China’s Cyberattacks Reveal Its Military Interests

October 6, 2013 Updated: October 6, 2013

China is often criticized for the opaque nature of its military interests. China’s unclear motives impact everything from its territorial disputes with surrounding nations, to regulations forbidding NASA to work with Chinese nationals due to China’s silent push for space warfare technology.

Chinese military doctrine only feeds concerns. It speaks of pre-emptive strikes, hiding a military’s true capabilities, and using means to fight wars without engaging in conventional battles.

An infamous 1999 Chinese military book from two senior colonels titled “Unrestricted Warfare,” states, “As we see it, a single man-made stock-market crash, a single computer virus invasion, or a single rumor or scandal that results in a fluctuation in the enemy country’s exchange rates or exposes the leaders of an enemy country on the Internet, all can be included in the ranks of new-concept weapons.”

But the world is changing. From businesses to governments, cybersecurity is now at the front line of security, and sophisticated cyberattacks are being traced back to China on an almost weekly basis.

With this shift, the shroud of secrecy that drew China’s interest to cyberwar is gradually being pulled aside.

National Fingerprints

“All this conflict we hear about in cyberspace, and everything else, is just a reflection of what was happening in the world we knew before the Internet,” said Dr. Kenneth Geers and author of “Strategic Cyber Security.”

Geers has a unique occupation. When advanced and ongoing cyberattacks are discovered, he checks the fingerprints and tries to find the culprit.

The attacks being used by state-sponsored hackers aren’t going to say “code written in China,” said Geers. “But we can look at international negotiations or events at the border, or a leadership summit, and we might very well be able to tie it back to a certain country.”

“Context gives you the likely candidate,” he said.

The sheer volume of cyberattacks, which are prone to repeat tactics, coupled with the fact that most advanced attacks require budgets on the state level, are making this work easier.

A recent report from FireEye, “World War C,” attempts to categorize origins of state-run cyberattacks according to the common fingerprints of each country.

Middle Eastern hackers often use deception, and are prone to rapid change. Attacks from Russia and Eastern Europe typically tie to regional conflicts. Cyberattacks from the United States are often extremely advanced, targeted, and clean.

Yet, China’s cyberattacks carry the traits of its conventional military. The report compares it to Chinese strategy during the Korean War, when many Chinese soldiers were sent to fight with only a handful of bullets, yet “Given their strength in numbers, they were still able to achieve battlefield victories.”

Chinese state-run cyberattacks also typically go after foreign state secrets and critical systems to fuel its military interests, or they go after intellectual property of foreign businesses to fuel its own economy. Its list of targets has included the U.S. government, U.S. technology firms and arms developers, the business and finance industry, the American news industry, and U.S. gas pipelines.

“Some of these cyberattacks have given China access to proprietary information such as research and development data,” the report states. “Others offer Chinese intelligence access to sensitive communications, from senior government officials to Chinese political dissidents.”

Aside from their choice of targets, Chinese hackers have a common signature. They use mass numbers to obtain their objectives, and according to the report, “The attacks succeed due to the sheer volume of attacks, the prevalence and persistence of vulnerabilities in modern networks, and a seeming indifference on the part of the cybercriminals to being caught.”

Yet, what little noise from cyberattacks that makes it into the public sphere is comparable to distant gunshots from a battle taking place—and the battlefield is constantly changing.

Recent attacks from China show that not only have military hackers developed more advanced tools to aide their attacks, but groups of what appear to be state-sponsored hacker mercenaries are also being uncovered.

Changing Environment

In 2011, the Pentagon categorized cyberspace as a battlefield comparable to land, sea, and space. In September, Gen. William Sheldon, commander of the Air Force Space Command, said during a conference, “I call this an inconvenient truth for some, but cyber is increasingly a war-fighting domain. It’s interwoven into everything we do in military operations.”

Geers said there is a level of tolerance when it comes to state-sponsored espionage on government and military targets. But China and Russia, in particular, cross the line by going after intellectual property to undermine foreign economies and benefit their own.

During a 2012 congressional hearing, Rep. Billy Long (R-Mo.) said, “China and Russia have official government policies of stealing U.S. assets for economic gain.”

Yet, as the cover of anonymity disappears and cyberspace is increasingly recognized as grounds for war fighting, tolerance for online theft may soon fade.

Recent events have shown that public attention does affect the activities of China, in particular. When security company Mandiant released a report in February, which traced advanced cyberattacks launched since 2006 back to the Chinese military, the hacker group responsible, dubbed “Comment Crew,” went dormant for several months.

Geers believes that pressure on China, in particular, may soon change the landscape.

“I think that over time it will be more difficult to be so noisy in cyberspace,” he said. “Because it will be more of a diplomatic, economic, and media issue maybe more so than they want.”

Follow Joshua on Twitter: @JoshJPhilipp