BY CATHY HE AND FRANK FANG
The coordinated effort by the United States and allies to call out the Chinese regime for its global cyber hacking campaign was a welcome move, experts say, but more needs to be done to punish Beijing for its malign activities.
The United States on July 19 formally attributed the massive breach of Microsoft’s email server earlier this year to hackers affiliated with the regime’s top intelligence agency, the Ministry of State Security (MSS). Microsoft had already blamed the hack, which compromised tens of thousands of systems globally, on China.
The Biden administration was joined by NATO, the European Union, Australia, Britain, Canada, Japan, and New Zealand in condemning Beijing’s worldwide cyberattacks, which U.S. Secretary of State Antony Blinken said have posed “a major threat to our economic and national security.”
Also on July 19, the Justice Department unsealed an indictment charging four Chinese nationals working with the MSS on a global hacking campaign to steal secrets from companies, universities, and government bodies from 2011 to 2018. The charges are unrelated to the Microsoft hack.
Unlike in April, when President Joe Biden imposed sanctions on Russia over the major SolarWinds hack that affected U.S. government agencies and more than 100 companies, no penalties, other than the criminal charges, were announced against Beijing—an omission noted by analysts.
“Guilting and shaming a country like China or Russia, it’s something that doesn’t work,” Dustin Carmack, research fellow in technology policy at Washington-based think tank The Heritage Foundation, told The Epoch Times.
He called on the United States and allies to “put their money where their mouth is” and impose costs on Beijing such as sanctions and other economic restrictions.
“Until that happens, there’s not really a deterrence,” Carmack said. “They’ll just keep on doing it.”
The White House, for its part, left open the possibility of punitive measures going forward.
“We are not holding back, we are not allowing any economic circumstance or consideration to prevent us from taking actions. … Also we reserve the option to take additional action,” White House press secretary Jen Psaki said on July 19.
For cybersecurity adviser Casey Fleming, who for years has been sounding the alarm on Beijing’s sweeping efforts to steal foreign technology, the official statements were “about 10 to 12 years late.”
“The issue is the private sector—U.S. businesses and their CEOs and their boards—is under attack by a nation state. That’s never happened before in history,” Fleming, CEO of BlackOps Partners, told The Epoch Times. “And they don’t know what to do.”
Cyber Warfare
The Chinese regime oversees a vast network of cyber hackers to carry out its global espionage operations.
The MSS and People’s Liberation Army are the main actors involved; working alongside them are thousands of contracted hackers attached to other agencies or companies controlled by the Chinese Communist Party (CCP), Rick Fisher, senior fellow at Virginia-based think tank International Assessment and Strategy Center, told The Epoch Times in an email.
A contract hacker from eastern China’s Jiangsu Province told The Epoch Times last year that his ostensibly private tech firm was controlled by senior provincial security officials and directed to carry out complex cyber intrusions known as “advanced persistent threats” (APT) to steal trade secrets from foreign businesses and governments. APT attacks are designed to gain access into a system and stay undetected for a long period of time, pilfering a steady stream of data.
In particular, his firm was directed to do jobs that were too difficult for cyber hackers working directly for the state. “They leave all hard-to-intrude websites to us, where China’s police, national security, or the General Staff Department of the People’s Liberation Army have failed,” the hacker said.
Chinese hackers target an array of industries, universities, and government bodies around the world, stealing trade secrets, sensitive research, and any other information that’s of value to the regime and its state-owned enterprises.
The goal of these cyber operations is to “support China’s long-term economic and military development objectives,” a U.S. government advisory issued on July 19 states.
Their activities form part of the communist regime’s cyberwarfare offensive against the West, according to Fisher. On this front, he said the CCP has two main strategic objectives: control and exploitation.
“They seek any and all information that can assist victory in military campaigns, advantages in military technology, or advantages for use in political and economic coercion,” he said.
“But the CCP’s larger goal is to be able to exercise control over regions, countries, and individuals within those countries.”
Exploits
While most of the CCP’s hacking activities are carried out in the shadows, there are numerous public cases of Chinese hackers stealing foreign technology to benefit domestic industries.
China’s state-owned commercial aircraft manufacturer Comac is one example.
In a bid to rapidly advance its fledgling homegrown plane maker, the Chinese regime undertook an ambitious hacking operation involving intelligence officers, underground hackers, security researchers, and staff at foreign companies whom they recruited, a 2019 report by cybersecurity firm CrowdStrike detailed.
Between 2010 to 2015, hackers associated with the MSS breached foreign suppliers for Comac’s C919 Jetliner. U.S. companies that were hacked included Honeywell, General Electric (GE), and Capstone Turbine.
After six years of persistent hacking, Comac and another Chinese state-owned aerospace company AVIC launched a new company called AECC to manufacture aircraft engines. AECC subsequently produced an engine called CJ-1000AX, which bears multiple similarities to an engine that was supplied by a foreign contractor to Comac to power the C919.
“It is highly likely that its [Chinese engine] makers benefited significantly from the cyber espionage efforts of the MSS … knocking several years (and potentially billions of dollars) off of its development time,” the report stated.
The United States has charged several actors allegedly involved in the hacking operations, including an MSS officer named Xu Yanjun and former GE engineer Zheng Xiaoqing.
Another high-profile victim of Chinese hacking was the Canadian company Nortel Networks.
Now defunct, the $250 billion firm was once a global titan in telecom equipment manufacturing. But its fortunes took a turn for the worse after it was hacked in the 2000s.
“Chinese IP theft was a significant contributor to the demise of Nortel,” James Andrew Lewis, senior vice president and program director at the Center for Strategic and International Studies, stated (pdf) in his written testimony for a Senate hearing in 2019.
Hackers based in China began hacking into Nortel as early as 2000, and they stole passwords from the Canadian company’s executives to gain access into the company’s network. In one single day in April 2004, the hackers downloaded nearly 800 files from Nortel’s network, including technical papers and proprietary source code. The hacking continued until about 2009.
The hackers’ internet addresses were traced to a front company in Shanghai.
Nortel’s fall coincided with the rise of its Chinese competitor—China’s tech giant Huawei—which was listed among the Global Fortune 500 companies by 2010.
Former Nortel cybersecurity adviser Brian Shields, in a 2014 interview with NTD, sister media outlet of The Epoch Times, said the hacking operation was “very organized.” Though he didn’t have any evidence connecting the hacking operation to Huawei, he said the main benefactor of the data theft would have been Huawei.
“Where was the manufacturer that was reaping the benefits of this? Was it the companies in Russia or France that were suddenly doing real good? No,” he said.
“It was economic espionage, and we lost an industry here in Canada. That’s what happened.”
Huawei has denied allegations that it was involved in hacking Nortel.
Protection and Punishment
For business leaders, there’s no reason to think that what happened to Nortel and other victims of Chinese cyber theft can’t happen to them, said cybersecurity expert Fleming.
CEOs, boards of directors, and the U.S. government must take this threat seriously, he said. “They’re living on borrowed time, and they need to get educated very quickly before it’s too late.”
This means companies need to prioritize data security and enact top-down training and data handling processes to protect their intellectual property, Fleming said.
Meanwhile, the United States should consider tougher action to knock down these groups, said Fisher from the International Assessment and Strategy Center.
“Chinese and Russian cyberwarfare and cybercrime has become so pervasive that there must now be serious consideration to simply shutting them off,” Fisher said.
“It is time to simply shut down global cable nodes to severely limit China’s and Russia’s digital access to the world.”