Why China hacks the world
Can aggressive espionage fuel the innovation that Beijing needs to reinvent its global role?
New York; and Wuzhen, China
The e-mails wouldn’t have struck anyone as unusual. The messages to employees at Boeing Co.’s offices in Orange County, Calif., where the aerospace giant works on the big C-17 military transport, looked like any of the hundreds of messages from colleagues and contacts flooding inboxes every day. But beginning in the winter of 2009, two Chinese hackers began sending malicious e-mails to Boeing employees disguised to look as if they came from familiar people. Even if one employee opened the mail and downloaded the attached file, it could give hackers a portal to secrets, corporate and US Department of Defense plans, engineering details, and potentially classified Pentagon files stored on Boeing networks. And that’s exactly what happened.
Over the next two years, hackers stole some 630,000 files from Boeing related to the C-17, the third most expensive plane that the Pentagon has ever developed, with research and development costs of $3.4 billion. They obtained detailed drawings; measurements of the wings and fuselage, and other parts; outlines of the pipeline and electric wiring systems; and flight test data – a gold mine for any criminal looking to sell information on the black market. But the hackers, according to the Federal Bureau of Investigation, already had a buyer: Su Bin, a Chinese national and aerospace professional living in Canada.
The Royal Canadian Mounted Police arrested Mr. Su on June 28, 2014, and he is currently awaiting extradition to the United States on charges of unauthorized computer access. His Chinese conspirators remain at large and unidentified. While the criminal complaint contains few details about the hackers’ true identities, the US Department of Justice says the two are members of China’s People’s Liberation Army (PLA). When extolling their credentials to Su, according to court documents, the hackers said their Boeing operation would not only give Su’s aviation firm, Lode Technologies Co., a competitive edge but also bolster Beijing’s military goals, since China’s state-owned Xian Aircraft Industrial Corp. was developing its own cargo plane.
It remains unknown if Chinese officials directed the operation. Even after National Intelligence Director James Clapper said China was a “leading suspect” in another major cyberbreach – the penetration of the US Office of Personnel Management (OPM) that exposed sensitive data on more than 18 million current and former government employees – the US government didn’t release details implicating Chinese agents. When it comes to data theft, pinpointing culprits is one of the most challenging aspects of cybercrime forensics. But the White House appears to have one smoking gun. In May 2014, the Department of Justice charged five Chinese hackers with stealing intellectual property from Westinghouse Electric and US Steel Corp. The DOJ claimed the hackers were members of the PLA General Staff, Third Department, Unit 61398, in Shanghai – a shadowy military unit that Western security officials have identified as a hub of Chinese electronic espionage. They sought competitive gain, or, as former Attorney General Eric Holder put it, “To advantage state-owned companies and other interests in China, at the expense of businesses here in the United States.” This was a watershed event: the first instance of charges being filed against an alleged state cyber actor. The indictment of PLA cyber sleuths helps complete a portrait of China – along with the Boeing incursion, the OPM data breach, and countless other penetrations of major corporations – as the world’s most audacious and pervasive hacker.
• • •
The diffusion of communication technologies has transformed commercial and political spying. Computer networks allow technologically inferior countries, small states, and even individuals to conduct surveillance operations that were once solely the purview of big states. The development of cyber-espionage tools and the movement of information online has leveled the field. Cellphones and computers are ubiquitous, so countries no longer need the capability to build and deploy bugging devices globally. As Alex Karp, chief executive officer of the California data analysis company Palantir Technologies, put it, “Software and technology has democratized espionage.”
This new age of spying is more than a national security concern. Since much cyber-espionage targets commercial secrets, it poses a persistent threat to America’s economic strength. Many countries are snooping. The US Office of the National Counterintelligence Executive (ONCIX) names France, Israel, and Russia, among others, as states collecting economic information and technology from American companies. During the 1980s and ’90s, the business class seats on Air France planes were allegedly bugged. While the airline has long denied the allegations, French intelligence officials have been forthright about the strategic importance of industrial espionage. As Pierre Marion, former director of France’s Directorate-General for External Security, said with regard to spying on the US, “In economics, we are competitors, not allies.”
But the ONCIX places China in a category all its own: “Chinese actors are the world’s most active and persistent perpetrators of economic espionage.” China is so relentless because it does not want to get caught in a technology trap, where Chinese producers dominate the low-value end of economic production and continue paying expensive royalties to European, Japanese, and US patent owners. It doesn’t want to be the world’s sweatshop – stuck in a labor-intensive, energy-demanding, environmentally destructive manufacturing economy. If Chinese companies continue to rely on technology from outsiders, in the view of the Global Times newspaper, part of the Communist Party-run People’s Daily Group, they run the risk of “perpetually remaining second-tier manufacturing specialists that lack the innovation needed to become true global technology leaders.”
In its quest to move from “made in China” to “invented in China,” Beijing has committed significant resources to boosting its innovation prowess. The 20-year plan for science and technology development envisions China becoming an “innovative nation” by 2020 and a “global scientific power” by 2050. Scientific funding has increased by 12 to 20 percent annually for each of the past
20 years, and China surpassed Japan in 2010 as the world’s second largest spender on R&D. Of all degrees awarded in 2011 by Chinese universities, 41 percent were in science, technology, engineering, or math – almost three times the rate in the US. Chinese scientists stand behind only their US colleagues in the number of science and technology journal articles published each year.
But Beijing is unsatisfied with this pace. Chinese leaders view technological autonomy as critical to economic and national security. As Chinese President Xi Jinping told a gathering of top scientists and engineers in June 2014, “Only if core technologies are in our own hands can we truly hold the initiative in competition and development. Only then can we fundamentally ensure our national economic security, defense security, and other aspects of security.”
But it’s not just impatience driving China’s behavior in cyberspace. Historical grievances are a powerful motivator, too. They stem not only from the history of bullying by European imperial powers and Japan, known as the century of humiliations, but also from Western efforts to deprive China access to critical technologies during the cold war and after the Tiananmen Square massacre. For China, these Western attitudes are an insult to a country that invented paper, printing, the compass, and gunpowder. As a result, covert efforts and industrial espionage accompany the overt science and technology programs.
It’s an approach that isn’t dissimilar to other nations’ historical quests for industrial competitiveness. In 1791, Treasury Secretary Alexander Hamilton proposed a scheme to offer money and other inducements to British engineers, German mechanists, and other foreigners to move to America in order to increase the “extent of valuable acquisitions to the population, arts, and industry.” Japanese engineer Iwama Kazuo helped Sony build its first transistor in 1954 by sending letters filled with technical details he had observed on the factory floor or gathered in conversation with his counterparts from Western Electric in the US. Industrial Age espionage happened over years and decades; now cyber-espionage takes place over hours and days.
• • •
The man behind China’s digital ambitions today is Lu Wei, the gregarious head of the Cyberspace Administration of China. An ideological warrior and propagandist, Mr. Lu is known as both a workaholic and showman. Writing about him after he was selected as one of Time magazine’s 100 most influential people of 2015, Jon Huntsman, former US ambassador to China, called Lu “uncharacteristically outspoken” in a system lacking transparency.
Lu’s ascent to China’s Web czar has been rapid. He rose from provincial branches of Xinhua, the national news agency, to become its secretary-
general and vice bureau chief. In 2011, authorities promoted him to vice mayor of Beijing and chief of the capital’s propaganda department. Lu moved up again in April 2013, becoming head of the State Internet Information Office, which regulates China’s Internet.
Lu’s work and thinking are essential to understanding China’s approach to the Web. From the moment Chinese users first went online a little more than two decades ago, policymakers have conceived of the Internet as a double-edged sword, essential to economic growth and good governance but also a major threat to domestic stability and regime legitimacy. Economic development has been a priority: China’s first Internet white paper, published in 2010, described the network’s “irreplaceable role in accelerating the development of the national economy.”
But Beijing has also been hypersensitive to any outside attempts to use the Internet as a democratizing tool. During much of the Obama administration, China has taken an essentially reactive stance, criticizing US efforts to promote an open, free, and global Internet. When then-Secretary of State Hillary Clinton delivered three speeches on the Internet in 2010 and 2011, asserting that users must be assured freedom of expression and religion online, as well as the right to access the Internet, Beijing responded negatively and defensively.
“Behind what America calls free speech is naked political scheming,” read the headline of one article in People’s Daily. “The United States,” the article continued, “applies double standards in implementing freedom of information: for those who have different political views or values, it waves a ‘freedom fighter’s’ club and leads a crusade against them.” Another article claimed, “One person’s Internet freedom is another’s Internet imperialism.”
Lu and others have dressed up this right to block Internet content and control access to the domestic market as Internet sovereignty. Still, Lu and his colleagues are not shy in describing their mission as transforming China from a big cyber country into a strong cyber power. The almost daily stories about Chinese hackers breaking into US networks give the impression that China rules cyberspace. Beijing, however, sees itself as vulnerable. While China has the world’s largest number of Internet users – more than 650 million – policymakers have significant concerns about Beijing’s technological prowess, the coherence of its international strategy, and its ability to respond to the growing sophistication of cyberattacks.
• • •
In February 2013, American cybersecurity firm Mandiant released a report contending that Unit 61398 of the PLA was behind attacks on 141 companies, including 115 in the US. Around the same time, the US Department of Homeland Security provided Internet service providers with the Internet addresses of hacking groups in China. In March 2013, National Security Adviser Tom Donilon spoke of the “serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale.” Two months later, the Pentagon blamed the Chinese government and military for numerous cyberattacks around the world.
When President Obama and Mr. Xi met for a two-day “shirtsleeve” summit in California in June 2013, Mr. Obama spoke diplomatically, noting that cyber-espionage was not unique to the US-Chinese relationship. Privately, however, Obama was more forceful, warning Xi that the hacking could severely damage bilateral relations. It had little effect on Beijing. China has consistently denied responsibility for cyber-espionage. In fact, Xi portrayed China as a victim. In response to US claims, Chinese sources listed the Internet protocol addresses for the attacks against China, with the majority originating from Japan, the US, and South Korea.
Soon after the summit, former National Security Agency contractor Edward Snowden revealed himself in Hong Kong as the source of leaks exposing the spy agency’s massive digital surveillance program. Mr. Snowden also told the local press that the NSA had hacked mainland Chinese targets, including universities and telecommunications companies. The Chinese press jumped on the allegations. By the end of the year, state-owned media were referring to the US as “the real hacking empire.”
The revelations, at least temporarily, vitiated the diplomatic pressure Washington was putting on Beijing. After being named responsible for the New York Times hack in February 2013, Unit 61398 temporarily curtailed its activities. Yet other groups in China seemed to pick up the slack. The Chinese government kept up a steady stream of denials, counteraccusations, and claims of victimhood. Moreover, by September, Unit 61398 was back doing its mischief again. Throughout these months, Congress searched for ways to raise the cost to China by pursuing a trade case in the World Trade Organization, levying economic sanctions and travel restrictions on suspected cyber spies, and blocking Chinese companies that benefited from espionage from participating in US markets. The Obama administration’s next step was the indictment of the PLA hackers.
But countering China’s cyberefforts is difficult, in part because of conflicting goals and definitions: The US wants to stop attacks on private industry resulting in intellectual property theft but leave the NSA free to conduct political and military espionage. As Gen. Michael Hayden, former director of the Central Intelligence Agency and NSA, put it: “You spy, we spy, but you just steal the wrong stuff.”
• • •
In the wake of the Snowden revelations and the PLA indictments, Beijing increased its focus on the security of the products it purchased from Microsoft and others. China Economic Weekly, owned by the People’s Daily, ran the headline “He’s Watching You” under the image of a helmeted head from a World War II-era US propaganda poster inscribed with the NSA logo. The article warned of “eight guardian warriors” – Cisco, IBM, Microsoft, Oracle, Intel, Qualcomm, Apple, and Google – that “have seamlessly infiltrated China.”
Many of these companies would soon find new barriers to doing business in China. Banks were encouraged to swap out IBM servers for ones from Inspur, a local brand, and government workers in a northeastern city replaced Microsoft Windows with NeoKylin, a Chinese-developed operating system. Chinese officials in Shanghai and other cities were told to ditch their Apple iPhones for Huawei phones. Then, in January 2015, Beijing circulated regulations that would force foreign technology companies supplying Chinese banks and other critical sectors to turn over secret source code, submit to invasive audits, and build surveillance backdoors into hardware and software.
Chinese officials justified the moves by pointing to the Snowden revelations and to what they saw as similar actions by the US government in blocking market access to Chinese companies. Most of China’s annoyances center on Huawei, the largest telecommunications equipment manufacturer in the world. It has been blocked from a number of deals in the US that would have opened up America’s Internet to Huawei products. Bill Bishop, an American observer of Chinese technology and social media who lived in Beijing from 2005 to 2015, calls what the Chinese government has done to US technology companies “being Huawei’d” – cast as suspicious and shut out of the market. As one senior Chinese Foreign Ministry official said, “If you do this to Huawei, what do you expect us to do?”
• • •
Feuds over spying used to be relatively innocuous. In the days of trench coats and crude listening devices, Moscow, London, and Washington followed a set of unstated rules on how to treat each other’s intelligence agents, sometimes expelling diplomats after a dramatic incident or when spying reached unacceptable levels. The idea of PNG’ing a person – declaring a diplomat persona non grata – and sweeping the fallout from espionage under the rug looks quaint today.
Whether last year’s hack of the OPM was digital espionage or the work of criminal hackers working outside any official Chinese agencies, the scope of the breach can’t be ignored. The hackers compromised 22 million records, including security background checks and data on intelligence and military personnel, as well as the fingerprints of 5.6 million people. What’s more, they gained access to OPM’s Standard Form 86, which includes information perfect for blackmail – records of financial trouble, drug use, alcohol abuse, and adulterous affairs. The records could allow Chinese counterintelligence agencies to identify spies working undercover at US embassies around the world. “This is not the end of American human intelligence,” said Joel Brenner, former senior counsel at the NSA, “but it’s a significant blow.”
The US is not the only target of this massive espionage network. Chinese hacker units have broken into computers belonging to BAE Systems, Britain’s biggest defense company; Japan’s Mitsubishi Heavy Industries, which makes weapons for the Japanese Self-Defense Forces; India’s Eastern Naval Command and Defense Research and Development Organization; and, between 2009 and 2011, three Israeli defense firms responsible for building the “Iron Dome” missile shield, which protects the country from rocket attacks from Gaza and Lebanon.
Electronic spies are also on the lookout for political information. Chinese hackers have targeted the offices of the Dalai Lama and Tibetan exile centers in Brussels; Dharamsala, India; London; and New York. They also targeted embassies, foreign ministries, and other government offices of Germany, India, Indonesia, Romania, South Korea, Taiwan, and others. In July 2015, Secretary of State John Kerry told CBS News that it was “very likely” the Chinese and Russians were reading his e-mails, and that he writes all of them with that threat in mind.
• • •
By the time Obama welcomed Xi to the White House in September, cyber-espionage was at the top of the diplomatic agenda. The trip was especially important to Xi to bolster his image with the Chinese public as a strong world leader. Chinese officials met with their US counterparts numerous times to ensure the visit was not disrupted by protocol errors, such as those that occurred at the 2006 summit with President George W. Bush when a heckler yelled at President Hu Jintao and the announcer used the official name for Taiwan, the Republic of China, instead of the People’s Republic of China to introduce the national anthems. The state dinner was a lavish affair. But even with all the pomp, the strain of digital hostilities hung over the pageantry. In the weeks before the meeting, US officials suggested that the White House would sanction Chinese individuals or entities that benefited from cybertheft. Because of the OPM hack, several presidential hopefuls called for Obama to cancel the summit or downgrade it to a working meeting.
The threat of sanction appeared to rattle China. At the conclusion of the summit, the US claimed that the two sides had agreed that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
But just three weeks after the agreement, cybersecurity firms reported new attacks by Chinese hackers on US pharmaceutical firms. Even so, the agreement was a diplomatic victory. Shortly after he visited Washington, Xi agreed in a meeting with British Prime Minister David Cameron that neither side would conduct commercial espionage. A few weeks after that, China and Germany announced that they would sign an agreement in 2016 to stop economic cyberspying. Similar agreements followed involving China, Brazil, Russia, the US, and other members of the Group of 20.
But history has proved that hard-fought diplomatic victories are often ethereal. In other words, don’t expect China to rein in its legions of hackers just yet. Beijing is closely monitoring what the US is doing in cyberspace, including the Pentagon’s plan to build out cyber command to a force of 6,000 by the end of 2016. US officials don’t see their efforts as creating an arms race, but it is safe to assume that China will develop its own cyber capabilities to avoid falling behind.
Moreover, with Xi’s desire to turn China into a “great cyber power,” Beijing will continue to pursue a strategy of exerting sovereignty over cyberspace, which is bound to create friction with Washington. The challenge for the two sides from here will be to identify some rules that will keep tensions low – and keep a full-scale cyberwar from erupting.
Excerpted from “The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age,” by Adam Segal. Available from PublicAffairs, a member of The Perseus Books Group. Copyright © 2016.