Garvan Walshe: China’s cyber attacks betray Beijing’s attitude to international security
Follow Garvan on Twitter.
As Argo and Zero Dark Thirty battled for votes at the American Academy of Motion Picture Arts and Sciences, another real-life spy story emerged. Its adaptation, produced by the Taiwanese NME came too late to be nominated for Best Animated Film. Their superbly sinister pandas, metonyms of the Middle Kingdom’s “democracy with Chinese characteristics,” will have to wait longer for the exposure they deserve.
I refer, of course to the news, or rather the confirmation of what, as they used to say say in Belfast, “the dogs in the street” had known for years, that the Chinese military has been conducting a campaign of hacking against Western companies and infrastructure systems to obtain technical knowledge, negotiating strategies, and other intelligence. Beijing has, as expected, denied it. But as the security firm that exposed the hacking concluded, either the People’s Liberation Army’s unit 61398 was engaged in exactly that, or:
A secret, resourced organization full of mainland Chinese speakers with direct access to Shanghai-based telecommunications infrastructure is engaged in a multi-year, enterprise scale computer espionage campaign right outside of Unit 61398’s gates, performing tasks similar to Unit 61398’s known mission.
Two things emerge from this. The first is the need for a bit more common sense from all of us. Unit 61398’s attacks relied overwhelmingly on a technique the information security industry calls “spear phishing.” This is where someone sends you an email with a link to an attacker’s website in it, or asks you do download a plausible but compromised attachment, which then installs malware on your PC. It’s the basic scam technique shared by purported Nigerian princes, hugger-muggers and burglars who ask to use your loo at four in the morning, and it’s important to be on your guard. Even if your company employs the best IT security people in the world, they won’t be able to stop scams of this kind.
The second is the same, but on a larger scale. The whole Chinese economy appears vast and plump, ready to be harvested. It’s very easy to imagine enormous profits to be made from selling to individual consumers, or, given China’s low consumption and high investment rate, from obtaining Chinese government contracts. But China, reasonably enough, has its own interests to pursue. Its people see themselves, very broadly, as heirs to a once great country that was carved up by foreign powers. The Opium Wars, the crushing of the Boxer rebellion and of course, the brutal Japanese occupation provide them ample justification. Now that China’s surging forward again, they ask “Who are the Westerners to tell us to follow their rules?” Its easy to see how hacking and cyber-warfare could command legitimacy in their eyes.
It would make about as much sense to cut ourselves off from trade and investment in China as it would to cut ourselves off from email. There are deals to be done to everyone’s advantage. Globalisation has brought huge improvements to Chinese’ standards of living, and fostered cultural exchange and progress. But despite its economic dynamism, China isn’t a free country. Its ruling authorities don’t share our values. Nor is China a small country. The rules of the international system constrain it far more than they protect it. When it can, it behaves not like the United States we know, constrained by its the free world’s values but like the monstrous hegemon imagined by a certain kind of French intellectual.
If democratic countries stick together, and take the right precautions, we can do business with Beijing. But if we’re not so careful, if we’re seduced by the illusion that it will offer us a quick and painless way out of the recession in which we are mired, we’ll find that we’ve handed the password to democracies’ international security over to a regime dedicated to its overthrow.