Dragon at the Gates

After 34 years studying Chinese and 27 years in the US military, retired Lt Col Bill Hagestad is careful to describe the middle kingdom's growing cyber capabilities not as a threat but a challenge.

“I'm a big fan of China”, he tells SC. “[But] we, as a world, are heavily engaged in cyber conflict from a variety of different perspectives from cyber espionage, governments and national secrets to commercial enterprises and intellectual property.

Chinese hackers have been a growing concern to the English-speaking world particularly the US and its allies since 2010, when China, Russia, Iran and the US set up their respective military cyber groups.

China accounted for 30 percent of data breaches in Verizons 2013 Data Breach Investigations Report, followed by Romania and the US at 28 percent and 18 percent respectively.

But while US and Eastern European hackers tend to break into systems for financial gain, Verizon described a majority of Chinese attacks as cyber espionage.

The Australian Financial Review reported this year that Chinese-developed malware was planted on Reserve Bank of Australia computers in 2011, but it was unknown if the malware was successful in capturing information.

Hagestad notes that there is no evidence that Chinese cyberattacks are government- backed, adding that hacktivists and run-of-the- mill cybercriminals are also involved. Indeed, former president Hu Jintaos 2010 instructions to Chinas generals and technologists appear to be more about defending the country's systems than attacking those of other nations.

“His words were to protect the critical infrastructure of China against foreign threats,” Hagestad says.

“The Chinese view, from Chinese- language computer magazines, is not one of wanting to attack the west. It's one of being afraid specifically of the United States after it created a cyber command to militarise the information domain. ”

“China has had some very difficult times with foreign militaries and commercial enterprises coming in and taking advantage of them as a country one could look back as far as the Mongols and the Opium Wars, for example.

“The Chinese do not want that foreign invasion to happen via the internet.”

What they have done is said, we are going to develop a military capability that gives us first-mover advantage in the cyber realm in order ‘we are going to develop a military capability that gives us first-mover advantage in the cyber realm in order to defend the middle kingdom against foreign threats’.” 

But even without official government backing, Chinese patriotism and culture may pose a cybersecurity challenge to the west. Hagestad warns of Chinese hacktivists who may turn their phishing, DDoS or website defacement attacks on any organisation spouting anti-Chinese rhetoric.

He highlighted attacks on websites in Japan and the Philippines last year over the controversial issue of which country claims sovereignty over Diaoyu and Huangyan Island.

“It’s a political, military and economy cyber challenge... to understand that if they are Chinese hackers, do we truly know where they are coming from and what they want?

“My greatest fear for Australia and the rest of the world is that these skills that are being associated with the Chinese military, for example, are used by Chinese cyber gangs for economic gain.

“I think it’s a combination of both, but once cyber gangs see that they can monetise [cyber attacks] and sell secrets to Chinese companies... they will do that. We may find ourselves working with the Chinese Government as a strong ally in terms of stopping all these attacks that are coming out of China.”

Copyright © SC Magazine, Australia