Commentary
Near the bottom of the totem pole that the tech world has become are frustrated hackers from China making less than $1,000 per month.
Employee gripes might have led to the leak from I-Soon on GitHub of more than 570 files, many of which are highly embarrassing to the regime in Beijing. They detail the Chinese Communist Party’s (CCP’s) targeting of at least 40 countries, including the UK, South Korea, India, Malaysia, Thailand, Hong Kong, and Taiwan.
“Information has increasingly become the lifeblood of a country and one of the resources that countries are scrambling to seize,” a leaked I-Soon document reads. “In information warfare, stealing enemy information and destroying enemy information systems have become the key to defeating the enemy.”
GitHub is used by software developers around the world, including in China. It is one of the best places for mass communication with people there because it is relatively beyond the reach of Beijing’s sensors. Hackers and computer programmers worldwide frequent the site and communicate there with relatively few restrictions. Anyone else can also use the site, for example, to upload books and articles banned in China (full disclosure: I did this once).
Beijing apparently made a decision to allow its citizens access to GitHub because the tradeoff between free code and other available information there is seen as a net positive for the CCP. However, the risk to the CCP of allowing access to GitHub is now clear. Hackers and others can protest their work conditions by leaking troves of data that expose the crimes of the CCP and become front-page news around the world. (For the sake of freedom and democracy, let’s hope they do more of this soon.)
The latest data leak, covered by news organizations on Feb. 22, is a rare window into the world of hackers who work for the CCP through cyberespionage and attempt to steal data on everything, from international flight passenger manifests to NATO secrets.
The I-Soon leak is also the latest evidence that Beijing is globally and exponentially increasing its cyberattacks, including against the United States and U.S. allies. In the United States, utility companies are one of the primary targets. Some of the Chinese regime’s attacks against U.S. utilities involve pre-place malware that sits dormant until needed by the People’s Liberation Army (PLA), for example, to bring the United States to its digital knees in case of war over Taiwan. Other attacks extract big data for the commercial advantage of the Chinese military and Chinese companies over competitors abroad. The advent of artificial intelligence will make the aggregation of all this data far more useful to the CCP.
President Joe Biden and his administration are taking at least some much-needed preventative measures, including a proposed $20 billion to improve port security. They are too little, too late in some respects, and in other respects, they may be spending too much for too little. But better late than never; nothing is ever perfect, especially in government.
The most recent Biden administration plans are to improve port security by replacing China’s ship-to-shore cranes used to move containerized cargo. The cranes are highly vulnerable to hacking from China because Chinese software is embedded deep in their structures. As the manufacturer of the cranes, the CCP can relatively easily steal data. Much of the data may already be provided to China by hapless users who tend to share way too much for the convenience of quick installation of smart Internet of Things (IoT) gadgets such as cranes that can be operated remotely from the office (or from Beijing).
The U.S. military apparently believes that Beijing could, in fact, be stealing its shipping data. This includes sensitive information on the shipment of munitions or drones, for example, that would alert the PLA to future U.S. military operations. Astonishingly, the U.S. Navy must now avoid 80 percent of U.S. ports and those internationally that use Chinese cranes. Various U.S. government agencies and politicians have apparently been asleep at the wheel or paid off by corrupt port lobbyists to have let the issue degrade to this level.
Removing China’s virtual access to American shipping systems is long overdue. Given the ubiquity of Chinese software in America’s IoT—in which everything from lightbulbs to self-driving cars could be hacked and controlled remotely—much more than just the replacement of cranes is needed. The Biden administration has proposed a drop in the bucket where we need to remove almost all of China’s software from the United States, root and branch.
