Commentary Magazine


What is Behind the Chinese Cyber-Offensive?

Is a Chinese cyber-war against the West underway? Let us connect the dots.

In the most recent episode, earlier this month, Chinese hackers, operating out of Guangzhou and Lanzhou, two regions that are strongholds of the People’s Liberation Army (PLA), invaded the computer systems of key German-government ministries in Berlin.

Last November, the United States was hit, and not for the first time. Chinese hackers entered the network of the Naval War College, the Navy’s school for senior officers, forcing the closure of its internal network and the temporary suspension of all email accounts.

That followed an attack in June on the computer systems at Taiwan’s defense ministry and also the American Institute in Taiwan, the de-facto U.S. embassy there.

Then there is Titan Rain, the U.S. codename for an entire series of attacks on U.S. facilities from 2003 to 2005, that included raids on the U.S. Army Information Systems Engineering Command at Fort Huachuca, Arizona, the Defense Information Systems Agency in Arlington, Virginia, and the Naval Ocean Systems Center in San Diego. All are thought to have originated in China.

The British parliament was also attacked in 2005 by hackers believed to be located in China.

What is behind all these episodes?

According to “Military Power of the People’s Republic of China 2006,” a U.S. Department of Defense publication, China has been “experimenting with strategy, doctrine, and tactics for information warfare.” The report notes that during a conflict, “information-warfare units could support active PLA forces by conducting ‘hacker attacks’ and network intrusions, or other forms of ‘cyber’ warfare, on an adversary’s military and commercial computer systems, while helping to defend Chinese networks.”

That the Chinese would be developing such a capability is unsurprising. We are developing similar capabilities, as are all advanced military powers. Computer networks are essential to warfare. and the ability to disrupt the enemy’s network while protecting one’s own has become an equally essential task.

Intelligence gathering via illicit entry into computer networks has become an important tool in the espionage toolkit. There are lots of secrets residing in both government and private-sector computers, and it should hardly come as a surprise that the Chinese have been developing techniques for extracting such secrets by clandestine means.

What does come as a surprise are all the recent hacking incidents. We are not at war with China. Neither is Germany or Britain or, arguably, Taiwan. If the hacking is part of a coherent strategy, it would seem to be self-defeating, prompting victim countries to develop countermeasures that make their own systems far more difficult to penetrate in the kind of crisis when the Chinese would really want to turn on their computer-sleuthing and disruption capabilities.

One possibility is that the attacks are being carried out not at governmental direction but by private hackers in China or elsewhere, who are routing their activities through Chinese networks. That is what the Chinese government maintains with some supporting evidence.

Another possibility is that the PLA is operating on its own, without the blessings of Beijing, to hone its capabilities and to test Western responses. Again, there is some evidence to support this theory.

Yet another possibility is that there is less to these incidents than meets the eye. They may in fact reflect the ineptitude of certain ill-prepared sectors of Western governments.

It is useful to keep in mind that major brokerage houses, banks, investment banks, and government central banks use computer networks to move billions of dollars around the world every day. These would be a ripe target for hackers, both inside adversary governments and in the criminal sector. But we seldom hear of any successful attacks against these institutions. Why not? Probably because, given what is at stake, they all put huge resources in computer security. Surely, if they were paying sufficient attention, governments could erect the same kinds of barriers to unauthorized entry.

Finally, there is the possibility that the Chinese government, acting on the basis of motives that are not apparent to us, has opted for short-term at the expense of long-term gain. Governments can do irrational things, and Communist governments, accountable to no one but themselves, doubly so.

In the end, the ongoing Chinese cyber-warfare remains a puzzle. Before we massively retaliate with a cyber-war of our own, it would be useful to get a firm fix on what we are up against.