EP 05: China’s Relentless War of Cyber Espionage & Cyber Attacks against the United States – Part II

EP 05: China’s Relentless War of Cyber Espionage & Cyber Attacks against the United States – Part II What’s on China’s wish list when it comes to nation state attacks? Almost anything, the experts say. Anything that can disrupt our economic way of life. Anything that can give the Chinese an upper hand over the […]

EP 05: China’s Relentless War of Cyber Espionage & Cyber Attacks against the United States – Part II

What’s on China’s wish list when it comes to nation state attacks? Almost anything, the experts say. Anything that can disrupt our economic way of life. Anything that can give the Chinese an upper hand over the Unites States. In late January, 2019, the United States Justice Department announced criminal charges against Huawei Technologies, the largest communications equipment manufacturer in the world. Included in the litany of charges in the court filings were bank and wire fraud, violating U.S. sanctions on Iran, along with conspiring to obstruct justice relating to the actual investigation. FBI Director Christopher A. Wray noted how “firms like Huawei “pose a dual threat to both our economic and national security, and the magnitude of these charges make clear just how seriously the FBI takes this threat.”

Wray also stated how China is trying to “to get secret information about our trade, our ideas, and innovations…” using “…an expanding set of unconventional methods each time to achieve their goals.” Wray warned that the threat of cyber espionage from China “affects companies in all regions and in all sectors of the US economy.”

Authorities also unsealed a separate 10-count indictment in Washington state, charging two affiliates — Huawei Device Co. and Huawei Device USA — with conspiring to steal trade secrets from T-Mobile regarding a phone-testing robot. According Annette Hayes, first assistant U.S. attorney for the Western District of Washington. “Huawei clearly knew it was part of an organized effort to steal technology…This is part of Huawei’s M.O.”

In the summer of 2020, Wray was on the offensive again, unleashing a blistering attack on the Chinese, arguing that their cybersecurity attacks amount to one of the largest transfers of wealth in human history.” Said Wray during an address at the Hudson Institute, “The stakes could not be higher, and the potential economic harm to American businesses and the economy as a whole almost defies calculation.”

When asked if the United States had any idea of the financial damage incurred on America’s economy due to Chinese Cybersecurity attacks, Wray said he didn’t know of an exact number, but added that “every figure I’ve seen is breathtaking.” Wray also added that “To achieve its goals and surpass America, China recognizes it needs to make leaps in cutting edge technology, but the sad fact is that instead of engaging in the hard slog of innovation, China often steals American intellectual property and then uses it to compete against the very American companies it victimizes, in effect, cheating twice.”

A Thirst for Global Power and Dominance

So, how did the world’s most populous country (1.4 billion) become such a force in cyberterrorism? For starters, more than half of China’s population is online, so that’s quite a few hackers to choose from when the government goes looking for the best and brightest. And China has been launching cyber-attacks for the last two decades, with great success. As far back as 1999, the Chinese government was busy hitting foreign websites with a series of Denial of Service (DoS) attacks. But that was child’s play compared to China’s current cyberterrorism climate – state sponsored, covert cyber espionage. Over the years, China has been able to steal highly sensitive source code from Google, break into government databases, and much more.

Even more alarming was a report from the nonprofit Institute for Critical Infrastructure Technology describing how China’s espionage essentially supports the country’s 13th Five-Year Plan for the 2016 to 2020 period, which calls for technology innovations and socioeconomic reforms. China’s goal? An “innovative, coordinated, green, open and inclusive growth.” Even more disturbing from the report is the charge that most of the technology needed to make China’s plan a reality will come from theft of trade secrets from companies in other countries.

According to Michael Fuchs, senior fellow at the Center for American Progress, a think tank. “I think it is very fair to say that China sees this cyber espionage for economic purposes as a necessary component of its national strategy to grow economically and to become a more powerful country, and that it is not going to stop — at least not with the current set of pressure that is being exerted by the U.S. and others.”

China shows no slowing down with its extensive list of cyberterrorism and cyberespionage measures. It continues to attack America’s critical infrastructure, going after aerospace, technology, and much more. Though there is not an exact number on the financial damage inflicted on the United States from China’s cyber-attacks, an independent commission recently reported the costs to be as high as $300 billion, with approximately 50 to 80 percent of the attacks coming from China.

America’s response to the growing cyber threats from China – and other nation-state cyber attackers – has to be multi-faceted, and must include collaboration with the U.S. government and the private sector. A recently issued United States Department of Defense Cyber Strategy noted that “we must ensure the U.S. military’s ability to fight and win wars in any domain, including cyberspace. This is a foundational requirement for U.S. national security and a key to ensuring that we deter aggression, including cyber-attacks that constitute a use of force, against the United States, our allies, and our partners.”

A History of Cyberattacks that Keeps Growing

Make no mistake, China has an army of hacker’s intent on attacking the United States with sophisticated methods in the ever-escalating cyber war. Some of the more recent attacks tied to China include the following:

A Chinese national by the name of Lizhong Fan who worked for an Arizona counterterrorism center reportedly stole a massive amount of sensitive American security information and then suddenly disappeared. Fan was hired by the Arizona Counter Terrorism Information Center in 2007, subsequently given access to large amounts of data – such as Arizona’s driver’s licenses list, police databases, and possible intelligence information. Fan walked out of the building one day, never to return, but took with him a number of laptops and hard drives. Not surprising, the Chinese have vehemently denied any of the charges levied against them.

And a Shanghai-based group of hackers based in Shanghai with reported ties to the People’s Liberation Army in China had, in recent years, undertaken dozens of cyber-attacks on U.S. companies, such as Coca-Cola, Lockheed Martin, and others. Embassy officials have once again denied that China’s involvement with thy cyber-attacks, stating such allegations were “unprofessional.”

William Carter, deputy director of the Technology Policy Program at the Center for Strategic and International Studies (CSIS), views the professionalization of China’s cyber capabilities as another way to delegitimize the United States. Specifically, not only is China seeking to gain influence in Asia, it desperately seeks to raise its standing in the international arena for all things related to cyber. In its push toward professionalization, China is therefore consolidating its private-sector capabilities with its military intelligence services, effectively focusing on long-term strategic goals, rather than disruptive attacks that are the norm for countries like Russia, North Korea, and Iran. China wants to have its cake and eat it too. They want to be seen as good guys, but also a country with formidable cyberwarfare skills that can be unleashed at a moment’s notice.

To learn more about cybersecurity and how to protect your organization, visit charlesdenyer.com today and get access to a wide range of world-class resources on all things cyber. Additionally, my companies offer comprehensive cybersecurity, data privacy, and regulatory compliance services & solutions for businesses all across the globe. Book a call with me today at charlesdenyer.com/contact and let’s discuss your needs.