The scale of the recent attack by Chinese Hackers on Microsoft’s e-mail server far exceeds that of the Russian attack a few months ago. Whether the bottom line set by the Biden administration on previous Russian hacking attacks will also apply to this Chinese attack is a difficult question experts say the White House will have to answer. Experts say the U.S. does not lack the means to respond, but its counterintelligence efforts have historically been driven on a case-by-case basis, lacking overall strategic thinking, while Xi’s “military-civilian integration strategy” could use research from Chinese civilian educational institutions to strengthen the military’s hacking capabilities.
Microsoft announced on March 2 that Hafnium, a government-backed hacking group operating outside of China, exploited a software program vulnerability to conduct multiple attacks on Microsoft email servers, remotely controlling the servers and stealing data from the victims’ computer systems.
This is the second major global Cyber Attack in as many months. The last Time was last December, when a Russian attack on SolarWinds servers damaged nine U.S. federal agencies and hundreds of companies.
This time, U.S. officials said, Chinese hackers breached about 30,000 servers in the U.S. and about 250,000 servers worldwide. The U.S. was attacked mainly by small and medium-sized organizations, “and we’re talking about thousands of servers being compromised per hour globally.” U.S. officials said.
“If you consider an organization, a large corporation, how many people work there, how many people in the company use e-mail, multiply that by 30,000. That’s a massive, massive breach,” said Dakota Cary, a research analyst at Georgetown University’s Center for Security and Emerging Technologies.
A security official involved in the investigation was quoted in the Wired report as saying that the scale of the global breach by Chinese hackers was “astronomical.
“China’s behavior is very irresponsible. When they knew the vulnerability could be fixed, they quickly scaled up the attack and left a Web Shell on the computer – some malware they could return to later and access, with password protection.” Ray Carey added.
In response to the massive Chinese hacking attack, the White House is taking a whole-of-government response, establishing a unified and coordinated response that includes the FBI and the Cybersecurity and Infrastructure Security Agency to assess and address the damage caused. “This is an active threat that is still developing, and we urge network operators to take this threat seriously,” the White House official said.
The Biden Administration believes that the indiscriminate attacks by Russian hackers have “crossed the line” and that the scale of this Chinese hack far exceeds the former, even as it appears that the Russian attack was a “measured espionage operation,” said Reichner.
“So the question for the Biden administration is, where do we draw the line?” Reichary said. “That’s a question they have to answer for themselves.”
Secretary of State John Blinken said March 3 of President Biden’s policy toward China that Washington will “compete with China when we should, cooperate with it when we can, and confront it when we have to,” while noting that in either form “we have to be in a position of strength to engage China.”
“I think the Biden administration will probably adopt a more confrontational policy.” said Winston Ma, formerly head of the North American office of China’s sovereign wealth fund China Investment Co. and now a visiting professor at New York University School of Law.
Ma’s new book “Digital War” (Digital War) about the U.S. and China in a number of areas, including 5G, chip manufacturing, artificial intelligence, big data and other areas of competition. He believes that the U.S. and China will seek a negotiated solution in the access to data and chip disputes.
U.S. should legislate to cut off Chinese and Russian hacking options
The Biden administration has ready-made options to counter Chinese hackers and ensure cybersecurity, according to Reichary. The two cyber attacks by China and Russia have one common feature: they were both carried out within the United States using U.S. servers, said Reichary.
“That’s really an important operational trick,” said Rekeri, which allowed them to circumvent the NSA’s excellent defenses because “the U.S. doesn’t allow the NSA to collect information within our borders.”
But it also gives U.S. policymakers an excellent opportunity to “make it very simple,” said Reichary, citing the U.S. government’s “Know Your Customer” rule in the financial sector. It’s very simple,” said Reichard.
Similarly in the Web space, says Ray Carey, “if a server is to be purchased, or at least a server is to be purchased, the purchaser must show some form of identity to the provider. We have to know who is buying what. Then the business retains that information. If the government needs to conduct an investigation, it can ask the business to provide that information.”
“That would be taking away the option that China and Russia want to exploit. It would be a huge win for the defense of the United States.” Reichary said.
On Monday (March 8), Democratic U.S. Rep. Colin Allred (D-TX) of Texas introduced the Homeland and Cyber Threats Act (HACT Act) with his bipartisan colleagues. The bill would allow Americans to bring claims in federal or state court against foreign governments that launch or participate in cyber attacks against the United States.
U.S. and Chinese Intelligence Agencies Are Completely Different in Nature
Kenneth E. deGraffenreid, emeritus professor at the Institute of World Politics, has been involved in intelligence and counterintelligence-related work for more than 40 years. He said that the biggest problem with the U.S. response to the Chinese intelligence and counterintelligence threat is that it is Case Driven and lacks a strategic perspective. And that has to do with the U.S. lack of understanding of the nature of the Chinese Communist Party‘s intelligence services.
“The Chinese revolution, like the Soviet Union, was a conspiratorial political movement, a revolutionary political movement,” DeGraffenreid said. After events such as the 1927 Nationalist massacre that nearly wiped out the Chinese Communist Party, “the idea of being wiped out and effectively eliminated made both the Bolsheviks and Mao’s army and their co-conspirators aware of the importance of intelligence and counter-intelligence covert work and infiltration in rival organizations.”
DeGraffenreid said, “For the United States, intelligence is a necessary part of the tools of foreign policy, but it is not, to be sure, central to our foreign policy. As a result, the large organizations of U.S. intelligence and their missions are somewhat constrained in terms of their objectives. “
But intelligence, he said, “is a matter of Life and death for the Communists. I think the underpinnings of their intelligence operations come from their history.”
DeGraffenreid, who served as deputy assistant secretary of defense for policy, deputy national counterintelligence executive and deputy special assistant to the president for national security in the Reagan administration, said Communist intelligence also has a distinctive Chinese cultural heritage that differs from that of the Soviet Bolsheviks – a combination of fraudulent techniques from Sun Tzu’s Art of War 500 years ago.
“This is an important factor in thinking about the shape of Chinese intelligence and the role it plays in the Communist Party.” DeGraffenreid concluded. “They are not an adjunct, they are not a service function, they are a pillar, like the KGB in the Soviet Union in the past,” DeGraffenreid said, adding that intelligence is a “sword and shield” for the Communist Party to defend its rule.
Chinese Communist Party intelligence poses fundamental challenge to U.S.
DeGraffenreid said the Chinese Communist Party’s intelligence activities “are a fundamental challenge” to the United States. If the U.S. doesn’t understand it at this level, then “it’s very difficult to do anything other than respond in a piecemeal fashion.”
“Most of our counterintelligence efforts today are still case-by-case, where if there is an indication of espionage, the FBI starts an investigation and treats it as a case by case basis or calls it a tactical issue. But at the strategic level, there is no indication that we have taken the threat posed by China at the strategic level seriously in terms of cybersecurity, technology transfer, cultural infiltration, and all the other activities that are prerequisites for taking it seriously. In most cases, U.S. intelligence and counterintelligence efforts have not acted strategically.” DeGraffenreid said.
The White House warned of the seriousness of the problem immediately after the Chinese hack was reported and urged any U.S. companies and individuals affected by Microsoft servers to immediately implement procedures provided by Microsoft to patch the vulnerability.
While CNN reported that the White House would set up a government-wide response, it only quoted anonymous officials and has yet to provide a public account.
Beijing‘s response, initially asking Microsoft to produce evidence and then refusing to acknowledge it when Microsoft presented it a few days later, argued that “China has always firmly opposed and cracked down on any form of cyber attacks and cyber theft in accordance with the law.” It also said that linking the attack to the Chinese government “is a highly sensitive political issue.
Study: China uses university research to help cyber hackers improve their capabilities
Kerry Lei is a research analyst in artificial intelligence and hacking at Georgetown University’s Center for Security and Emerging Technologies. His study of six Chinese universities, published this week, shows that a key aspect of Xi’s “military-military integration strategy” is to use Chinese university research institutions to help improve the functionality of China’s cyber hacking activities.
“My report shows that the Chinese government is already using universities to conduct cyber operations and research on functions that can be used for hacking,” said Reichary, whose research focused on those universities doing research related to artificial intelligence, machine learning and cybersecurity. “In some cases, they’re operating out of universities, and those institutions are now advancing research that can be used for state-sponsored hacking activities.”
The Cyber Countermeasures and Information Systems Security Testing Project at the Shanghai Jiao Tong University Research Center is looking at features that use machine learning and artificial intelligence to find vulnerabilities in software programs, said Ray Carey. “These capabilities can exist in any software they choose to study, and then those vulnerabilities can be handed off to operators who can weaponize them, as we’ve seen in recent attacks.”
Reckery said civil-military fusion is a powerful strategy available only to totalitarian governments, and “its risk to the United States can be as broad as any aspect of the threat, and anything we have on the Internet is inherently within the threat of such behavior.”
Reichary said the people working on cybersecurity in the White House and in this administration are very talented and “without question, the best in the field. ” “I have full confidence in our government’s ability to investigate and determine the appropriate response. And I think that’s already underway.”
Still, he believes the White House must take the time to answer the question, which he finds difficult to answer, of whether the previously set bottom line is still valid for this attack on Chinese hackers.
Zhang Jiadun, a commentator and author of the book “China’s Impending Collapse,” tweeted, “From cyber attacks to attacks on our domestic institutions, the Chinese regime has an overwhelming power over the United States. To save ourselves, we must remove Beijing’s points of contact (pockets of contact) in our society until we are certain we can protect ourselves.”
Microsoft has significant business opportunities in China
However, the complexity of the U.S. and China on cybersecurity issues triggered by this Chinese hack can be seen in Microsoft’s situation. On the one hand Microsoft is being targeted by Chinese hackers as the biggest victim, and on the other hand Microsoft itself has significant business interests in China.
“Microsoft is still expanding in China and has significant business in China,” said Wenyan Ma, who was head of the North American office of China’s sovereign wealth fund China Investment Co. and is now a visiting professor at New York University School of Law.
Mawhinyan said there is no doubt that the hack is a very difficult issue for Microsoft. But he also said Microsoft is developing its cloud business in China through a joint venture program, “and in fact Microsoft plans to expand its cloud business in China in the next year or two. So I think it looks like Microsoft is actually continuing to work with China on data management and cloud security, cloud cybersecurity.”
Recent Comments