China hypocritically attacks the US for "upping the ante" on cyberwarfare arms race
The United States isn't the only superpower that gets a little hypocritical when the topics of cyberwarfare or cyberespionage are brought up. China's defense ministry also condemns others' actions while the country builds up its own hacking abilities.
Geng Yansheng, a defense ministry spokesman, recently said that the US' new cyberwarfare policies will "further exacerbate contradictions and up the ante on the internet arms race" and said China is "concerned and worried about this."
Geng is referring to the Pentagon's new official cybersecurity strategy, which was revealed earlier this month. That strategy makes it clear when the US might consider launching an offensive cyber operation against another country.
So that's what the US has done in the last month. But what's been revealed about China's operations in the same time period? A lot more than a document meant to intimidate other countries with veiled threats and defensive posturing.
First there was the revelation of the Great Cannon, a tool related to the Great Firewall that controls the portions of the Internet accessible in mainland China, which was used to attack GitHub. As I wrote when the tool was revealed to the public:
Citizen Lab reports that the Great Cannon is similar to, but separate from, the Great Firewall. It works by intercepting unencrypted traffic headed toward servers in China, redirecting the traffic to the government’s intended target, and using it to overwhelm whomever’s on its receiving end of its blast.
The researchers say the Great Cannon represents 'a significant escalation in state-level information control' because it might normalize the 'widespread use of an attack tool to enforce censorship by weaponizing users.' China now has both a wall to keep out its enemies and a cannon to obliterate its targets. Then there was the news that a hacking group thought to be related to the Chinese government demonstrated offensive capabilities years before the techniques became popular knowledge. I wrote about that hacking group, too:
The cybersecurity company FireEye reports that a group it calls APT 30 has targeted these countries with more than 200 different kinds of malware since at least 2005. The group is also said to have infected air-gapped networks — which put physical space between the secured network and any unsecured connections — in 2006, predating what were once thought to be the earliest known examples of those attacks demonstrated by Russian hackers in 2008.
The group’s targets possess 'information that most likely serves the Chinese government’s needs for intelligence about key Southeast Asian regional political, economic, and military issues, disputed territories, and discussions related to the legitimacy of the Chinese Communist Party,' FireEye claims. So between the US and China, one country revealed a new cybersecurity policy while the other introduced a new weapon and was blamed for sophisticated attacks. Which of those two countries seems more intimidating or worrisome?
Of course, that isn't to say that the US isn't engaged in questionable activities. The Great Cannon is thought to be modeled after a similar weapon designed by the National Security Agency. Moreover, many of America's operations are done is secret, and so the country is likely up to much more than the public knows.
But it is a little funny to watch these two superpowers express concern about the others' activities when they're both doing pretty much the exact same thing. And it's some of the most hypocritical political theater the world has seen since the Cold War.