Hackers in frontline of China’s cyberwar

Just hours before Google announced late on Tuesday that China-based hackers had attacked its systems last month, China’s cyberwarriors were at work – this time defacing Iranian websites in retaliation for a hacker attack on the pages of a Chinese search engine.

If the idea of search engines as battlegrounds in a cyber-war is surprising, the motivations and prowess of Chinese hackers are well established. Unlike most of their counterparts in other countries known for malicious computer activity, especially eastern Europe, Chinese hackers are known for patriotism.

They have often gone after targets in Taiwan and, during diplomatic flare-ups, Japan and other neighbours. Commercial concerns for rank-and-file criminals have tended to come later, and some hacking collectives have split up over the issue.

The more critical questions are how much of the patriotic activity is directed or encouraged by the government, and how much officials are behind what appear to be commercial intrusions and thefts.

Attributing cyberespionage or most garden-variety hacking is excruciatingly difficult, especially without the sustained assistance of local law enforcement. Like most who have been victimised by Chinese hacking, Google refused explicitly to blame the authorities. But since it escalated the issue to include discussion about censorship, which is purely government-driven, the point was made.

“They are big enough to have taken the first step, to encourage other organisations to do the same, to shine a spotlight on what people think is a small problem,” said Nart Villeneuve, a Canadian security expert who uncovered eavesdropping on a Chinese version of Skype.

A few other commercial targets have been more direct in their statements, and US and industry security experts are unanimous in their private belief that the Google attacks and virtually all other politically motivated breaches – even a great percentage of economically motivated breaches – are at the behest of government powers.

US officials have growing concerns about cyber-attacks from China. Chip Gregson, Assistant Secretary for Asian and Pacific Security Affairs at the Pentagon, told a Congressional committee yesterday that, alongside its nuclear and space programmes, China’s efforts in cyberspace presented “an assymetrical threat to our ways of doing business”.

“The Chinese cyber-attacks have been so aggressive and so pervasive that the concerns of the US national security establishment and [private] companies are the same and they have little option but to find common cause,” said Michael Green, formerly President George W Bush’s top adviser on East Asia.

California internet filtering company CyberSitter this month joined the small number to make that charge explicitly, suing China itself over the apparent theft of about 3,000 lines of code that found its way into the Green Dam censorship software the government tried to mandate be pre-installed on PCs. It said thousands of attempts to take control of its corporate machines began inside the Chinese ministry of health.

Most companies doing any substantial business in China have been hacked but have ignored it because of the size of the market, said private security consultant Ira Winkler, a former official at the National Security Agency in Maryland.

More likely to find their way into the public arena are attacks on activists, who were also a big target in the Google operation. In May 2009, foreign media organisations and human rights groups in China were targeted with deceptive e-mails in an attempt to gain access to sensitive information.

Two months earlier, a comprehensive study conducted by University of Toronto researchers found that a cyberspying operation run from servers based in China had accessed 1,300 computers in more than 100 countries. The targets included government institutions, international organisations and the media and much of the type of information accessed was relevant to China’s national security concerns surrounding Taiwan and Tibet.

China’s active hacking community began to form in the early 1990s, with Beijing opening the first internet connection only in 1994. But anti-Chinese race riots in Indonesia in 1998 served as a catalyst for nationalist Chinese hackers.

Since then, different groupings, led by the most prominent “Red Hackers” or “Chinese Honkers”, have been most visible when launching attacks against Japanese or Taiwanese ­websites, targeting what Beijing perceives as Japanese imperialism or Taiwanese separatism.

A range of evidence supports the claim of government involvement. The same unpublicised security holes in Microsoft Office software have been used to target both US defence contractors and Chinese human rights activists, claim experts including Mikko Hypponen of Finnish security firm F-Secure, who has helped Tibetan groups.

One Chinese military strategist referred to space and cyber-preparedness as the “soft ribs” of US defence and the Chinese army sponsors hacking competitions and awards scholarships. The US and other countries are also on hiring sprees for hackers for their military operations. But they are not suspected of so much commercial involvement.

Mr Winkler argued that China’s national security efforts went “beyond” those of the US “well into the commercial sector”. He said that given China’s filtering clampdown and extensive monitoring, along with the widespread spying it was “grossly naive to think the government is not involved”.

Additional reporting by Daniel Dombey in Washington

Copyright The Financial Times Limited 2017. All rights reserved. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.