Skip to main content
  1. Home
  2. Web
  3. News

China is waging an undeclared cyberwar on the US … but now what?

By
China is waging cyberwar

If you think the timing of a damning report on China’s government-sponsored cyber-attacks on U.S. industry and government is a coincidence, think again.

The 60-page report (PDF) from cybersecurity firm Mandiant, for those of you who missed the media hellfire it sparked on Tuesday, blames the People’s Republic of China for widespread cyber-attacks and cyber-espionage on U.S. industry and government. Targets include companies like Coca-Cola, as well as companies that operate critical infrastructure, like electrical grids, oil and gas pipelines, and water supply.

Recommended Videos

The report, which was featured in a front-page story by The New York Times (a former client of Mandiant), pinpoints a 12-story office building in Shanghai which Mandiant researchers believe is home to “APT1,” one of “more than 20” similar hacker outfits supported or employed by the China’s People’s Liberation Army (PLA). The hacker contingent is officially known as “Unit 61398,” and has been labeled the “Comment Crew” or “Shanghai Group.” Mandiant even published video of one of the alleged APT1 hackers in action, an individual known as “DOTA” who creates fake Gmail accounts to launch spear-phishing attacks on targets – one of the primary weapons used by APT1, according to Mandiant.

“APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations,” reads the report, “and has demonstrated the capability and intent to steal from dozens of organizations simultaneously.”

This highly detailed report marks the first time a private company has explicitly called out the PLA as the source of a barrage of cyber-attacks on the U.S. It is also the first publicly available report to reveal exhaustive evidence – if not a “smoking gun” – to support accusations that China’s government poses a major threat to U.S. cybersecurity. Many people have talked about it over the years, few have provided something close to proof.

The Chinese government has firmly denied the credibility of the Mandiant report. “The Chinese army has never supported any hackings,” said China’s Ministry of National Defense in a statement to state-owned news agency Xinhuanet. The ministry also said the report was false and unprofessional.

Of course, this denial is neither new nor particularly believable. During the course of reporting various cybersecurity stories, I have personally witnessed real-time cyber-attacks on major U.S. businesses that originated in China. And the information in the Mandiant report has since been backed up by sources within the U.S. government and by a variety of other cybersecurity firms that have gathered similar data.

So the legitimacy of the Mandiant report is not really in question, whatever the Chinese government has to say about it. What did strike me as odd, however, was the timing of its release.

Since January 31, we have seen high-profile cyber-attacks by Chinese hackers on The New York Times, Wall Street Journal, Washington Post, and Bloomberg News. In the last week, we saw Chinese hackers blamed for infecting a developer’s website that resulted in malware infections at Facebook, Apple, and possibly Twitter.

We also saw President Obama call out cybersecurity as a major priority for the U.S. in the State of the Union address on February 12, and, earlier that day, sign an executive order meant to bolster U.S. critical infrastructure networks. Also that Tuesday, Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD) reintroduced the Cyber Intelligence Sharing and Protection Act (CISPA) – implicit support for which Mandiant CEO Kevin Mandia gave during a testimony (PDF) before the House Permanent Select Committee on Intelligence on February 14.

All of this felt eerily familiar. In the months that followed the September 11, 2001, attack on the World Trade Center and the Pentagon, our media and our government constantly bombarded us with evidence for why military action was necessary. Al Qaeda, weapons of mass destruction, and the hideous might of Saddam Hussein saturated our world. Talk of Chinese hackers, and the media reports surrounding them, in no way match the insanity churned up in immediate post-9/11 America. But upon reading The New York Times report about Mandiant’s findings in the wee hours of Tuesday morning, I couldn’t help but wonder: Why now?

“We felt like there’s a bunch of things coming together at the same time,” Richard Bejtlich, Mandiant Chief Security Officer, told me during a phone interview. “Our CEO Kevin Mandian just testified before the House Permanent Select Committee on Intelligence last week all about information sharing. This is what we’re doing; we’re sharing information.”

Bejtlich also points to Obama’s executive order, and the admission by the Times and other news outlets that Chinese hackers had infiltrated their networks, as an indication that “this is the time to let the world know what we know about this one group.” Furthermore, he said, “We had heard through some back channels that there’s some support for less observation of the fireworks – in other words, just watching companies get hacked – and more putting the message out there that this isn’t acceptable, and doing something about it.”

So, what does “doing something about it” look like? According to the Associate Press, the Obama administration has already begun “eyeing fines, penalties and other trade restrictions as initial, more-aggressive steps the U.S. would take in response to what top officials say has been an unrelenting campaign of cyber-stealing linked to the Chinese government.” Hawks, like former FBI executive assistant director and current president of cybersecurity firm CrowdStrike Shawn Henry, are calling for even more aggressive action.

“If the Chinese government flew planes into our airspace, our planes would escort them away. If it happened two, three or four times, the president would be on the phone and there would be threats of retaliation,” Henry told the AP. “This is happening thousands of times a day. There needs to be some definition of where the red line is and what the repercussions would be.”

Others have linked the current situation between the U.S. and China as something akin to the Cold War between the U.S. and the Soviet Union – an analogy Bejtlich echoed during our conversation.

“For those of us that remember the Cold War, we had this sort of mindset that it’s expected that the Russians are out there, and that they had a certain world view, and there’s certain things that they do, and we deal with them in a certain way,” said Bejtlich. “We’re not in a Cold War now, thankfully, but we are in a different sort of conflict.”

In an interview with CNN, former CIA and Homeland Security official Chad Sweet also equates the current U.S.-China relationship to the Cold War – but adds that the dangers of this conflict could be even more severe.

“We’re essentially facing a new Cold War – a cyber Cold War,” he said. “The destructive capacity is equal to that of a nuclear warhead … But what makes it more sinister than the nuclear age is that there’s no easily identifiable plume.”

The U.S. government’s view on the severity of cyber-attacks was made most clear last October, when Defense Secretary Leon Panetta warned that the U.S. could face a “cyber-Pearl Harbor.”

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” said Panetta. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Why passenger trains would be loaded with lethal chemicals, Panetta did not say. But the message is clear: cyber-attacks are serious business. And the Mandiant report further promotes this worldview.

Now, I won’t pretend for a second to understand the massively complicated relationship between the U.S. and China, or the degree to which the Mandiant report complicates those ties even further. But as a citizen witnessing the sudden deluge of activity surrounding cybersecurity, I can’t help but wonder – and worry – about where all this is headed.

The passage of legislation like CISPA – a bill civil rights advocates see as a threat to our Fourth Amendment rights – seems all but certain. But then what? How does the Internet change for everyday people once it’s become an officially declared battleground of the world’s two most powerful countries? I have no idea, and have yet to find an answer. One can only hope that when that answer comes, it will be a good one. For now, we wait.

Andrew Couts
Andrew Couts
Former Digital Trends Contributor
Features Editor for Digital Trends, Andrew Couts covers a wide swath of consumer technology topics, with particular focus on…
A new Best Buy sale just started – our 11 favorite deals
Presidents Day sales with electonic devices packed in open boxes.

If you've been looking to do some shopping recently but haven't found the best time, you're in luck! Best Buy has just started an excellent weekend sale with many different products, but, to help save you some hassle, we've collected our 11 favorite deals from the bunch, ranging from robot vacuums to gaming laptops. So, without further ado, let's dive right in!
Shark ION Robot RV761 -- $143, was $260

If you're looking to dip your toes into robot vacuums without spending a lot, the Shark ION Robot RV761 falls within the Shark Ion 700 range and has a few nifty features, making it a good starting robot vacuum. For example, it has a triple brush mechanism that makes it great for picking up pet hair and does relatively well on carpeted flooring. It also has its own that allows you to schedule and control it to fit your schedule, and it comes with sensing technology that lets it avoid bumping into things. On the other hand, it doesn't have home mapping, which is great for the privacy-minded, but that does mean the occasional bump does happen. The Shark ION RV761 has about 90 minutes of battery life before it takes itself in for recharging.

Read more
When is Prime Day 2023? Dates confirmed for the shopping event
Best Prime Day 2022 Deals graphic with multiple products.

After weeks of speculation, we finally know when Prime Day 2023 is kicking off. Amazon has announced that the event will start July 11 at 3AM ET and will run through July 12. As always, Prime members can score some fantastic deals from the sale with popular brands like Peloton, Victoria's Secret, YETI, and Sony just some of the names being touted by Amazon as featuring in the big sale. Members will also be able to shop more deals on small business products than ever before too. As always, expect great discounts on Amazon-owned properties like Kindles, Ring doorbells, Amazon Echo units, and so much more. It's the sale we've all been waiting for since Black Friday.

The Prime Day deals promise to drop every 30 minutes during select periods with deep discounts expected. Select discounts on other Amazon-related things are already available such as 20% off in-store purchases at when you spend $50 or more and . It's a small taste of what is no doubt to come with other Amazon properties likely to see discounts.

Read more
Another big sale is happening at the same time as Prime Day
A variety of electronic devices in open boxes.

Target just revealed that Target Circle Week will run from July 9 to July 15, overlapping with Amazon's Prime Day that's scheduled for July 11 to July 12.

The big sale event will be open to members of the retailer's Target Circle loyalty program, who will be able to receive discounts of up to 50% for certain items. If you're not yet a member, don't worry -- you can join at any time, and membership is free. Once you've signed up, you'll be able to earn 1% from every purchase to redeem at a later time, access exclusive deals, and get 5% off for your birthday, among other benefits.

Read more