China’s Cyber-War: Don’t Believe the Hype

The United States has made the interesting and perhaps significant decision to generate a crisis around Chinese cyber-intrusions as the Obama administration enters its second term. With its typical careful, methodical preparation, the Obama administration has been gradually rolling out the Chinese cyber-threat product since November 2011 with escalating evidentiary indictments of Chinese hacking, but without overtly linking these activities to the Chinese government or military. [1]

The most recent shoes to drop were the detailed brief drawn up by Mandiant Corp against the PLA’s Unit 61398, allegedly the PLA outfit in the white office building in Shanghai’s Pudong District that phished, lurked, and drained information from the New York Times and many other US businesses, and the subsequent calling out of the PRC by name for its cyber-sins by National Security Advisor Tom Donilon. [2]

People hoping for a reset in US-Chinese relations – including the PRC – may feel a twinge of disappointment that the United States has decided to hype another point of US-PRC friction.

Then again, there is the interesting question of whether the White House is trying to conduct a measured escalation, but is getting stampeded by the threat inflation/budget boosting priorities of the US national security apparatus and its eager handmaiden, the Western media.

Donilon came up with a nuanced approach to Chinese cyber-mischief during his speech to the Asia Society, which deserves to be quoted at length.

Bypassing the issue of cyber-spying against military and government targets that probably falls into the grey area of “everybody does it and why shouldn’t they”, and defining and limiting the issue to a specific and remediable problem – the massive state-sponsored PRC program of industrial and commercial espionage against Western targets – Donilon’s framing placed “cyber-theft” in a category similar to the intellectual property gripe, also know as systematic piracy of US software, as an info strategy condoned by the Chinese government:

Another such issue is cyber-security, which has become a growing challenge to our economic relationship as well. Economies as large as the United States and China have a tremendous shared stake in ensuring that the Internet remains open, interoperable, secure, reliable, and stable. Both countries face risks when it comes to protecting personal data and communications, financial transactions, critical infrastructure, or the intellectual property and trade secrets that are so vital to innovation and economic growth.

It is in this last category that our concerns have moved to the forefront of our agenda. I am not talking about ordinary cybercrime or hacking. And, this is not solely a national security concern or a concern of the US government. Increasingly, US businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale. The international community cannot afford to tolerate such activity from any country. As the President said in the State of the Union, we will take action to protect our economy against cyber-threats.

From the President on down, this has become a key point of concern and discussion with China at all levels of our governments. And it will continue to be. The United States will do all it must to protect our national networks, critical infrastructure, and our valuable public and private sector property. But, specifically with respect to the issue of cyber-enabled theft, we seek three things from the Chinese side. First, we need a recognition of the urgency and scope of this problem and the risk it poses – to international trade, to the reputation of Chinese industry and to our overall relations. Second, Beijing should take serious steps to investigate and put a stop to these activities. Finally, we need China to engage with us in a constructive direct dialogue to establish acceptable norms of behavior in cyberspace.

We have worked hard to build a constructive bilateral relationship that allows us to engage forthrightly on priority issues of concern. And the United States and China, the world’s two largest economies, both dependent on the Internet, must lead the way in addressing this problem. [3]

This rather unexceptionable and reasonable demand that the PRC reign in its gigantic program of economic/commercial hacking, ie cyber-enabled theft as Donilon put it, and give US businesses a break, was not good enough for the Christian Science Monitor, which has apparently shed, together with its print edition, the sober inhibitions that once characterized its news operations.

The CSM’s headline:

US tells China to halt cyberattacks, and in a first, lays out demands

Obama’s national security adviser, Thomas Donilon, spelled out a more aggressive US stance on the cyberattacks, saying China must recognize the problem, investigate it, and join in a dialogue. [4]

Note in the CSM story the effortless slide down the slippery slope from cyber-theft to cyber-espionage to cyber-attacks (and for that matter, “should” and “needs” to “demands”). Well, fish gotta swim, birds gotta fly, and eyeballs have to be wrenched from their accustomed paths and turned into click-fodder.

And don’t get me started on the Pentagon:

A new report for the Pentagon concludes that the US military is unprepared for a full-scale cyber-conflict with a top-tier adversary. The report says the United States must increase its offensive cyberwarfare capabilities. The report also calls on the US intelligence agencies to invest more resources in obtaining information about other countries’ cyberwar capabilities and plans.

The Washington Post reports that the report says that the United States must maintain the threat of a nuclear strike as a deterrent to a major cyberattack by other countries. The report notes that very few countries, for example, China and Russia, have the skills and capabilities to create vulnerabilities in protected systems by interfering with components.

The report emphasizes that defensive cyber capabilities are not enough, and that the United States must have offensive cyber capabilities which, when needed, could be used either preemptively or in retaliation for a cyber attack by an adversary. [5]

Security consultant Bruce Schneier addressed the threat inflation issue (and the dangers of trying to design and justify retaliation in the murky realm of cyberspace) in a blog post on February 21:

Wow, is this a crazy media frenzy. We should know better. These attacks happen all the time, and just because the media is reporting about them with greater frequency doesn’t mean that they’re happening with greater frequency.

But this is not cyberwar. This is not war of any kind. This is espionage, and the difference is important. Calling it war just feeds our fears and fuels the cyberwar arms race.

In a private e-mail, Gary McGraw made an important point about attribution that matters a lot in this debate.

Because espionage unfolds over months or years in realtime, we can triangulate the origin of an exfiltration attack with some certainty. During the fog of a real cyber war attack, which is more likely to happen in milliseconds, the kind of forensic work that Mandiant did would not be possible. (In fact, we might just well be “Gandalfed” and pin the attack on the wrong enemy.)

Those of us who work on security engineering and software security can help educate policymakers and others so that we don’t end up pursuing the folly of active defense.

I agree.

This media frenzy is going to be used by the US military to grab more power in cyberspace. They’re already ramping up the US Cyber Command. President Obama is issuing vague executive orders that will result in we-don’t-know what. I don’t see any good coming of this. [6]

Not to worry, is the US attitude.

The United States apparently feels that it can “win the Internet” by harnessing the power of the invincible American technological knowhow to the anti-Chinese cyber-crusade.

In another of the seemingly endless series of self-congratulatory backgrounders given by US government insiders, the godlike powers of the National Security Agency were invoked to Foreign Policy magazine in an article titled Inside the Black Box: How the NSA is helping US companies fight back against Chinese hackers:

In the coming weeks, the NSA, working with a Department of Homeland Security joint task force and the FBI, will release to select American telecommunication companies a wealth of information about China’s cyber-espionage program, according to a US intelligence official and two government consultants who work on cyber projects. Included: sophisticated tools that China uses, countermeasures developed by the NSA, and unique signature-detection software that previously had been used only to protect government networks.

Very little that China does escapes the notice of the NSA, and virtually every technique it uses has been tracked and reverse-engineered. For years, and in secret, the NSA has also used the cover of some American companies – with their permission – to poke and prod at the hackers, leading them to respond in ways that reveal patterns and allow the United States to figure out, or “attribute,” the precise origin of attacks. The NSA has even designed creative ways to allow subsequent attacks but prevent them from doing any damage. Watching these provoked exploits in real time lets the agency learn how China works.

And amid the bluster, a generous serving of bullshit:

Now, though, the cumulative effect of Chinese economic warfare – American companies’ proprietary secrets are essentially an open book to them – has changed the secrecy calculus. An American official who has been read into the classified program – conducted by cyber-warfare technicians from the Air Force’s 315th Network Warfare Squadron and the CIA’s secret Technology Management Office – said that China has become the “Curtis LeMay” of the post-Cold War era: “It is not abiding by the rules of statecraft anymore, and that must change.”

“The Cold War enforced norms, and the Soviets and the US didn’t go outside a set of boundaries. But China is going outside those boundaries now. Homeostasis is being upset,” the official said. [7]

A more impressive and evocative term than “upset homeostasis” to describe the US cyber-war conundrum is “Stuxnet”.

The Obama administration’s cyber-maneuverings have been complicated and, it appears, intensified, by the problem that the United States “did not abide by the rules of statecraft” and “went outside the boundaries” and, indeed, became the “Curtis LeMay of the post Cold War era” when it cooperated with Israel to release the Stuxnet exploit against Iran’s nuclear program.

That was a genuine piece of cyber-warfare, the effort to sabotage a critical military facility in a pre-emptive attack.

The Obama administration admitted the central role of the United States and President Obama personally in the Stuxnet attack, apparently in a desire to demonstrate his genuine, Iran-hating credentials to skeptical conservatives and national security types prior to the November 2012 presidential election.

And President Obama, in his usual thoughtful way, ‘fessed up to the fact that it was the United States that started drawing outside the cyber-warfare lines, as the New York Times’ David Sanger reported in his privileged account:

Mr Obama, according to participants in the many Situation Room meetings on Olympic Games [the Stuxnet program], was acutely aware that with every attack he was pushing the United States into new territory, much as his predecessors had with the first use of atomic weapons in the 1940s, of intercontinental missiles in the 1950s and of drones in the past decade. He repeatedly expressed concerns that any American acknowledgment that it was using cyber-weapons – even under the most careful and limited circumstances – could enable other countries, terrorists or hackers to justify their own attacks.

“We discussed the irony, more than once,” one of his aides said. Another said that the administration was resistant to developing a “grand theory for a weapon whose possibilities they were still discovering”. [8]

Yes, the irony, if irony is defined as “the refusal to acknowledge that what you are doing is the precise opposite of what you are advocating that other people do.”

The word “Stuxnet” does not appear in the official US lexicon of dastardly cyber-attacks, even though, in terms of its severity and irresponsibility (in addition to disabling the Iranian centrifuge facility, the virus spread to 100,000 hosts in 155 countries; oops!) it is truly the poster child for the dangers of the cyber-warfare option.

Instead, the US government has forcefully if not particularly effectively attempted to divert attention from Stuxnet to “Shamoon”, a nasty virus that compromised office systems at a couple of Middle Eastern energy giants, Aramco (Saudi Arabia) and RasGas (Qatar) in August 2012, shortly after the Iranians started grappling with their Stuxnet problem.

As part of the Stuxnet misdirection, Shamoon has become the invoked cyber-attack bugbear of choice, despite the fact that, unlike Stuxnet, it was a very conventional hack that erased data from management computers and defaced homescreens with the taunting image of a burning American flag.

There is, of course, no discussion of the distinct possibility that Iran executed the exploit as a piece of cyber-retaliation for Stuxnet, and not as an unprovoked attack. [9]

Before President Obama acknowledged shared paternity in Stuxnet, the United States was engaged in negotiations with China on the very same cyber-warfare norms that exercised the anonymous source in the Foreign Policy article:

While no one has, with 100% certainty, pinned the Chinese government for cyber-attacks on US government and Western companies, in its 2012 report “Military and security developments involving the People’s Republic of China”, the US secretary of defense considers it likely that “Beijing is using cyber-network operations as a tool to collect strategic intelligence” …

The report raises China’s unwillingness to acknowledge the “Laws of Armed Conflict”, which the Pentagon last year determined did apply to cyberspace … [10]

Not unsurprisingly, post-Stuxnet the Chinese government has even less interest in the “Law of Armed Conflict in cyberspace” norms that the United States wants to peddle to its adversaries but apparently ignore when the exigencies of US interests, advantage, and politics dictate.

Instead, the PRC and Russia have lined up behind a proposed “International Code of Conduct for Internet Security”, an 11-point program that says eminently reasonable things like:

Not to use ICTs including networks to carry out hostile activities or acts of aggression and pose threats to international peace and security. Not to proliferate information weapons and related technologies.

It also says things like:

To cooperate in combating criminal and terrorist activities which use ICTs [information and computer technologies] including networks, and curbing dissemination of information which incites terrorism, secessionism, extremism or undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment. [11]

The United States, of course, has an opposite interest in “freedom to connect” and “information freedom,” (which the Chinese government regards as little more than “freedom to subvert”) and has poured scorn on the proposal.

The theoretical gripe with the PRC/Russian proposal is that it endorses the creation of national internets under state supervision, thereby delaying the achievement of the interconnected nirvana that information technology evangelists assure us is waiting around the next corner – and also goring the ox of West-centric Internet governing organizations like ICANN.

So the Chinese proposal is going exactly nowhere.

The (genuine) irony here is that the Chinese and Russians are showing and driving the rest of the world in their response to the undeniable dangers of the Internet ecosystem, some of which they are themselves responsible for but others – like Stuxnet – can be laid at the door of the US.

In response to hacking, the Internet as a whole has evolved beyond its open architecture to a feudal structure of strongly-defended Internet fortresses, with cyber-surfs free to roam the undefended commons outside the gates, glean in the fields, and catch whatever deadly virus happens to be out there.

In recent months, the word “antivirus” has disappeared from the homepages of Symantec and MacAfee as they have recognized that their reference libraries of viruses can’t keep up with the proliferation of millions of new threats emerging every year, let alone a carefully weaponized packet of code like Stuxnet, and protect their privileged and demanding users. Now the emphasis – and gush of VC and government money – has shifted to compartmentalizing data and applications and detecting, reducing the damage, and cleaning up the mess after a virus has started rummaging through the innards of an enterprise.

In other words, the Internet fortresses, just like their medieval analogues, are increasingly partitioned into outer rampart, inner wall, and keep – complete with palace guard – in order to create additional lines of defense for the lords and their treasure.

In other words, they are starting to look like the Chinese and Russian national internets.

Despite the precautions, there will always be people vulnerable to social engineering (clicking on a dodgy attachment or link while at work), and there will always be more talented and motivated hackers. And maybe more talented hackers aren’t even necessary.

Barbara Demick of the Los Angeles Times located the personal blog of a PLA cyber-drudge who, in addition to blathering about the presumably classified details of his hacking job (such as perfecting a Trojan known as “Back Orifice 2000”), moaned the boredom of hacking for The Man, and the embarrassment of looking like a loser at his high school reunion:

My only mistake was that I sold myself out to the country for some minor benefits and put myself in this embarrassing situation. [12]

Critical observers declared that the alleged PLA intrusions documented by Mandiant were conducted by the B Team, inviting the analogy that military hacking is to hacking as military music is to music:

Jaime Blasco, labs director at security tools firm AlienVault, described APT1, aka Comment Crew [which Mandiant associated with 61398], as one of the more successful hacking group based on the number of targets attacked – but not necessarily on the skill level of its members.

“APT1 is one of the less sophisticated groups,” Blasco said. “They commonly reuse the same infrastructure for years and their tools are more or less easy to detect. The techniques they use to gain access to the victims are more based on social engineering and most of the times they don’t use zero-days exploits to gain access.” [13]

Even so, they were inside the New York Times for months (part of that time, admittedly, they were being tracked and analyzed by Mandiant).

Bottom line: attacks will happen, attacks will succeed, and reliable (or more likely, probable) attribution will emerge only in the days and weeks after detection (detection itself might be a matter of years) through the grinding application of forensics, correlation of information in massive databases, and anxiously parsing leads for reliability and to try and filter out dangerous disinformation.

Absolute cyber-safety, through defense or deterrence against an antagonist, is a chimera. The best hope for the Internet might be “peaceful coexistence” – the move toward cooperation instead of confrontation that characterized the US-USSR relationship when it became apparent that “mutually assured destruction” was leading to a proliferation of dangerous and destabilizing asymmetric workarounds instead of “security through terror”.

Or, as the Chinese spokesperson put it in Demick’s article:

“Cyberspace needs rules and cooperation, not war. China is willing to have constructive dialogue and cooperation with the global community, including the United States,” Foreign Ministry spokeswoman Hua Chunying said at a briefing Tuesday. [14]

It looks like the Obama administration, by carefully and convincingly placing the cyber-theft issue on the table, might be working toward some kind of modus vivendi that leads to a joint reduction of Internet threats – dare I say, win-win solution? – with the PRC.

It remains to be seen if this initiative can withstand the pressures of the US military, security, and technology industries for a profitable threat narrative – and the Obama administration’s own inclination toward zero-sum China-bashing.

Peter Lee edits China Matters. His story on North Korea’s nuclear program will appear in the March issue of CounterPunch magazine. He can be reached at: chinamatters (at) prlee. org.


1. If There’s a War With China…, China Matters, February 20, 2013.

2. Exposing One of China’s Espionage Units, Mandiant.

3. Remarks By Tom Donilon, National Security Advisory to the President: “The United States and the Asia-Pacific in 2013”, March 11, 2013.

4. US tells China to halt cyberattacks, and in a first, lays out demands, Christian Science Monitor, March 11, 2013.

5. U.S. military “unprepared” for cyberattacks by “top-tier,” cyber-capable adversary: Pentagon, Homeland Security Newswire, March 6, 2013.

6. More on Chinese Cyberattacks, Schneier on Security, February 21, 2013.

7. Inside the Black Box, Foreign Policy, March 7, 2013. (subscription only)

8. US digs in for cyber warfare, Asia Times Online, October 13, 2012.

9. America Freaked Out by the Cyberboogeyman It Unleashed, China Matters, October 12, 2012.

10. US hopeful China will recognize its cyber rules, CSO, May 21, 2012.

11. China and Russia’s ‘International Code of Conduct for Information Security’, .nxt, September, 2011.

12. China hacker’s angst opens a window onto cyber-espionage, Los Angeles Times, March 12, 2013.

13. APT1, that scary cyber-Cold War gang: Not even China’s best, The Register, February 27, 2013.

14. China hacker’s angst opens a window onto cyber-espionage, Los Angeles Times, March 12, 2013.

This article originally appeared on Asia Times.

More articles by:

Peter Lee edits China Matters and writes about Asia for CounterPunch.  

Weekend Edition
June 22, 2018
Friday - Sunday
Karl Grossman
Star Wars Redux: Trump’s Space Force
Andrew Levine
Strange Bedfellows
Jeffrey St. Clair
Intolerable Opinions in an Intolerant Time
Paul Street
None of Us are Free, One of Us is Chained
Edward Curtin
Slow Suicide and the Abandonment of the World
Celina Stien-della Croce
The ‘Soft Coup’ and the Attack on the Brazilian People 
James Bovard
Pro-War Media Deserve Slamming, Not Sainthood
Louisa Willcox
My Friend Margot Kidder: Sharing a Love of Dogs, the Wild, and Speaking Truth to Power
David Rosen
Trump’s War on Sex
Mir Alikhan
Trump, North Korea, and the Death of IR Theory
Christopher Jones
Neoliberalism, Pipelines, and Canadian Political Economy
Barbara Nimri Aziz
Why is Tariq Ramadan Imprisoned?
Robert Fantina
MAGA, Trump Style
Linn Washington Jr.
Justice System Abuses Mothers with No Apologies
Martha Rosenberg
Questions About a Popular Antibiotic Class
Ida Audeh
A Watershed Moment in Palestinian History: Interview with Jamal Juma’
Edward Hunt
The Afghan War is Killing More People Than Ever
Geoff Dutton
Electrocuting Oral Tradition
Don Fitz
When Cuban Polyclinics Were Born
Ramzy Baroud
End the Wars to Halt the Refugee Crisis
Ralph Nader
The Unsurpassed Power trip by an Insuperable Control Freak
Lara Merling
The Pain of Puerto Ricans is a Profit Source for Creditors
James Jordan
Struggle and Defiance at Colombia’s Feast of Pestilence
Tamara Pearson
Indifference to a Hellish World
Kathy Kelly
Hungering for Nuclear Disarmament
Jessicah Pierre
Celebrating the End of Slavery, With One Big Asterisk
Rohullah Naderi
The Ever-Shrinking Space for Hazara Ethnic Group
Binoy Kampmark
Leaving the UN Human Rights Council
Nomi Prins 
How Trump’s Trade Wars Could Lead to a Great Depression
Robert Fisk
Can Former Lebanese MP Mustafa Alloush Turn Even the Coldest of Middle Eastern Sceptics into an Optimist?
Franklin Lamb
Could “Tough Love” Salvage Lebanon?
George Ochenski
Why Wild Horse Island is still wild
Ann Garrison
Nikki Haley: Damn the UNHRC and the Rest of You Too
Jonah Raskin
What’s Hippie Food? A Culinary Quest for the Real Deal
Raouf Halaby
Give It Up, Ya Mahmoud
Brian Wakamo
We Subsidize the Wrong Kind of Agriculture
Patrick Higgins
Children in Cages Create Glimmers of the Moral Reserve
Patrick Bobilin
What Does Optimism Look Like Now?
Don Qaswa
A Reduction of Economic Warfare and Bombing Might Help 
Robin Carver
Why We Still Need Pride Parades
Jill Richardson
Immigrant Kids are Suffering From Trauma That Will Last for Years
Thomas Mountain
USA’s “Soft” Coup in Ethiopia?
Jim Hightower
Big Oil’s Man in Foreign Policy
Louis Proyect
Civilization and Its Absence
Robert Koehler
The Nuclear Status Quo