Commentary
Chinese leader Xi Jinping intends to turn China into a leading “cyber superpower.” Although Xi is known for delusions of grandeur, this particular dream is fast becoming a reality.
In July of last year, in an effort to strengthen its cybersecurity sector, the Chinese Communist Party (CCP) drafted a three-year action plan. With such a plan, we should expect an increase in information warfare and cyber espionage.
Speaking of Chinese espionage, the American media and publishing company News Corp. recently announced the discovery of a “persistent cyberattack” targeting employees’ emails. Founded by Rupert Murdoch, the multinational mass media corporation owns Dow Jones & Company, a publisher of both The Wall Street Journal and the New York Post. The attack, we’re told, was carried out by Beijing-backed cyber experts.
This is not surprising. Both the Post, an outlet I contribute to from time to time, and the Journal have written rather damning pieces about China. The former, for example, has documented (in great detail) the ties between shady Chinese operatives and Hunter Biden.
After this attack, the United States—China’s biggest rival—should be on high alert. Sadly, though, the country now finds itself in a state of cyber-limbo. In fact, the United States has never looked more vulnerable. Seven out of eight federal agencies, according to a Senate report, are failing to protect critical data.
Why?
Poor cyber security infrastructure. Such shoddiness could cost the country dearly.
The report, titled “Federal Cybersecurity: America’s Data Still at Risk,“ called the findings “stark.” Many of the very same issues that “have plagued Federal agencies for more than a decade” are still present. Agencies of critical importance have “made minimal improvements.” In 2020, for example, only “DHS managed to employ an effective cybersecurity regime.”
Now, with tensions between the United States and China escalating, Beijing will surely look to exploit these weaknesses. In fact, it already has. As U.S. cybersecurity issues mount, China’s cyber capabilities become more potent. Not only is the CCP busy training the next generation of cyber specialists, China’s Ministry of State Security, according to U.S. intelligence, “uses criminal contract hackers to conduct unsanctioned cyber operations globally, including for their own personal profit.”
To be clear, the importance of cybersecurity cannot be emphasized enough. A country with poor cyber infrastructure is extremely vulnerable to attack. As the most powerful country in the world, the United States has a number of allies. For the very same reason, however, it also has a number of enemies, including China.
At present, U.S. agencies suffer from poor cyber hygiene, meaning the practices and precautions used to keep sensitive data safe and secure from attackers are substandard. This explains why CCP-backed hackers have stolen the data of at least 206 million Americans. Without adequate cybersecurity measures, protected health information (PHI), personal information, and intellectual property are at risk of being compromised.
Inside China’s Cybersecurity Contest
To get an idea of the threat posed by China, let’s discuss the Tianfu Cup international cybersecurity contest, an annual event that sees the brightest minds congregate for a weekend of state-approved hacking.The latest contest took place in Chengdu, the culinary capital of China. The competition hosted three separate tournaments: the first, aptly called “vulnerability demonstration,” saw competitors demonstrate various weaknesses that could be exploited; the second competition involved the cracking of specific devices; the third, meanwhile, was called the “OS [operating system] cracking competition.” The contest, which was held on Oct. 16-17, 2021, was the biggest one to date; with a total bonus of $1.5 million. It’s easy to see why.
Throughout the contest, teams were given five minutes to run their exploits; not surprisingly, the device cracking competition drew the most attention. In just 15 seconds, the Kunlun Lab team successfully cracked the security of an iPhone 13 Pro live on stage. Besides manipulating vulnerabilities in Apple’s iOS software, the hackers also demonstrated an ability to target the likes of Google and Microsoft.
A few months before the event in Chengdu, CCP-backed hackers targeted Microsoft Exchange servers. The attack, according to the BBC, affected at least 30,000 organizations globally. Were the attackers previous Tianfu participants? Don’t bet against it.
After all, in 2020, one of the iOS exploits showcased at the Tianfu Cup was used in a cyberespionage campaign carried out against the Uyghur people.
In a piece for War on the Rocks, J.D. Work wrote, “The Tianfu competition demonstrated the continued ability to hold key Western systems and networks at risk.” The competition, he added, “highlighted the substantial depth of China’s offensive cyber inventories, and showed off a talent base of aggressive hackers undeterred by blowback from international exposure of its activities.”
Judging by the evidence, Work warned that we are headed “towards a surprising future in which China’s offensive cyber power surpasses that of the West.” He cautioned that the competition’s sponsors included “prominent firms within the country’s defense industrial base.”
What happens in China no longer stays in China; and what happened in Chengdu certainly won’t stay in Chengdu. The Tianfu Cup is far from a harmless competition. It showcases the smartest, sharpest minds in China, and how such minds can be weaponized by the CCP.
Which brings us back to the United States’ shambolic approach to cybersecurity. Who will win the wars of tomorrow? Well-trained soldiers or well-trained cyber specialists? The latter, I argue. Who knows, maybe the wars of tomorrow will be won by Tianfu veterans.
Views expressed in this article are opinions of the author and do not necessarily reflect the views of The Epoch Times.
