Hacking With Chinese Characteristics

Fast Company talks to Adam Segal of the Council on Foreign Relations about state-sponsored and “patriotic” hacking, cyberespionage and cybersecurity in China.

FAST COMPANY: Could you give a short rundown of China’s suspected role in of both governments and corporations?

ADAM SEGAL: A number of fairly well-publicized attacks on U.S. governments and corporate interests with codenames like “Titan Rain” have taken place. In many cases, attribution to China is fairly speculative. In the case, it was supposedly traced back by IP address but in many cases it’s fairly suspect. But they are motivated primarily by espionage reasons–both military and industrial–and also in some cases, by preparing the battlefield. Looking at potential targets that would be used in a military scenario in case there was, in fact, conflict.

As far as preparing the battlefield, do you think it is mostly organized by the government, the People’s Liberation Army (PLA) and groups like that, or is it just bored kids with some sort of connection to government?

Well, that’s the $64,000 question in the Chinese context. The question is who is responsible for these things, even if you trace it back to China, is if they are bored or PLA members or criminals with ties to the PLA or PLA divisions acting criminally? We don’t really know. I suspect that the majority of the attacks and espionage on on the criminal side are by patriotic that have some sort of connection, maybe financial, to the PLA or the Ministry. In the cases of power grids and other cases like that, I suspect PLA affiliation, but there is no way to know.

Segal goes on to discuss the assumption in China that its systems have been compromised by American agencies, and the perception of Western corporations as “instruments of US policy”. This attitude arose recently in the Global Times’ argument that Cisco and HP should not be allowed to contribute to the controversial “Peaceful Chongqing” security program. Segal concludes that the China Model of internet security offers an attractive example to governments of other developing countries.