Cyber-Espionage and China’s Dream of National ‘Return’
Is the PRC “winning” the cyber-espionage competition?
May 2, 2013 - 1:05 am
Cyber-attacks upon American computer networks, and the theft of massive amounts of information by means of cyber-espionage — both against private industry and against the U.S. government itself — are very much in the news of late, and the People’s Republic of China is increasingly being fingered as the culprit.
Since the mid-2000s, Western cyber-security experts have been reporting a dramatic rise in cyber-attacks apparently originating in China, a phenomenon that has come to be known in such circles as the “advanced persistent threat” (APT). The office of the U.S. government’s National Counterintelligence Executive recently reported that “Chinese actors are the world’s most active and persistent perpetrators of economic espionage.” China hardly has a monopoly on modern cyber-espionage against Western targets, but Chinese hackers are acquiring an unequaled notoriety from garden-variety industrial espionage, to attacks on U.S. defense contractors and government entities, to intimidation and message-control games such as the cyber-attacks on the New York Times after it ran an embarrassing exposé of apparent corruption in the family of then-Chinese premier Wen Jiabao.
Because of the ease with which cyber-attackers can conceal their points of origin, however, it has always been difficult to “prove” what has nonetheless seemed ever more clear to cyber-security experts for several years — namely, that the Chinese government is itself responsible for much of the APT, directly orchestrating such attacks itself, enlisting cyber-“privateers” to invade Western networks on its behalf, or (more likely) doing both of these things. Officials in Beijing strenuously deny any such involvement, and have lately been trying to turn the rhetorical tables by playing to modern China’s well-nursed sense of historical victimization by alleging that a blameless China is in fact the innocent target of malevolent Western cyber-campaigns.
In the past couple of years, however, notwithstanding the difficulty of attributing the origin of attacks undertaken in cyberspace, cracks have been appearing in Beijing’s wall of denial. In 2011, the web security company McAfee released a report detailing the results of its own efforts to trace a series of cyber assaults back to a cyber-attack command-and-control server in China used by an entity that McAfee experts nicknamed “Shady Rat.”
Perhaps the most interesting thing about the Shady Rat episode is the window it seemed to provide into likely PRC state sponsorship of APT attacks. The McAfee team decorously declined publicly to point fingers in this regard, but having themselves essentially hacked back in to the attacker’s computer, the McAfee experts downloaded and published the logs of Shady Rat’s cyber-attack targets since mid-2006. The list is illuminating, for in addition to containing a good many of just the sort of potentially lucrative industrial espionage targets one would expect a freelance, organized crime, or corporate cyber spy to pursue, Shady Rat’s target list included a range of non-remunerative political targets of the sort only really likely to be attractive to the PRC regime itself.
Among these political targets, in the period leading up to the 2008 Summer Olympics in Beijing, were the International Olympic Committee, various Western and Asian national Olympic Committees, and the World Anti-Doping Agency. China believed the Olympics were an event of inestimable propaganda and political importance and the leadership treated the Games as a sort of debutante ball to mark China’s emergence as a great power after long years of “humiliation” by Western imperialists. They invested enormous energy in trying to ensure that China outshone the rest of the world there.
Also targeted by Shady Rat during the period for which McAfee experts downloaded its records were various political non-profit organizations that the Chinese regime dislikes, including one Western outfit devoted to promoting democracy around the world, a U.S. national security think tank, a second U.S. think tank, a major U.S. news organization, the United Nations itself, the Secretariat of the Association of Southeast Asian Nations (ASEAN), twelve U.S. government agencies, some U.S. state and local governments, some U.S. defense contractors, and government agencies in both India and Canada. (Shady Rat apparently never targeted anybody in China, by the way.)
Beijing’s mask of denial slipped further later that year when a Chinese news documentary about the PRC’s military broadcast on a government-run television channel aired a clip appearing to show a technician actually launching a cyber-attack on a U.S.-based web address belonging to the Falungong spiritual group that PRC authorities detest and have fiercely persecuted since 1999. After Western reporters called attention to the cyber-attack braggadocio in the mere six second of “B roll” footage in the documentary, it was quickly removed from the Internet. The episode, however, provided yet another data point suggesting that the longstanding talk in PRC military and strategic journals about the imperative of preparing for what is termed “informationized” warfare is no longer just talk.
Earlier this year another important watershed occurred: the first instance of cyber-security experts being willing publicly to identify the PRC regime itself as the point of origin for key components of the APT. Last month, the security company Mandiant released a report publicly identifying a component of the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s 3rd Department — a military outfit awkwardly known as Military Unit Cover Designator 61398 — as probably having been the originator of a series of APT assaults on at least 141 organizations across multiple industries. In fairness, Mandiant apparently only traced the attacks to the Shanghai neighborhood where Unit 61398 is based, but this is generally believed to be a distinction without much of a difference. (As The Economist recently put it, it is unlikely that a well-funded group of professional cyber-attackers are based in the noodle joints that surround Unit 61398’s PLA-controlled high-rise building.)
Mandiant’s report is thus very significant, for it has explicitly injected into the public discourse on cyber conflict what security experts have privately emphasized for years: that our massive data-losses to the usually-anonymous Chinese entities of the APT are in significant part thefts orchestrated by the CCP regime itself, apparently as part of a broad economic, political, and indeed strategic policy devoted to the PRC’s advancement vis-à-vis the West in general and the United States in particular. Such state-sponsorship is not news to policy community insiders, but the PRC’s cyber-strategy is now a subject of open discourse for the first time — and Mondiant’s report has indeed made something of a splash in the media.
For those with some familiarity with China’s engagement with the West since the mid-19th century, however, this cyber-campaign is novel only in its use of computer networks as the tools and targets of a technology strategy. Acquiring national power through the borrowing and adaptation of Western technical knowledge has been an enduring and hugely important element of Chinese approaches ever since the Qing Dynasty’s first painful encounters with British military technology in the Opium War. Early diplomatic envoys were transfixed by Western technology from the start — a theme reflected in Chinese travel diaries as early as 1868 — and Chinese officials’ near-obsession with obtaining it, and the power it represented and helped make possible, has been a constant of Chinese interactions with the West ever since.
It has been a central theme of China’s narrative of the West for a century and a half that China must learn the West’s technological ways as an essential part of China’s own return to greatness after painful years of “humiliation” at Western hands. Debate has raged, and still rages, about the degree to which China must in this process Westernize — that is, whether it is really possible to acquire Western techniques and Western levels of global power without traducing some “Chinese” essence — but obtaining for themselves the tools of Western-style technological modernity has always been, and remains, a fixation of China’s leadership.
Sustained efforts to seek out foreign knowledge is not traditionally China’s cup of tea, as it were. The only precedent for such outreach in the generally extraordinarily insular Middle Kingdom’s long history can be found in China’s reaction to the arrival of Buddhism from India — in connection with which at least 56 expeditions were sent from China before the 10th century to acquire knowledge from the fountainhead of such sacred wisdom. In an era when this journey required struggling over some of the worlds most inhospitable deserts and the planet’s highest mountains, or alternatively working one’s way in perilous hops around the coastline of Southeast Asia, Chinese scholars and monks traveled eagerly abroad to acquire Buddhist learning for China in the form of sacred sutras that were subsequently translated into Chinese.
In the modern era, China has once again embraced the acquisition of foreign learning, eagerly “going to get the sutras” of modernity — and the power that such knowledge has been seen to impart since the Qing’s painful encounter with Western imperialism — by seeking out foreign technology. Whether this has occurred through the dispatch of Chinese students to foreign universities, quasi-capitalist trade and business relationships characterized by vehement Chinese insistence upon technology-transfer provisions, the acquisition and reverse engineering of foreign arms and military technology, or rampant intellectual property theft and cyber-espionage, the deliberate and systematic acquisition of technology has been a central plank of modern China’s encounter with the non-Chinese world in the 19th, 20th, and 21st centuries.
So this is the historical context in which the most recent revelations about PRC cyber-espionage must be seen: this is no mere passing phase, but merely one manifestation of a powerful continuing theme. There is much more at issue than merely Chinese entrepreneurs’ aggregated desire to nick industrial secrets in a rapidly growing “Wild West” economy still lamentably unconstrained by the rule of law. The continuum of acquisition, from legitimate means to outright theft, is a deep part of Chinese strategic policy, and has been for generations. It is inextricably bound up with modern China’s obsession not merely with national “rise” but with a notion of “restoration” or “return” to first-rank power and status that is inherently competitive and zero-sum in its conceptual underpinnings. Acquiring the technological “sutras” of modern power is felt to be a precondition for China’s great dream of return, and the Middle Kingdom is not picky or squeamish about its methods. Cyber-espionage is merely the latest variation on this well-established theme.
How well is this working? All the evidence so far points to a massive, sustained, and pretty sophisticated Chinese cyber effort to steal technology, trade and industrial secrets, and other intellectual property, and to penetrate information systems across Western high-technology sectors and in the government. As far as can be ascertained by publicly available sources, moreover — and despite recent efforts by PRC propagandists to respond to such reports by depicting China as being the real cyber-victim — this flow largely goes in only one direction. (The PRC regime is really only “victimized” by electronic information flows in the sense that it takes umbrage at the difficulty of controlling the political content of Internet-facilitated communication to and by its citizens, which is a very different issue.) In this sense, one might perhaps say that the PRC is “winning” the cyber-espionage competition.
While its strategic policy of cyber-facilitated theft has clearly helped give the PRC considerable benefits and has contributed to China’s “return,” however, it is not necessarily the case that simply being the better cutpurse is “winning” in the deepest sense. The continuing fixation of Chinese leaders upon technology acquisition and the largely one-way nature of the information flow, in fact, suggest both that the PRC still considers itself to be “behind” the West. (Moreover, we implicitly agree. After all, Western governments don’t seem to regard stealing intellectual property from China to be all that important to our national strategy. This may perhaps have something to do with still not being all that impressed by it.)
So while the West seems clearly to have been suffering massive information losses to Chinese cyber-espionage, the very lopsidedness of modern technological cyber theft may thus signal that Beijing does not yet feel that it has succeeded in acquiring the “sutras” of technological modernity it has so long sought from the West. In the bigger picture, therefore, while the embeddedness of PRC cyber-espionage in the great project of “return” may reveal a very problematic strategic intent of zero-sum competition and Sinocentric primacy, the fact that China apparently still feels the need for such theft suggests a continuing undercurrent of insecurity and weakness. Technology acquisition is designed to change weakness into strength, of course, but the feverish pace of ongoing cyber-theft is certainly a signal that China feels it isn’t there yet, and that we are still looked upon as creators and privileged holders of the sacred knowledge, as it were, that Beijing covets.
Nor, I think, is it guaranteed that China will be able to use and benefit to the fullest possible extent from what it steals. During the Cold War, for instance, the Soviets stole a fair amount of Western technology, but with certain important exceptions, they weren’t able to exploit it too well — especially in their broader economy and in ways that augmented their national strength across the spectrum. Modern China is probably much better positioned to do this than the Soviets were, but there are still no guarantees.
There is an old saying in English about how giving someone a fish allows him to eat for a day, but teaching him how to fish allows him to feed himself forever. This may provide some insight here. Stealing what another system has learned and developed is an important shortcut, but it is not quite the same thing as being able to make progress on one’s own — which is a more important test of sophistication and advanced modernity. To the extent that it still has to subsist on technological scraps it steals from the tables of more advanced states, China clearly has not yet succeeded in its great project of a national “return” to greatness.
And this evokes to the great 19th and early 20th century Chinese debates over whether China actually can really be said to possess the “sutras” of modernity just by acquiring particular technical skills, and while still clinging to older forms of centralized and authoritarian socio-cultural organization. It may be that in some deep way, sustainable technological and economic modernity requires the adoption of a truly modern socio-economic “operating system” as well: that is, a vibrant, open, and pluralistic way of organizing society so that one can become a source of innovation and brilliance in the world rather than merely a borrower of other’s ideas.
This could end up being a big challenge for the Communist Party oligarchy in Beijing, for it may be that authoritarian rule is incompatible with true modernity, and with China’s ultimate success in achieving national greatness.