What’s the Future of Chinese Hacking?
Despite successful diplomatic efforts, Chinese hackers will keep attacking American targets.
Adam Segal, the Ira A Lipman Chair for Emerging Technologies and National Security and director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations, is the author of The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age,
After years of public reporting on the theft of intellectual property, business strategies, and trade secrets, last month the cybersecurity firm FireEye issued a report headlining a steep decline in Chinese cyber espionage against organizations in the US and 25 other countries.
The number of network compromises by 72 suspected China-based groups dropped from 60 in February 2013 to less than 10 by May 2016. While FireEye did not rule out the possibility that improvements in tradecraft were leading to less detection (FBI Director James Comey once compared Chinese hackers to drunk burglars who kick in the door and knock over a vase on their way out with the TV), US Assistant Attorney General John Carlin confirmed the company's findings that attacks were less voluminous but more focused and calculated.
A combination of the threat of US sanctions, a diplomatic accord signed by President Barack Obama and President Xi Jinping, and internal reforms of the People's Liberation Army may have temporarily produced a dramatic decline in cyber espionage, but is it time to shut down the firewall, send the threat intelligence analysts home, and declare victory? Very unlikely.
China hacks because it wants to move its economy from labor intensive manufacturing to high technology innovation.
For Beijing, cyberspace is essential to economic growth, sustaining and strengthening the Chinese Communist Party, and maintaining domestic stability and national security. As a result, China hacks because it wants to move its economy from labor intensive manufacturing to high technology innovation; defeat foreign ideologies and weaken opponents of the regime; and counter the technological advantages of the US military in the Pacific.
These fundamental motivations direct state-backed hackers to a set of high value targets. Because Chinese leaders do not want to be dependent on foreign technology suppliers, and are impatient with the results produced so far by massive investments in education and scientific research, Chinese hackers steal intellectual property from high technology companies as well as business secrets from the pharmaceutical, financial, energy, legal, and other sectors. "The situation that our country is under others' control in core technologies of key fields has not changed fundamentally, and the country's S&T foundation remains weak," President Xi Jinping told a gathering of the nation's top scientists in May 2016. The companies breached are global, with victims identified in Germany, Australia, Japan, India, and the United Kingdom.
Worried about the spread of ideologies that threaten regime legitimacy, and the ability of domestic opponents to organize and foment dissent, Beijing supports cyber attacks on Tibetan and Uighur activists, NGOS and think tanks, and the diplomatic, military, and political agencies of all the major powers. When the New York Times and Bloomberg published stories about the massive wealth amassed by the families of China's top leaders, they, along with other media outlets, were hacked.
Chinese hackers also conduct intelligence and counterintelligence operations. The theft of 22 million records from servers of the Office of Personnel Management included information perfect for blackmail, and might also allow Chinese counterintelligence agencies to identify spies working undercover at US embassies around the world.
Chinese defense planners are preparing the PLA to fight "informationized local wars": short, technologically-intense regional wars. The potential enemy in these future wars is usually referred to as a "technologically advanced" adversary but is clearly a stand-in for the United States and its allies. As a result, these planners want to both understand and disrupt US weapons platforms. Two PLA groups, Units 61938 and 61486, have reportedly stolen information from over two dozen Defense Department weapons programs, including the Patriot missile system, the US Navy's new littoral combat ship, and the F-35 and F-22 stealth fighter jets.
Cyberspace remains central to all of Beijing's predominant economic and political interests, and cyber attacks are, and will continue to be, a potent tool.
If a conflict breaks out over Taiwan or the South China Sea, the PLA will want to disrupt communication, transportation, intelligence, and reconnaissance systems, so hackers have mapped these networks. In addition, Chinese leaders want to signal to US policymakers that the conflict may not stay regional, and so PLA operators have penetrated into banking, energy, and other critical infrastructure networks, and may have intentionally left evidence of the intrusions as a reminder that the US homeland is not immune to attack.
Given Beijing's long-term strategic concerns about technological innovation, domestic stability, and national security, Chinese hackers may change tactics and organization, but they will remain focused on a similar set of targets.The creation of the Strategic Support Forces, a move intended to centralize space, cyber and information warfare troops, will result in greater coordination among the many different hacking groups and better tradecraft overall.
Continued tension over China's sovereignty claims in the South China Sea mean that the networks of the US military and its regional allies will remain prime targets. As the economy moves up the value chain, and as Chinese technology companies like Xiaomi, Huawei, and AliBaba compete in global markets, cyber economic espionage will be narrower and more tailored to specific technologies. The attacks on domestic opponents and outside ideological threats are will become more sophisticated and increase in pace as the Chinese Communist Party appears increasingly worried about domestic stability, regime legitimacy, and the spread of information within China.
Chinese leaders will also be watching closely how the Obama administration responds to the alleged Russian hacking of the Democratic National Committee. Like Moscow, Beijing also believes that it is in an ideological contest with the West and it has tried to shape the information space, though in a more limited way, for example by trolling Tibetan independence activists on Twitter and using distributed denial of service attacks to knock GitHub offline for hosting anti-censorship technology.
However, the complex interdependence of the Chinese and US economies and a greater slate of shared interests in global affairs make a hack as brazen as an effort to influence the US election highly improbable. Still, cyberspace remains central to all of Beijing's predominant economic and political interests, and cyber attacks are, and will continue to be, a potent tool.
The Hacks We Can't See is Motherboard's theme week dedicated to the future of security and the hacks no one's talking about. Follow along here.