Skip to main content

China is waging an undeclared cyberwar on the US … but now what?

China is waging cyberwar
Image used with permission by copyright holder

If you think the timing of a damning report on China’s government-sponsored cyber-attacks on U.S. industry and government is a coincidence, think again.

The 60-page report (PDF) from cybersecurity firm Mandiant, for those of you who missed the media hellfire it sparked on Tuesday, blames the People’s Republic of China for widespread cyber-attacks and cyber-espionage on U.S. industry and government. Targets include companies like Coca-Cola, as well as companies that operate critical infrastructure, like electrical grids, oil and gas pipelines, and water supply.

The report, which was featured in a front-page story by The New York Times (a former client of Mandiant), pinpoints a 12-story office building in Shanghai which Mandiant researchers believe is home to “APT1,” one of “more than 20” similar hacker outfits supported or employed by the China’s People’s Liberation Army (PLA). The hacker contingent is officially known as “Unit 61398,” and has been labeled the “Comment Crew” or “Shanghai Group.” Mandiant even published video of one of the alleged APT1 hackers in action, an individual known as “DOTA” who creates fake Gmail accounts to launch spear-phishing attacks on targets – one of the primary weapons used by APT1, according to Mandiant.

“APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations,” reads the report, “and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.”

This highly detailed report marks the first time a private company has explicitly called out the PLA as the source of a barrage of cyber-attacks on the U.S. It is also the first publicly available report to reveal exhaustive evidence – if not a “smoking gun” – to support accusations that China’s government poses a major threat to U.S. cybersecurity. Many people have talked about it over the years, few have provided something close to proof.

The Chinese government has firmly denied the credibility of the Mandiant report. “The Chinese army has never supported any hackings,” said China’s Ministry of National Defense in a statement to state-owned news agency Xinhuanet. The ministry also said the report was false and unprofessional.

Of course, this denial is neither new nor particularly believable. During the course of reporting various cybersecurity stories, I have personally witnessed real-time cyber-attacks on major U.S. businesses that originated in China. And the information in the Mandiant report has since been backed up by sources within the U.S. government and by a variety of other cybersecurity firms that have gathered similar data.

So the legitimacy of the Mandiant report is not really in question, whatever the Chinese government has to say about it. What did strike me as odd, however, was the timing of its release.

Since January 31, we have seen high-profile cyber-attacks by Chinese hackers on The New York Times, Wall Street Journal, Washington Post, and Bloomberg News. In the last week, we saw Chinese hackers blamed for infecting a developer’s website that resulted in malware infections at Facebook, Apple, and possibly Twitter.

We also saw President Obama call out cybersecurity as a major priority for the U.S. in the State of the Union address on February 12, and, earlier that day, sign an executive order meant to bolster U.S. critical infrastructure networks. Also that Tuesday, Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) – implicit support for which Mandiant CEO Kevin Mandia gave during a testimony (PDF) before the House Permanent Select Committee on Intelligence on February 14.

All of this felt eerily familiar. In the months that followed the September 11, 2001, attack on the World Trade Center and the Pentagon, our media and our government constantly bombarded us with evidence for why military action was necessary. Al Qaeda, weapons of mass destruction, and the hideous might of Saddam Hussein saturated our world. Talk of Chinese hackers, and the media reports surrounding them, in no way match the insanity churned up in immediate post-9/11 America. But upon reading The New York Times report about Mandiant’s findings in the wee hours of Tuesday morning, I couldn’t help but wonder: Why now?

“We felt like there’s a bunch of things coming together at the same time,” Richard Bejtlich, Mandiant Chief Security Officer, told me during a phone interview. “Our CEO Kevin Mandian just testified before the House Permanent Select Committee on Intelligence last week all about information sharing. This is what we’re doing; we’re sharing information.”

Bejtlich also points to Obama’s executive order, and the admission by the Times and other news outlets that Chinese hackers had infiltrated their networks, as an indication that “this is the time to let the world know what we know about this one group.” Furthermore, he said, “We had heard through some back channels that there’s some support for less observation of the fireworks – in other words, just watching companies get hacked – and more putting the message out there that this isn’t acceptable, and doing something about it.”

So, what does “doing something about it” look like? According to the Associate Press, the Obama administration has already begun “eyeing fines, penalties and other trade restrictions as initial, more-aggressive steps the U.S. would take in response to what top officials say has been an unrelenting campaign of cyber-stealing linked to the Chinese government.” Hawks, like former FBI executive assistant director and current president of cybersecurity firm CrowdStrike Shawn Henry, are calling for even more aggressive action.

“If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation,” Henry told the AP. “This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be.”

Others have linked the current situation between the U.S. and China as something akin to the Cold War between the U.S. and the Soviet Union – an analogy Bejtlich echoed during our conversation.

“For those of us that remember the Cold War, we had this sort of mindset that it’s expected that the Russians are out there, and that they had a certain world view, and there’s certain things that they do, and we deal with them in a certain way,” said Bejtlich. “We’re not in a Cold War now, thankfully, but we are in a different sort of conflict.”

In an interview with CNN, former CIA and Homeland Security official Chad Sweet also equates the current U.S.-China relationship to the Cold War – but adds that the dangers of this conflict could be even more severe.

“We’re essentially facing a new Cold War – a cyber Cold War,” he said. “The destructive capacity is equal to that of a nuclear warhead … But what makes it more sinister than the nuclear age is that there’s no easily identifiable plume.”

The U.S. government’s view on the severity of cyber-attacks was made most clear last October, when Defense Secretary Leon Panetta warned that the U.S. could face a “cyber-Pearl Harbor.”

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” said Panetta. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Why passenger trains would be loaded with lethal chemicals, Panetta did not say. But the message is clear: cyber-attacks are serious business. And the Mandiant report further promotes this worldview.

Now, I won’t pretend for a second to understand the massively complicated relationship between the U.S. and China, or the degree to which the Mandiant report complicates those ties even further. But as a citizen witnessing the sudden deluge of activity surrounding cybersecurity, I can’t help but wonder – and worry – about where all this is headed.

The passage of legislation like CISPA – a bill civil rights advocates see as a threat to our Fourth Amendment rights – seems all but certain. But then what? How does the Internet change for everyday people once it’s become an officially declared battleground of the world’s two most powerful countries? I have no idea, and have yet to find an answer. One can only hope that when that answer comes, it will be a good one. For now, we wait.

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
How to change your language in Google Chrome on desktop
Chrome OS

Google Chrome supports a wide range of languages. While it'll default to English in most cases, there's nothing stopping you from changing its settings and displaying pages in Spanish, French, or dozens of other languages.

Changing your default language in Chrome takes only a few seconds, and the technique used is the same across Windows and Mac. Aside from changing your language, note that Chrome now gives you the option to automatically translate pages written in another language – making it easy to read content from around the globe.

Read more
23 of the best Netflix hacks, tips, and tricks
The Netflix home screen.

Netflix is one of the most popular streaming platforms for all things movies and TV shows. Home to an immense library of titles, the Netflix archive is constantly changing and evolving, and so are the many ways you can use your Netflix account. 

For instance, did you know you can access region-locked Netflix shows and flicks by using a VPN? Or that you can disable that pesky Autoplay feature? There are tons of Netflix hacks, tips, and tricks out there, so we’ve gone ahead and rounded up all of our favorites! 
Expand your streaming with a VPN

Read more
How to make a GIF from a YouTube video
woman sitting and using laptop

Sometimes, whether you're chatting with friends or posting on social media, words just aren't enough -- you need a GIF to fully convey your feelings. If there's a moment from a YouTube video that you want to snip into a GIF, the good news is that you don't need complex software to so it. There are now a bunch of ways to make a GIF from a YouTube video right in your browser.

If you want to use desktop software like Photoshop to make a GIF, then you'll need to download the YouTube video first before you can start making a GIF. However, if you don't want to go through that bother then there are several ways you can make a GIF right in your browser, without the need to download anything. That's ideal if you're working with a low-specced laptop or on a phone, as all the processing to make the GIF is done in the cloud rather than on your machine. With these options you can make quick and fun GIFs from YouTube videos in just a few minutes.
Use GIFs.com for great customization
Step 1: Find the YouTube video that you want to turn into a GIF (perhaps a NASA archive?) and copy its URL.

Read more