This is the 3rd part in a 4-part series: Murder, Money, and Spies: An Investigative Series on the Chinese Military’s For-Profit Ventures.
China’s state-run cyberattacks have been described as a war without bullets, with the Chinese regime stealing U.S. wealth, innovation, and military might. As government and industry are scrambling to find means to respond to the incessant barrage of attacks, the story about how this assault began remains little known.
“It [that story] doesn’t make what they’re doing any nicer, but it indicates more the frame of mind this came out of, which I think is important,” said Ethan Gutmann, author of the recently released book The Slaughter: Mass Killings, Organ Harvesting, and China’s Secret Solution to Its Dissident Problem, in a phone interview.
The Chinese regime’s first known cyberattacks were in 1999, when the then-leader of the Chinese regime, Jiang Zemin, set out to eradicate the spiritual practice of Falun Gong. Jiang had determined that the principles of Falun Gong—truthfulness, compassion, and tolerance—were antithetical to the Communist Party’s rule, and he was looking for a way to conceal his actions from the world.
All the systems were in place for the campaign. The media was under the Party’s control. The Internet was tightly censored. And the Chinese regime’s history of campaigns against its own people and its use of pervasive surveillance left a residual environment of fear that ensured a certain level of self-censorship among the masses.
Yet, one hole remained. The Party’s new targets had friends or family who lived abroad, and they could cause problems for a persecution that relied on misinformation and disinformation to control public reaction.
“This was never about attacking the West initially,” Gutmann said. “This all started as an attempt to get at Falun Gong.”
To Start a Cyberwar
The first known Chinese state-run cyberattacks against the West targeted networks in four countries—two in the United States, two in Canada, one in the United Kingdom, and one in Australia. All of the targets were websites that explained what Falun Gong is and how it began to be persecuted in China.
According to a January 2002 RAND Corporation report from James Mulvenon, vice president of Defense Group Inc.’s Intelligence Division, the attacks took place within a close time-frame that aligned with the persecution in China, and several of the cyberattacks were traced to networks under the Chinese regime’s Ministry of State Security.
As the Chinese regime continued using cyberattacks to try to quell the free flow of information abroad, it began recognizing the new tool could have other uses. Security researchers began seeing cyberattacks originating from China that served multiple uses. On one side, they were used to spying on dissidents, and on another side the same methods were used to steal from Western companies and gain intelligence from foreign governments.
Google revealed in January 2010 that the Chinese regime was targeting its networks, but according to documents later leaked by WikiLeaks the attacks were part of a larger campaign that had been going on since 2002. The Chinese regime was also targeting government networks of the United States and its allies, as well as networks belonging to the Tibetan Dalai Lama and two email accounts of Chinese artist Ai Weiwei.
An attack from 2006 to 2007 breached computers of two congressmen and stole documents about dissidents critical of the Chinese regime.
The Chinese regime’s March 2009 cyberattacks, dubbed by security researchers as GhostNet, targeted networks of embassies, foreign ministries, and the Dalai Lama’s Tibetan exile centers.
“Over time they started seeing the opportunity resonance in this thing, and they started expanding it,” Gutmann said.
According to Gutmann, a former agent of the Chinese regime’s gestapo-like 610 Office, a Party organ created specifically to persecute Falun Gong, described to him how the Chinese regime expanded the scope of its cyberattacks.
The agent, Hao Fengjun, had defected from China and was then living in Australia. When Hao still held his post, he told Gutmann, he was able to read emails sent within China, as well as emails intercepted to and from China.
As the persecution in China continued, Falun Gong practitioners in other countries “kept bringing graphic results of torture to the attention of the international legal system,” Gutmann wrote in a 2010 report for the World Affairs Journal. Seeing that information on its persecution was getting out, the Chinese regime determined it needed to expand its foreign operations.
“With no one blocking them,” Gutmann wrote, Chinese hackers launched successful attacks in Taiwan, and in 2005 were able to carry out the Titan Rain cyberattacks that targeted everything from military contractors to the Pentagon and NASA.
In 2007, the Chinese regime’s hackers were able to carry out the Byzantine Hades cyberattacks with little more than a peep of condemnation from U.S. officials. The attacks, which were traced to the Chinese military are only now getting broad media attention—because part of the theft involved designs of the F-35 fighter jet.
The two main departments behind the cyberattacks are the Ministry of State Security and the General Staff Department, which is the branch of the Chinese military dedicated to war fighting.
In May 2014 the FBI indicted five officers from the Chinese regime’s military, who were allegedly involved in cyberattacks against U.S. companies. They were part of the Third Department of the General Staff Department, which runs its military cyberspy operations. Many of the Chinese regime’s recent cyberattacks are believed to be launched by this unit.
The two departments have close ties. According to a report from GlobalSecurity.org, when it comes to domestic operations, the Ministry of State Security “is responsible for the surveillance and recruitment of businessmen, researchers, and officials visiting from abroad.”
While the Ministry of State Security “has only visibly subjected dissidents and foreign journalists to surveillance measures,” the report states, “an intricate network of more clandestine surveillance is conducted by state ministries, academic institutions, and the military-industrial complex.”
Both departments also play more direct roles in the persecution against Falun Gong inside China.
Epoch Times previously reported that the General Staff Department headquarters was tasked with making sure information on the Chinese regime’s persecution doesn’t leak out of China—particularly the Chinese regime’s programs to use imprisoned Falun Gong practitioners as living sources for organ transplants, which the Chinese military is directly involved in.
A former agent of the Ministry of State Security, who defected from China, told Bill Gertz of The Washington Times in 2009 “that his country’s civilian spy service spends most of its time trying to steal secrets overseas but also works to bolster Beijing’s Communist Party rule by repressing religious and political dissent internally.”
According to Gutmann, to grasp the nature of China’s state-run cyberattacks, it’s crucial to understand the root of it all. “According to my 610 Office friend in Australia this was all about Falun Gong,” Gutmann said, “because they were the stone in their shoe.”
Thus, the cyberattacks, from the very start until now, were never just about theft and never just about an expansion of China’s military power.