Uproar Over Alleged Chinese Internet Attacks Has Cybersecurity Community on Alert

George Koo and Ling-chi Wang


From New America Media:


Despite Bloomberg Businessweek's accusation that the Chinese army is spying on Americans, the report that led to the charges has serious flaws. These raise troubling questions about a repetition of  the "China spy syndrome."


Beginning with The New York Times January 30 disclosure of Chinese hacking, every publication of note or of little note has since run one or more stories on cyber attacks emanating from China.


The release of a report by the Internet security firm Mandiant on February 18 set the stage for an announcement from the White House on February 20 that the administration was determined to protect American businesses and punish the perpetrators at home and abroad.


Is this an orchestration for a new policy initiative? Or, is this just a reinforcement of Obama’s “pivot to Asia” and “Trans Pacific Partnership,” two major initiatives aimed clearly in response to the so-called “Rise of China”?


Since the nascent art of hacking and counter measures of cybersecurity are subjects too esoteric and beyond the comprehension of most except those skilled in the craft, the media focused instead on the more lurid details taken from the so-called Mandiant Report.


The report alleged that most of the cyber attacks levied against corporate America came from a 12-story building in the Pudong neighborhood of Shanghai that belonged to a particular department – the ominously named Unit 61398 – of the People’s Liberation Army.


Since the issuer of the report is in the business of selling its services to safeguard company networks from cyber attacks, presumably it is in Mandiant’s interest to portray the attackers in ways as menacing and sinister as possible. The PLA certainly fits the bill.


However, shortly after the Mandiant Report broke the news, articles that presented contrary points of view began to appear. The most comprehensive belonged to Jeffrey Carr, a cybersecurity expert in his own right, who pointed out that there are more than 30 nations with the capability to run “military grade network operations” necessary to mount the kind of sophisticated attacks found in the report. According to the U.S. National Intelligence Estimate, Russia, Israel, and France are among the leading countries when it comes to cyber hacking activities.


Carr concluded that Mandiant was too quick to identify China as the culprit without performing rigorous analysis to eliminate other competing hypotheses and comparing its cyber espionage activities with those of other countries.



Two days after The New York Times article appeared, the U.S. edition of The World Journal, a Chinese-language daily, reported that 7 of the IP addresses identified by the Mandiant Report as coming from the PLA office in Shanghai were actually from Hong Kong, including one from the Hong Kong University of Science and Technology.


This should not come as a surprise since hacking can emanate from anywhere in the world and can easily be misdirected to appear as if coming from somewhere else. What was surprising was that this finding came from a little noted ethnic paper and not from the major media stars.


Maybe Al Gore did not invent the Internet but it is an inconvenient truth that the U.S. defense agency did and Americans have since led in the development and use of the Internet. As the world’s most advanced economy, the United States has invested heavily and become most dependent on networks in cyberspace and thus most vulnerable to attacks.


The United States has also led in the development and use of weapons in cyber warfare. For example, the American-developed Stuxnet virus has been credited with causing the centrifuges to spin out of control in the Iranian nuclear enhancement facility. Being the first known country to launch a cyber attack in peacetime and in the absence of any international treaty and protocol, the United States has lost the moral high ground to define appropriate conduct in cyber space.


This is of course not the first time that Washington is reaping the consequences of what it has sowed. The United States was the first (and to date) only country to use the atomic bomb. Since then, it has had to devote decades of diplomatic efforts to promote nuclear nonproliferation and now lives in fear of nuclear weapons falling into the hands of rogue nations or terrorists.


The next Pandora’s box, one the U.S. has already opened and soon will be trying to shut, is the use of drones for transnational surveillance and assassinations of terrorist suspects without due process. Friends and foes alike have seen the cost-effective capability of a drone in rendering destruction and killing and all are rushing to develop their me-too ability.


The day is nigh when Americans will be troubled by the prospect of encountering drones operated remotely and in the hands of someone holding a grudge against America. We will then, again, have to expend endless diplomatic efforts in proselytizing the idea of “do as I say and not as I do.”


As for China, it has in its way been trying to tell the United States that it does not hold a grudge. In typically understated signals, China has let Washington know that it possesses silent running submarines, stealth planes and missiles capable of downing communication satellites. China even went out of its way to make sure that American intelligence got a full picture of its nuclear weapons technology, as suggested by nuclear scientist Daniel Stillman of the Los Alamos National Laboratory. The latest airshows in China are displaying a large array of domestically manufactured drones.


Indeed, China appears to be practicing a porcupine defense strategy, i.e., peaceful intentions but beware of the ability to retaliate in kind. Some have suggested that the alleged PLA hacking has been deliberately sloppy, thus leaving visible trails to let the United States know that China too possesses cyber warfare capability.


Cyber espionage and warfare are serious problems that are here to stay. Washington needs to develop effective, long-term countermeasures and a thoughtful and balanced diplomacy. Singling out China as the sole villain without critically examining what other nations are doing, including us, is counterproductive, potentially misleading and in the long run, harmful to our national interests and world peace.


Author Bio:

Dr. George Koo is international business consultant and board member of New America Media. Professor Ling-chi Wang is a retired professor of Asian American history at the University of California, Berkeley.


New America Media


Photos: New America Media; Rob Young (Wikipedia Commons).

not popular
New America Media
Bottom Slider: 
Out Slider