A Brief Look at Chinese Cyberwarfare
By Griffin Klevering
War has changed: what used to be a confined to a physical battlefield has evolved into a hidden neural war fought from every corner of the earth. For the first 2,000 years of humanity’s existence, war was fought on the physical battlefield (Howell, 2015). With sticks, then swords, then guns, people fought against one another directly. They took and saved lives personally on their own merit. This is now rapidly changing. With the invention of computers and the internet, cyber and informational warfare are rapidly becoming prevalent. From a grand distance, people can cause damage to other countries safely and effectively through the internet. Be they viruses, false information campaigns, or worse, cyberwarfare is an important tool of any nation state.
At the helm of this cyberwarfare advancement is China. Many experts view China as the greatest cyber threat on Earth (Duke, 2020). In fact, the United States’ Cybersecurity and Infrastructure Security Agency, the CISA, has issued several warnings to organizations about the risk of Chinese military cyberattacks. CISA also warns of the possibility of Chinese state-affiliated actors (“Chinese Malicious”, n.d.). These actors are hacker groups that have no direct connection to the Chinese government, allowing the hackers to do attacks the government normally could not. Indeed, the Chinese government is incredibly powerful in this new world of cyberwarfare.
Attacks on the West
It is no surprise that the primary victims of China’s cyber-attacks tend to be their ideological opponents. The United States, England, Taiwan, etc. have all been targets of cyber-attacks by China (Metzl, n.d.). The U.S. in particular has had many cyber altercations with China. On March 3rd, 2021, Microsoft’s email and calendar service “Exchange” was hacked, potentially giving the perpetrators access to millions of emails (Collier, 2021). In fact, over 60,000 organizations are believed to have been affected (Hollister, 2021). In response, the U.S. rushed to patch Federal systems in hopes of preventing any major damage from being done to the government (Conger & Frenkel, 2021). The perpetrators are believed to be the hacker group “Hafnium”, a group with known connections to the Chinese government (Collier, 2021). It goes without saying that this was a massive attack. With over 60,000 organizations known to be hacked, the Chinese sponsored hackers have stolen millions of emails. These emails could have important information and their theft could have dire consequences. This attack is merely one of many conducted by the Chinese government or their sponsored actors in recent years.
In the same vein of the American attacks, the UK has accused Chinese hackers of also attacking many U.K. businesses during a period of weakness caused by the Covid-19 pandemic. Several hacking groups known to be affiliated with the Chinese government, such as ATP41, disrupted a major social healthcare service in the UK and stole their valuable data. Later, a different group stole patient data from two technical firms (Matt Burgess, 2020). These are only a few of the attacks the UK believes Chinese actors have committed during this time. These attacks differed from the American email attacks as they did not steal government secrets, but rather they primarily attacked healthcare businesses and firms. These attacks were meant to capitalize on the weakness brought upon by the pandemic and cause havoc amongst the people.
Attacks on Taiwan
China has also attacked Taiwan many times with cyberattacks and cyber espionage. The relationship between China and Taiwan is one with great history. Simply put: China seesTaiwan as its own, and Taiwan rejects this notion (“What’s Behind”, 2021). In China’s efforts to reclaim Taiwan, it is believed several cyber campaigns were conducted against Taiwan. For example, in May of 2020, Taiwan accused Chinese hackers of launching a cyber campaign against several important businesses in response to the reelection of Taiwan’s president: the Taiwan national oil company, the Formosa Petrochemical corporation, and Powertech technology. These hacks left many gas stations unusable and caused computer networks to go down across the country. While China has denied any involvement, the Taiwan government has stated they firmly believe China to be the culprit (Lacullo, 2020). Similarly, On August 19th, 2020, it was discovered Chinese hacking groups had infiltrated several of Taiwan’s government agencies, and tech companies, and had stolen emails from over 6,000 people. These hacks were committed by the group “Blacktech” and used the malware “Taidoor”, both of which are known to be connected to the Chinese government (Lee, 2020). Taidoor is an incredibly powerful remote access trojan, meaning it’s a type of malware that disguises itself as normal software, but really installs a backdoor that allows a hacker to take control of a computer (“What is RAT”, n.d.). In fact, in 2012, there was a similar attack in which Taidoor was used on the Taiwan government, resulting in an U.S. FBI investigation concluding that Taidoor is used by Chinese government cyber actors (Kovacs, 2020).
These attacks illustrate the power of Chinese hackers. As shown in these attacks, China can use outside, non-governmental hacker groups to avoid blame. This is a common tactic among nation-states, as it helps them mask their involvement (Holt, Bossler, Seigfried-Spellar, 2018). These attacks also illustrate a common pattern in the targets of China’s hackers. The U.S, U.K., and Taiwan are ideological opponents to China and are some of the leading world powers. Therefore, it seems that China performs cyberwarfare and espionage for political reasons. They do not do it for money or religion; they cause havoc in important national services or try to steal information for intelligence. They aim find to weaknesses to cripple their enemies.
Defending from these hacking attacks is difficult. Outside of normal cyber security, not much can be done. In late October 2020, the NSA was able to identify 25 exploits that Chinese hackers are specifically trying to use. These exploits were detailed in an advisory in hopes of protecting U.S. businesses and organizations before damages are done (Vavra, 2020). This is roughly the extent of what the United States government can do to protect from such exploits. In the end, it is up to businesses themselves to choose if they want to protect themselves or not. Unfortunately, there are many more exploits Chinese hackers could use besides these. The best defense against hackers is to continuously search for exploits and try to protect against them before it is too late. However, hacking isn’t the only strength China has in the cyber world, they also have an incredible ability to control and spread the information they want for their political gains.
Information warfare is more than having all the information, it’s also how it’s used. No war can be won without the support of the people. China is a master at both gaining the support of its own people while simultaneously wearing down the support of its enemies. If you have high morale and your enemy has low morale, the battle is already won. Thus, controlling the information of both your own people and your enemies is a crucial part of modern warfare. Keeping their own people supportive while turning the enemy’s public against the policies of their own government allows China to exert a power over their enemies. China tries to spread positive information about themselves and send propaganda abroad to do just this.
Internet trolls are incredibly powerful and are a common way for nations to spread their beliefs. The idea is relatively simple. A group of people are employed to push an idea. They make comments on social media that pose their idea in a favorable position best (Linvill & Warren, 2019). Many of these internet trolls spread, lies more commonly called disinformation, which is shown to be very effective in support of a cause (Weedon, Nuland, & Stamos, 2017). The best of them never tells full lies, but spins on the truth. The goal here is not to push people towards the idea, but to let them guide themselves to it. Strong emotions like disgust do this the best (Linvill & Warren, 2019). It’s clear to see how trolls can be so powerful. If an individual sees a large group of people spreading one idea, it is easier to join in. This is the nature of trolls, to have a mass of convincing people trick others into believing. China is no stranger to this. China employs what is called the “50 cent army”, which is an “army” of internet trolls who spread online propaganda and disinformation for the Chinese government (Lau, 2016). The name “50 cent” comes from a rumor that the government paid each member 50 Chinese cents per positive post made. It’s a common misconception that these trolls are teens or overly patriotic citizens. In reality, they’re government employed workers who specifically train for this (Lau, 2016). This Chinese funded group makes over 450 million posts a year, with their primary goal of making America the target of criticism and downplaying the existence of Taiwan (“China’s 50-cent army”, 2020). These trolls help spread disinformation and push the messages China wants to push, be it distracting Chinas citizens from the problems within their own country or emphasizing the flaws in other countries.
China also uses another interesting tactic to create their propaganda: stealing real accounts from people and repurposing them. For example, Chinese operatives have been able to hack and steal twitter accounts. Once an account is stolen, it will begin a slow metamorphosis into a Chinese propaganda machine. It will begin to tweet pro Chinese tweets, change its profile picture to something more generic, and remove all followers, essentially wiping any reminders of who it once belonged to (Kao & Li, 2020). The account will now simply be a pro Chinese troll account, posting pro Chinese messages in hopes to radicalize or turn other people towards their cause. Many of these accounts will post in English, though many switch to Chinese. The messages are aimed both at Americans who are Chinese-sympathizers and at ethnic Chinese who now live outside of China (Kao & Li, 2020). Many accounts like these are run by bots, that automatically create content and share them. Some are “core accounts”, or accounts that create content. Some are “amplifier accounts”, or accounts that simply share the posts by the core accounts in order to make them appear legitimate and spread them to a wider audience (Taylor,2020).
Defending from these internet propaganda trolls is difficult. The damage done by trolls isn’t fixable like hackers. Money can always be taken back, damages can always be fixed, but it can be impossible to snuff out disinformation or unsway a heart. Companies like Twitter have made steps in stopping the spread of disinformation. Twitter has recently begun adding tags to tweets that may contain false information about the 2020 election and Covid-19 (Gadde & Beykpour, 2020; Twitter Safety, 2021). Similarly, YouTube has taken steps to stop 2020 election disinformation (“YouTube Security”, n.d.). As for bots and account stealing, it’s up to the individual social networks to find and remove them. Twitter actively tries to detect spam accounts (such as bots) and accounts that have been stolen and taken over by monitoring drastic changes. (Gadde, 2018). Of course, their detection isn’t perfect and still has a long way to go, but any account they can remove is beneficial at stopping the spread of disinformation.
The Great Chinese Firewall
Perhaps the greatest power China has is the so called “Great Chinese Firewall”. The Chinese government is a master at controlling information. Their bots spreading disinformation are powerful and their legion of people spreading pro Chinese messages is unstoppable, but they hold one final method of controlling information, a nation-wide censor on all internet communication. This censor is called “The Great Chinese Firewall”. In reality, the firewall isn’t a single entity, but a collection of strategies that the government uses to censor the information they want do not want their general public to see (Wang, 2020). Starting in 2000, the firewall initially only blocked access to a few hardcore anti-communist Chinese websites. Over the years, it has grown to encompass a large part of the internet (Wang, 2020). It’s easy to control people if you control what they see. China has many ways to manipulate the American people, but the firewall hinders Americans and other foreign entities from doing the same. The list of websites banned is massive. It encompasses many of the websites used daily by the rest of the world: Twitter, Facebook, and even Google and YouTube (“The Complete List”, 2021). Instead, Chinese citizens can use alternatives that the government monitors and actively censors, like Weibo. These alternatives are incredibly popular, given they are the only ones available. Weibo alone has 222 million active users as of 2016 (Stecklow, 2016).
The firewall blocks specific websites using DNS poisoning. Basically, when a website is entered, a computer asks a DNS server for the address of the website. The Chinese government has changed the addresses of websites they don’t want so the DNS address doesn’t lead anywhere. This results in any attempts to access the website failing (Hoffman, 2018). The firewall censors are not only for specific websites but can also block all websites with specific key words in them. It will read the URL of any incoming traffic and end any connections that contain illegal keywords, like “Tiananmen Square”, which is a heavily censored piece of Chinese history. Similarly, the firewall will also search individual data packets, making sure any websites with illegal words outside of the URL will also be blocked (Hoffman, 2017). With information being controlled like this, the Chinese government can keep its people largely immune to outside ideas. This is a perfect counter to what the government does to other countries, as very little outside propaganda will be able to affect the people of China. They cannot use Twitter or Google, so the only news they get will be from Government allowed sources. In a way, the government uses cyberwarfare on its own people, using it to keep the public in support of their ideas. With unity like this, China is far more impervious to infighting making them less likely to be torn apart like many other countries can.
Of course, no method is perfect. VPN’s have historically been a decent way to get around the firewall. While not easy, those who are tech savvy can use a VPN to essentially pretend to be in a different country all together, thus dodging the firewall. This will encrypt the data and hide your computer. Unfortunately, the Chinese government caught onto this as well and has recently begun cracking down on VPNs, leading to the available VPNs becoming slower and less reliable. Apple was even forced to remove all VPNs from their App Store (Fried, 2021). No one knows if this last safe haven of uncensored internet will continue to exist for the Chinese Public. The firewall is continually improving and may someday become completely unavoidable.
Defending against Chinese cyberattacks is difficult, if not impossible. Twitter and Google can ban nefarious users, but that solution is temporary, as the attacker could always make a new account. The United States can try to defend from hacks and try to patch exploits before they become a problem, but new exploits will always be found. They can kill a virus, but a new one will be made. Permanent, effective solutions are very difficult to find for this issue. While outright war is always an option, it’s one that should be avoided. One possible solution would be to impose economic sanctions. Currently the U.S. and EU will put sanctions on individuals and groups for hacking or engaging in in other forms of cyber warfare, but not countries (Stupp, 2020). While this is effective at hurting an individual, as it can ban them from traveling to certain countries and hinder them in other ways, it does nothing from stopping countries like China and Russia from performing attacks (Stupp, 2020). Total economic sanctions on a country are a potential method for deterring attacks. Sanctions are an aggressive response to punish a nation for an act. The U.S. could harm China where it hurts: its wallet. With an economic sanction on the line, perhaps China would be deterred from performing any future cyberattacks. Of course, the U.S. alone most likely would not be enough to properly deter Chinese actors. However, U.S. representative Mike Rogers has suggested the idea of many nations at once using diplomatic and economic power to stop Chinese actors (Cornwell, 2011). China has attacked dozens of nations within the past few years. The U.S., the U.K, Taiwan, Germany, and more have been the victims of attacks (Metzl, n.d.). If these nations all could agree to implement economic sanctions on the entire country of China, they could have a genuine impact on China’s willingness to perform cyber-attacks on the rest of the world.
Chinese organizations are at the forefront of cyberwarfare innovation. They hold powerful hacking techniques and viruses. Their ability to control information, spread propaganda, disinformation, and keep their own people blind to the outside is nearly unstoppable. Their cyber espionage ability is unparalleled, and it is only getting stronger. As they develop more strategies, create more accounts, find more exploits, and strengthen their firewall, they will continue to grow in power. According to Harvard’s National Cyber Power Index, China ranked just behind the United States in overall cyber warfare ability, even beating out the U.S. in cyber surveillance and cyber commerce categories (Sussman, 2020). Within the next 5-10 years, China could very well overtake the United States and become the most powerful cyber nation. In this cyber cold war, the future is unclear and undefined. The next few years could very well define the future of the internet and information warfare as a whole.
Burgess, M. (2020, July 23). Chinese hackers targeted major UK companies as coronavirus raged. Wired UK. https://www.wired.co.uk/article/china-coronavirus-hacking-uk-us
China’s 50-cent Army Fabricates 450 Million Fake Posts a Year to Spread Lies and Hatred. (2020, June 7). The Epoch Times (Singapore). https://epochtimes.today/chinas-50-cent-army-its-450-million-fake-posts-and-the-life-and-death-of-the-ccp/
Chinese Malicious Cyber Activity | CISA. (n.d.). Retrieved March 8, 2021, from https://us-cert.cisa.gov/china
Collier, K. (2021, March 3). U.S. issues warning after Microsoft says China hacked its mail server program. NBC News. https://www.nbcnews.com/tech/security/u-s-issues-warning-after-microsoft-says-china-hacked-its-n1259522
Conger, K., & Frenkel, S. (2021, March 6). Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China. The New York Times. https://www.nytimes.com/2021/03/06/technology/microsoft-hack-china.html
Cornwell, S. (2011, October 4). UPDATE 1-US lawmaker: China cyber espionage “intolerable.” Reuters. https://www.reuters.com/article/usa-china-cyber-idUSN1E7931PR20111004
Duke, J. E. (2020, October 6). Cyber World War: The People’s Republic of China, Anti-American Espionage, and the Global Cyber Arms Race. Global Security Review. https://globalsecurityreview.com/cyber-world-war-china-anti-american-espionage-global-cyber-arms-race/
Eduard, K. (2020, August 4). U.S. Attributes Taidoor Malware to Chinese Government Hackers | SecurityWeek.Com. https://www.securityweek.com/us-attributes-taidoor-malware-chinese-government-hackers
Fried, L. (2018, October 29). How to Get Around the Great Firewall of China. Too Many Adapters. https://toomanyadapters.com/get-around-great-firewall-china/
Gadde, V. (2018, Wednesday). Confidence in follower counts. https://blog.twitter.com/en_us/topics/company/2018/Confidence-in-Follower-Counts.html
Gadde, V., & Beykpour, K. (2021, October 9). Additional steps we’re taking ahead of the 2020 US Election. https://blog.twitter.com/en_us/topics/company/2020/2020-election-changes.html
Hoffman, C. (2017, September 10). How the “Great Firewall of China” Works to Censor China’s Internet. How-To Geek. https://www.howtogeek.com/162092/htg-explains-how-the-great-firewall-of-china-works/
Hollister, S. (2021, March 8). Microsoft was warned months ago—Now, the Hafnium hack has grown to gigantic proportions. The Verge. https://www.theverge.com/2021/3/8/22319934/microsoft-hafnium-hack-exchange-server-email-flaw-white-house
Holt, T., Bossler, A., & Seigfried-Spellar, K. (2018). Cybercrime and Digital Forensics: An Introduction (2nd ed.).
Howell, E. (2015, January 19). How Long Have Humans Been On Earth? Universe Today. https://www.universetoday.com/38125/how-long-have-humans-been-on-earth/
Kao, J., & Li, M. (2020, March 26). How China Built a Twitter Propaganda Machine Then Let It Loose on Coronavirus. ProPublica. https://www.propublica.org/article/how-china-built-a-twitter-propaganda-machine-then-let-it-loose-on-coronavirus?token=nponEfVIhbu_Yb4_j1EeltF4h5FW_Uc4
Lacullo, J. (2020, May 12). Taiwan sees China as likely source of coordinated cyberattacks on three major companies. Industrial Cyber. https://www.industrialcyber.co/threats-attacks/industrial-cyber-attacks/taiwan-sees-china-as-likely-source-of-coordinated-cyberattacks-on-three-major-companies/
Lau, J. (2016, October 7). Who Are the Chinese Trolls of the “50 Cent Army”? | Voice of America - English. Voanews.Com. https://www.voanews.com/east-asia-pacific/who-are-chinese-trolls-50-cent-army
Lee, Y. (2020, August 19). Taiwan says China behind cyberattacks on government agencies, emails. Reuters. https://www.reuters.com/article/us-taiwan-cyber-china-idUSKCN25F0JK
Metzl, J. (n.d.). China and Cyber-Espionage. Asia Society. Retrieved March 8, 2021, from https://asiasociety.org/policy/strategic-challenges/china-and-cyber-espionage
Snapshot. (n.d.). Retrieved March 28, 2021, from https://www.youtube.com/howyoutubeworks/our-commitments/supporting-political-integrity/
Stecklow, S. (2016, March 4). How China’s Biggest Social Network Works With the Government. Intelligencer. https://nymag.com/intelligencer/2016/03/how-weibo-works-with-the-chinese-government-to-censor.html
Stupp, C. (2020, August 5). First EU Sanctions for Cyberattacks Point to Alignment With U.S. on Foreign Hacking. Wall Street Journal. https://www.wsj.com/articles/first-eu-sanctions-for-cyberattacks-point-to-alignment-with-u-s-on-foreign-hacking-11596619801
Sussman, B. (2020, September 10). Top 10 Most Powerful Countries in Cyberspace. https://www.secureworldexpo.com/industry-news/top-10-most-powerful-countries-in-cyberspace
Taylor, J. (2020, June 12). Twitter deletes 170,000 accounts linked to China influence campaign. The Guardian. http://www.theguardian.com/technology/2020/jun/12/twitter-deletes-170000-accounts-linked-to-china-influence-campaign
The Complete List of Blocked Websites in China & How to Access Them. (2021, January 31). VpnMentor. https://www.vpnmentor.com/blog/the-complete-list-of-blocked-websites-in-china-how-to-access-them/
Twitter Safety. (2021, March 1). Updates to our work on COVID-19 vaccine misinformation. https://blog.twitter.com/en_us/topics/company/2021/updates-to-our-work-on-covid-19-vaccine-misinformation.html
Vavra, S. (2020, October 20). NSA warns defense contractors of recent Chinese government-backed hacking. CyberScoop. https://www.cyberscoop.com/defense-contractors-chinese-government-hacking-nsa/
Wang, Y. (2020, September 1). In China, the ‘Great Firewall’ Is Changing a Generation. POLITICO. https://www.politico.com/news/magazine/2020/09/01/china-great-firewall-generation-405385
Warren, P., & Linvill, D. (2019, November 25). That Uplifting Tweet You Just Shared? A Russian Troll Sent It. Rolling Stone. https://www.rollingstone.com/politics/politics-features/russia-troll-2020-election-interference-twitter-916482/
Weedon, J., Nuland, W., & Stamos, A. (2017). Information Operations and Facebook
What is RAT (remote access Trojan)? - Definition from WhatIs.com. (n.d.). SearchSecurity. Retrieved March 11, 2021, from https://searchsecurity.techtarget.com/definition/RAT-remote-access-Trojan
What’s behind the China-Taiwan divide? (2021, January 29). BBC News. https://www.bbc.com/news/world-asia-34729538
YouTube Security & Election Policies—How YouTube Works. (n.d.). YouTube Security & Election Policies - How YouTube Works. Retrieved March 28, 2021, from https://www.youtube.com/howyoutubeworks/our-commitments/supporting-political-integrity/