Tag Archives: cyberwarfare

Chinese espionage

Posted on by
1

The Chinese are spying on us.  Which seems only fair, since we are spying on them too.

You probably remember last year’s journalism hysteria when a Chinese surveillance balloon floated over the US, and the Air Force shot it down off the cost of South Carolina.  In the big picture, that was a mere kerfuffle, a foofaraw. 

But don’t be fooled.  Chinese espionage offers plenty to be worried about.  In a 2020 speech, FBI Director Chris Wray called “the counterintelligence and economic espionage threat from China… the greatest long-term threat to our nation’s information and intellectual property, and to our economic vitality.”

Since 2020, it’s only gotten worse.  Last October, the heads of intelligence from the US, Canada, UK, Australia and New Zealand – the Five Eyes Alliance – held “an unprecedented joint news conference to warn of… a ‘breathtaking’ Chinese effort to steal technology and economic intelligence and to influence foreign politics in Beijing’s favor.”  According to the FBI’s Wray,  the purpose of this first press conference in the organization’s 80 year history was to warn that the threat from “China’s espionage…  has only gotten more dangerous and more insidious in recent years… The FBI currently has over 2,000 investigations in progress that are linked to China.”

At the same conference, Ken McCallum, the Director General of Britain’s MI5 spy agency reported several examples of his own, including the fact that “suspected Chinese agents have approached over 20,000 people in the UK over professional networking sites like LinkedIn, in order to try to cultivate them to provide sensitive information.”

There are two main reasons why it is very difficult for the West to keep up:  China devotes more resources to espionage, and they are playing by different rules than we are.

Regarding resources, Wray testified before a US House committee on January 31 that, “If you took every single one of the FBI’s cyber agents [and] intelligence analysts and focused them exclusively on the China threat, China’s hackers would still outnumber FBI cyber personnel by at least 50 to 1.”

Chinese hackers work not just as government employees, but also for private Chinese companies that specialize in spying.  A few weeks ago, leaked documents from the Chinese security firm I-Soon recently revealed a price list of what they charged.  If you want to hack Twittter/X accounts and run a disinformation campaign, for $100,000 I-Soon will sell you specialized software to make your targeting and lying more efficient.  Do you want a huge database of personal information entered by unwitting users of Facebook and Telegram?  For $278,000 that too can be yours.

In addition to devoting greater resources to espionage, China’s authoritarian government is also playing by different rules.  Harvard’s Calder Walton summarized key differences in a recent article in Foreign Policy magazine:  “Unlike those in Western democracies, China’s intelligence services are not held to account by independent political bodies or the public, nor are they subject to the rule of law… Thanks to successive national security legislation passed under President Xi Jinping, Chinese businesses are required to work with its intelligence services whenever requested to do so… [In addition] facial recognition, phone apps, and CCTV all make China an infinitely harder target for Western agencies to collect intelligence on than Chinese services’ targets in open Western democracies.”

And if that’s not enough, according to David Vigneault, the director of the Canadian Security Intelligence Service, Chinese laws require its citizens “anywhere in the world to provide information to Beijing’s intelligence services.”

Just a few weeks ago, the FBI’s Wray updated Congress on one major cyber operation which he described as part of “the defining threat of our generation.”  In the Volt Typhoon project “Chinese hackers [have targeted] critical infrastructure in the U.S., such as water treatment plants, electrical grids, oil and natural gas pipelines and transportation systems.” 

The result of operations like Volt Typhoon, according to Congressional testimony by Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency, is that “A major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes all to ensure that they can incite societal panic and chaos and to deter our ability to marshal military might and civilian will.”

Your home network could be unwittingly aiding a massive Chinese espionage operation, if your router has been infected by KV Botnet malware.   

The primary methods behind this particular operation relied on human flaws “by exploiting vulnerabilities in small and end-of-life routers, firewalls and virtual private networks, often using administrator credentials and stolen passwords, or taking advantage of outmoded tech that hasn’t had regular security updates – key weaknesses identified in US digital infrastructure.”

If you have an old Cisco or Netgear router running your home or small business network, it may have been infected by “KV Botnet malware” planted by the Chinese. If so, your router was “chained together [with other infected routers] to form a covert data transfer network supporting various Chinese state-sponsored actors including Volt Typhoon.”  

Yikes.  Your innocuous little home network could be helping the Chinese to hide the origin of an infrastructure attack someday, since “the botnet’s distributed nature makes the activity hard to trace.”  This is a prime example of the way “state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive… cyberattacks against US critical infrastructure in the event of a major crisis.”

In December, the FBI fought back with a court-ordered action to “delete the KV Botnet malware from the routers.”  But if you restarted your router after the cleanup, your server will once again be vulnerable.  This is one of several reasons that experts say “the legal action is bound to be a only temporary disruption.”

To put it another way, the potential effects of Chinese espionage continue to rise.

In an article entitled “Spycraft and Statecraft,” William J. Burns, the director of the Central Intelligence Agency wrote in the current issue of Foreign Affairs that “This is a time of historic challenges for the CIA and the entire intelligence profession, with geopolitical and technological shifts posing as big a test as we’ve ever faced. Success will depend on…  adapting to a world where the only safe prediction about change is that it will accelerate.”

To address the China challenge, Burns reported that the CIA has more than doubled “the percentage of our overall budget focused on China over just the last two years. We’re hiring and training more Mandarin speakers while stepping up efforts across the world to compete with China, from Latin America to Africa to the Indo-Pacific.”  The New York Times reported that, “The C.I.A. and the Pentagon’s Defense Intelligence Agency have [also] set up new centers focused on spying on China. U.S. officials have honed their capabilities to intercept electronic communications, including using spy planes off China’s coast.”

Meanwhile, the American and Chinese economies continue to get more intertwined.  At the height of the Covid epidemic, many Americans learned for the first time that the US depends on China for things like surgical masks, personal protective equipment, respirators and many other medical products needed to fight the disease.  In the early stages of the pandemic, when world supplies were short, China wouldn’t share them.

The top ten products the US imports from China today include lithium batteries, display monitors, smartphones, digital automation systems, pre-dosed medications and data processors.  Good luck to all of us if access to these and other Chinese products was cut off during a crisis.

So, at the same time that we continue to compete with China politically and economically, we must simultaneously cooperate and work together to tackle existential challenges to the human race including climate change and avoiding nuclear war.

Last year, Pulitzer Prize winning reporter Thomas L. Friedman visited China for the first time since covid to try to get a grip on what all this means.  Hu Xijin, one of China’s most popular bloggers, said to him: “You have been in the first place for a century, and now China is rising, and we have the potential to become the first — and that is not easy for you… [But] you should not try to stop China’s development. You can’t contain China in the end. We are quite smart. And very diligent. We work very hard. And we have 1.4 billion people.”

Based on this and many other interviews, Friedman concluded: “I believe that [China and the US] are doomed to compete with each other, doomed to cooperate with each other and doomed to find some way to balance the two. Otherwise we are both going to have a very bad 21st century.”

Cyberwarfare

Posted on by
Reply

In cyberwarfare, one nation attacks or disrupts another’s operations by hacking into its computer networks.  The term covers a wide range of activities, including computer-based attacks on physical infrastructure, cyber-espionage and ransomware. 

In a speech last July, FBI Director Christopher Wray said of the cyber-threat from China: “The stakes could not be higher, and the potential economic harm to American businesses and the economy as a whole almost defies calculation.”  Similarly, a senior defense quoted in a New York Times article said:  “In the cold war, we were focused every day on the nuclear command centers around Moscow… Today, it’s fair to say that we worry as much about the computer servers in Shanghai.”

In 2018, the US established the Cybersecurity and Infrastructure Security Agency (CISA) to deal with this threat and to improve security across all government computer systems.  Why just two years ago?  As a recent Washington Post article noted “The majority of major destructive cyberattacks have taken place in the past few years… [And] with many militaries… racing to develop and integrate their own offensive hacking tools, the trend of geopolitical aggression seems set to grow.”

When specific US cyberthreats are identified, CISA issues special advisories.  For example, in  August one advisory warned “organizations researching COVID-19 of likely targeting and attempted network compromise by the People’s Republic of China.”  In October, another advisory warned of the threats of increased US-China tension, and described some of the known viruses, worms, and other tactics that have been associated with the Chinese government and their proxies.

In their most extreme forms, computer viruses and worms could theoretically shut down the US  power grid and its military Command and Control centers.  Or, on a more pedestrian level, cyberwarfare could prevent every American from accessing their bank accounts, and sow havoc throughout our heavily computerized society. 

Could China actually do any of these things yet?  Answers may appear in classified documents somewhere, but you and I will not know anytime soon.  As a Forbes article last year summed it up “Offensive cyber capabilities have long been the most sensitive and nationalistic of government activities, clouded in secrecy and deniability.”

To date, there have been only a few attacks major cyberattacks on infrastructure.  The most famous may have been in 2015 and 2016, when Russian computer viruses shut down power plants in the Western Ukraine, and hundreds of thousands of customers lost electricity temporarily.  Another candidate for the most famous example is the 2010 Stuxnet virus, which damaged and destroyed Iranian nuclear centrifuges by causing them to spin out of control.  Although no country has ever admitted to the Stuxnet attacks, it is widely accepted that two governments were responsible:  Israel, and our very own US of A.

Although China has not yet been associated with an attack of this magnitude, China’s hackers have been detected probing a Canadian company that “designs software that gives oil and gas pipeline companies and power grid operators remote access to valves, switches and security systems.” 

But as a Washington Post review noted, “looking for theatrical cyberattacks means missing the ones that matter most. Cyber-engagements between nations are daily competitions in which the United States, Russia, China and others continually struggle for advantage.”

Perhaps the greatest cyber-threats these days are in the area of espionage.  The Chinese government is believed to be behind stealing designs of a number of US weapons systems, including “the F-35 Joint Strike Fighter; the advanced Patriot PAC-3 missile system; the Army system for shooting down ballistic missiles known as Terminal High Altitude Area Defense; and the Navy’s new Littoral Combat Ship, a small surface vessel designed for near-shore operations.”

Chinese agents now seem focused on stealing intellectual property in a wide variety of emerging industries “including healthcare, financial services, defense industrial base, energy, government facilities, chemical, critical manufacturing (including automotive and aerospace), communications, IT, international trade, education, videogaming, faith-based organizations, and law firms.”

In September, the Department of Justice unsealed indictments which charged that “a group of hackers associated with China’s main intelligence service had infiltrated more than 100 companies and organizations around the world to steal intelligence, hijack their networks and extort their victims… These for-profit criminal activities took place with the tacit approval of the government of the People’s Republic of China.” Unfortunately, according to a department of Justice press release regarding this case, “the Chinese communist party has chosen… [to make] China safe for cybercriminals so long as they attack computers outside China and steal intellectual property helpful to China.”

Unless Chinese national Wang Dong, alias “Ugly Gorilla,” visits the US, he is likely to remain wanted for the rest of his life.

The charges against the defendants include “racketeering, conspiracy, wire fraud, money laundering, and aggravated identity theft.”  (I would have thought that all identify theft is pretty aggravating, so I had to look up the last term.  Turns out it refers to using stolen identities in a felony.)  In a new low, the Chinese hackers even conducted “a ransomware attack on the network of a non-profit organization dedicated to combating global poverty.”

The hacking tactics they used were so sophisticated that it is clear that the Chinese government must have been involved.

For example, in some cases the Chinese hackers used “supply chain attacks,” the same approach Russians used in a massive hack revealed a few days ago. According to an article in yesterday’s Washington Post, the Russians first hacked, into “SolarWinds, a Texas-based maker of network-monitoring software, and then slipped the malware into automatic updates that network administrators… routinely install to keep their systems current.” Solar Winds has reported “that nearly 18,000 of its customers may have been affected worldwide,” including servers in the US Departments of State, Treasury, Homeland Security, Commerce, the National Institutes of Health, and maybe others.  After getting a classified briefing on Solar Winds two days ago, Sen. Richard Blumenthal (D-Conn.) tweeted that the details “left me deeply alarmed, in fact downright scared.”

So, in a world that already has more than enough problems, we can now add a messy new “kind of guerrilla warfare characterized by continued digital skirmishing between the United States and China, together with a threatening proliferation of intelligence-gathering activities, sabotage and influence.”  And, according to a NY Times opinion piece “there is particular danger in cyberwar, with its inchoate rules of engagement, lack of international consensus on the legitimacy of different types of targets, and lack of meaningful experience to underpin the understanding of collateral effects.”

This situation is likely to get worse before it gets better, maybe much worse. 

A few years ago, “former FBI director Robert Mueller commented that there are only two types of companies: those that have been hacked and those that will be… Since then, more than 80% of economic espionage cases against the United States have been linked to China.”

And, as Marietje Schaake, International Policy Director at the Cyber Policy Center at Stanford has written in Foreign Affairs, “Perpetual intrusions and cyberattacks suggest that in the battle between hackers and governments, democratic governments are losing.”