackers in China have hacked into the Google China search function, risking serious punishment in order to see full, uncensored results.
The Chinese government has speedily cracked down on hackers who pose a threat to the domestic economy and public safety. Examples include “Yu Hua,” who hacked into Chinese companies’ databases and stole customer information, and a 19-year old Chinese man, only identified by his surname Chen, who issued a false earthquake warning by hacking into a provincial seismological bureau’s website. Both “Yu Hua” and Chen were arrested. Chen quickly received 4years of prison time.
So what is the motivation of these Chinese hackers?
Past attacks suggest that nationalism is one of the main reasons for their attacks. This is supported by the fact that, on many of the web pages that Chinese hackers have attacked, nationalistic messages were left on the screen.
These hackers could help open up public discussion. However, Jack Qiu, Assistant Professor at the Chinese University of Hong Kong, believes hackers are not too interested in liberalizing Chinese society.
“Most of the hackers I have talked to did not really care about free speech. They were either nationalistic hackers or self-centered cyber-criminals trying to hack bank systems for the money or show off individualistically. Is there any reason for closer connection between hackers and free speech in China in recent years? I don’t see any,” he says.
In theory, hackers could create digital networks that move the control of information outside the Chinese Party-State’s grasp. Lewis of CSIS thinks this is possible, but so far this does not seem to be a hacker priority.
The Chinese government’s lack of reaction to nationalist attacks tacitly encourages them. While the government quickly cracks down on any political attacks against it, it’s more than likely to turn a blind eye to attacks against foreign governments.
“If you want to hack a foreign site for political purposes, they’re very tolerant of that but if you want to for other reasons they are less indulgent,” Lewis says.
Judging by American public outcry over reports of Chinese hacking sensitive U.S. material, it appears that government officials are beginning to see how big a threat these hackers are. In the past few years, the U.S. government has explicitly said that cyber-security is a high priority.
On February 14, 2003, President Bush signed the “National Strategy to Secure Cyberspace,” signaling his administration’s acknowledgement of the security threat and outlining his approach. In January 2008, Bush went a step further by signing “The Comprehensive National Cyber Security Initiative,” which was largely classified, but reportedly had dozens of measures to better protect computer systems and networks.
President Obama increased the U.S. cyber-security budget by 21% from 2009 to 2010, from US$294 million to US$355 million. However, Obama has yet to find someone to fill the top White House cyber-security post. Another position at the Department of Defense could potentially be charged with coordinating military cyber-security activities.
Qiu thinks individual nations trying to solve problems on their own are doomed to fail. “So far, no single national government has demonstrated convincing capacity to control hackers. [Instead] the Russian proposal of multi-lateral anti-proliferation-type treaty, if properly implemented, seems to be the best approach,” he says.
However, there is still much debate of whether the new cyber-security coordinator should be under the Depart of Homeland Security (DHS) or simply an office in the White House. Under proposed bills by the senate, the cyber-security coordinator would report directly to the President. In contrast, if this office is placed under DHS, the coordinator would report directly to the secretary of homeland security and would also serve as an advisor to the president.
Lewis sees the cyber-security coordinator as essential to the White House staff.
“If it’s a crime, we don’t send the military out to arrest people; if it’s an intelligence issue, it’s not the military that gets involved… Instead it’s the FBI, CIA, [and] NSA. I think the White House coordinator will be a little more effective in pulling that all together,” Lewis says.
While Lewis believes the methodology the White House is using is correct, he says some flaws remain. “I think they’re going in the right direction but not as fast as some of us have hoped.”
This can be seen with the White House still failing to fill the top White House cyber-security post. Melissa Hathaway was temporarily filling this position but she recently announced her resignation, casting more uncertainty around the position.
Clearly there is work still to be done.
While hacking has been overlooked, it is in fact a very real and imminent threat. If Chinese hackers continue their successful attacks on strategically important U.S. systems, there could be serious consequences for U.S.-China relations. This would especially be so if the U.S. believes that the Chinese government is not just implicitly behind the hackers, but actively supporting them.
Michael Putnam is an undergraduate student studying International Relations and is pursing minors in Business Administration and Spanish at the University of Southern California.
