Skip to main content

China is waging an undeclared cyberwar on the US … but now what?

China is waging cyberwar
Image used with permission by copyright holder

If you think the timing of a damning report on China’s government-sponsored cyber-attacks on U.S. industry and government is a coincidence, think again.

The 60-page report (PDF) from cybersecurity firm Mandiant, for those of you who missed the media hellfire it sparked on Tuesday, blames the People’s Republic of China for widespread cyber-attacks and cyber-espionage on U.S. industry and government. Targets include companies like Coca-Cola, as well as companies that operate critical infrastructure, like electrical grids, oil and gas pipelines, and water supply.

Recommended Videos

The report, which was featured in a front-page story by The New York Times (a former client of Mandiant), pinpoints a 12-story office building in Shanghai which Mandiant researchers believe is home to “APT1,” one of “more than 20” similar hacker outfits supported or employed by the China’s People’s Liberation Army (PLA). The hacker contingent is officially known as “Unit 61398,” and has been labeled the “Comment Crew” or “Shanghai Group.” Mandiant even published video of one of the alleged APT1 hackers in action, an individual known as “DOTA” who creates fake Gmail accounts to launch spear-phishing attacks on targets – one of the primary weapons used by APT1, according to Mandiant.

“APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations,” reads the report, “and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.”

This highly detailed report marks the first time a private company has explicitly called out the PLA as the source of a barrage of cyber-attacks on the U.S. It is also the first publicly available report to reveal exhaustive evidence – if not a “smoking gun” – to support accusations that China’s government poses a major threat to U.S. cybersecurity. Many people have talked about it over the years, few have provided something close to proof.

The Chinese government has firmly denied the credibility of the Mandiant report. “The Chinese army has never supported any hackings,” said China’s Ministry of National Defense in a statement to state-owned news agency Xinhuanet. The ministry also said the report was false and unprofessional.

Of course, this denial is neither new nor particularly believable. During the course of reporting various cybersecurity stories, I have personally witnessed real-time cyber-attacks on major U.S. businesses that originated in China. And the information in the Mandiant report has since been backed up by sources within the U.S. government and by a variety of other cybersecurity firms that have gathered similar data.

So the legitimacy of the Mandiant report is not really in question, whatever the Chinese government has to say about it. What did strike me as odd, however, was the timing of its release.

Since January 31, we have seen high-profile cyber-attacks by Chinese hackers on The New York Times, Wall Street Journal, Washington Post, and Bloomberg News. In the last week, we saw Chinese hackers blamed for infecting a developer’s website that resulted in malware infections at Facebook, Apple, and possibly Twitter.

We also saw President Obama call out cybersecurity as a major priority for the U.S. in the State of the Union address on February 12, and, earlier that day, sign an executive order meant to bolster U.S. critical infrastructure networks. Also that Tuesday, Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) – implicit support for which Mandiant CEO Kevin Mandia gave during a testimony (PDF) before the House Permanent Select Committee on Intelligence on February 14.

All of this felt eerily familiar. In the months that followed the September 11, 2001, attack on the World Trade Center and the Pentagon, our media and our government constantly bombarded us with evidence for why military action was necessary. Al Qaeda, weapons of mass destruction, and the hideous might of Saddam Hussein saturated our world. Talk of Chinese hackers, and the media reports surrounding them, in no way match the insanity churned up in immediate post-9/11 America. But upon reading The New York Times report about Mandiant’s findings in the wee hours of Tuesday morning, I couldn’t help but wonder: Why now?

“We felt like there’s a bunch of things coming together at the same time,” Richard Bejtlich, Mandiant Chief Security Officer, told me during a phone interview. “Our CEO Kevin Mandian just testified before the House Permanent Select Committee on Intelligence last week all about information sharing. This is what we’re doing; we’re sharing information.”

Bejtlich also points to Obama’s executive order, and the admission by the Times and other news outlets that Chinese hackers had infiltrated their networks, as an indication that “this is the time to let the world know what we know about this one group.” Furthermore, he said, “We had heard through some back channels that there’s some support for less observation of the fireworks – in other words, just watching companies get hacked – and more putting the message out there that this isn’t acceptable, and doing something about it.”

So, what does “doing something about it” look like? According to the Associate Press, the Obama administration has already begun “eyeing fines, penalties and other trade restrictions as initial, more-aggressive steps the U.S. would take in response to what top officials say has been an unrelenting campaign of cyber-stealing linked to the Chinese government.” Hawks, like former FBI executive assistant director and current president of cybersecurity firm CrowdStrike Shawn Henry, are calling for even more aggressive action.

“If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation,” Henry told the AP. “This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be.”

Others have linked the current situation between the U.S. and China as something akin to the Cold War between the U.S. and the Soviet Union – an analogy Bejtlich echoed during our conversation.

“For those of us that remember the Cold War, we had this sort of mindset that it’s expected that the Russians are out there, and that they had a certain world view, and there’s certain things that they do, and we deal with them in a certain way,” said Bejtlich. “We’re not in a Cold War now, thankfully, but we are in a different sort of conflict.”

In an interview with CNN, former CIA and Homeland Security official Chad Sweet also equates the current U.S.-China relationship to the Cold War – but adds that the dangers of this conflict could be even more severe.

“We’re essentially facing a new Cold War – a cyber Cold War,” he said. “The destructive capacity is equal to that of a nuclear warhead … But what makes it more sinister than the nuclear age is that there’s no easily identifiable plume.”

The U.S. government’s view on the severity of cyber-attacks was made most clear last October, when Defense Secretary Leon Panetta warned that the U.S. could face a “cyber-Pearl Harbor.”

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” said Panetta. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Why passenger trains would be loaded with lethal chemicals, Panetta did not say. But the message is clear: cyber-attacks are serious business. And the Mandiant report further promotes this worldview.

Now, I won’t pretend for a second to understand the massively complicated relationship between the U.S. and China, or the degree to which the Mandiant report complicates those ties even further. But as a citizen witnessing the sudden deluge of activity surrounding cybersecurity, I can’t help but wonder – and worry – about where all this is headed.

The passage of legislation like CISPA – a bill civil rights advocates see as a threat to our Fourth Amendment rights – seems all but certain. But then what? How does the Internet change for everyday people once it’s become an officially declared battleground of the world’s two most powerful countries? I have no idea, and have yet to find an answer. One can only hope that when that answer comes, it will be a good one. For now, we wait.

Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
PayPal vs. Venmo vs. Cash App vs. Apple Cash: which app should you use?
PayPal, Venmo, Cash App, and Apple Wallet apps on an iPhone.

We’re getting closer every day to an entirely cashless society. While some folks may still carry around a few bucks for emergencies, electronic payments are accepted nearly everywhere, and as mobile wallets expand, even traditional credit and debit cards are starting to fall by the wayside.

That means many of us are past the days of tossing a few bills onto the table to pay our share of a restaurant tab or slipping our pal a couple of bucks to help them out. Now, even those things are more easily doable from our smartphones than our physical wallets.

Read more
How to change margins in Google Docs
Laptop Working from Home

When you create a document in Google Docs, you may need to adjust the space between the edge of the page and the content --- the margins. For instance, many professors have requirements for the margin sizes you must use for college papers.

You can easily change the left, right, top, and bottom margins in Google Docs and have a few different ways to do it.

Read more
What is Microsoft Teams? How to use the collaboration app
A close-up of someone using Microsoft Teams on a laptop for a videoconference.

Online team collaboration is the new norm as companies spread their workforce across the globe. Gone are the days of primarily relying on group emails, as teams can now work together in real time using an instant chat-style interface, no matter where they are.

Using Microsoft Teams affords video conferencing, real-time discussions, document sharing and editing, and more for companies and corporations. It's one of many collaboration tools designed to bring company workers together in an online space. It’s not designed for communicating with family and friends, but for colleagues and clients.

Read more