Recently, the U.S. and Chinese governments have been arguing over the creation of tariffs that would place a tax on exports. According to CNN, this particular trade war is the outcome of accusations made by American companies against China, of which the allegation that “China uses “cyber intrusions” into U.S. commercial networks to spy on U.S. commerce” is one of the most common.
In 2015, the U.S. and Chinese governments signed an agreement to stop supporting cyber-enabled intellectual property theft against organizations within each other’s borders. However, in March 2018, FireEye, an enterprise cybersecurity company, revealed that Chinese hackers known as “TEMP.Periscope” or “Leviathan” after having been dormant for the past few years, reemerged last summer and have resumed their attacks. These hackers appear to be collecting information on South China Sea issues by targeting maritime- and engineering-focused entities in the United States. According to FireEye, it appears that although the group is not linked directly to the Chinese government, the information being collected would be extremely valuable to the Chinese Navy.
While many see this trade war as essential if President Trump is to deliver a promise made during his campaign— “Hillary Clinton unleashed a trade war against the American worker when she supported one terrible trade deal after another – from NAFTA to China to South Korea. A Trump Administration will end that war by getting a fair deal for the American people. The era of economic surrender will finally be over”— we can’t help but wonder — will this lead to the next government organized cyberwar?
Significant Cyber Incidents in the China-U.S. Saga
This is not the first time that China has been accused by America of cyber sabotage. Below are the most significant cyber incidents in the China-U.S. saga.
Titan Rain 2003
2003 saw one of the most sophisticated government-organized attacks of the 21st century. It was in this year that the federal government of the U.S. uncovered a multitude of coordinated cyber-attacks on computer systems across their borders. These attacks are believed to be state-sponsored attacks carried out by the Chinese government themselves. These attacks not only targeted the US’s Department of Defense but, also British systems.
This series of attacks, dubbed “Titan Rain” by the US government, is believed to be an organized attack by the People’s Liberation Army (PLA).
Operation Aurora 2010
In 2010, Google was the first among 30 other companies including Symantec, Adobe Systems, and Yahoo to report a targeted attack which aimed at stealing source code originating from China. American experts then connected these attacks to other cyber espionage against financial, commercial, military, research, and various other corporations. This attack was named “Operation Aurora” by the Vice President of Threat Research at McAfee, Dmitri Alperovitch, following the discovery of “Aurora” in two of the malware binaries that were associated with the attack.
The Chinese government immediately denied the accusations made against them, despite the fact that a large number of private cybersecurity firms also found large amounts of evidence of cyber-espionage originating from China.
NSA Leak 2013
It was revealed in 2013 that the U.S. government had successfully hacked into a Chinese mobile phone company to obtain text messages. This information was revealed by Edward Snowden, a former systems administrator for the Central Intelligence Agency (CIA) and a counterintelligence trainer at the Defense Intelligence Agency (DIA). He also revealed that the United States government had spied on China’s biggest research institution, Tsinghua University, from which the data of millions of Chinese citizens could be mined.
According to the documents provided by Snowden, the NSA has also invaded China’s largest telecommunications company and telecommunications equipment maker in the world, Huawei, in order to surveil computers and telephone networks through the technology they sell.
There are a large number of politically driven cyber-attacks around the world, affecting countries like the U.S., Estonia, Georgia, and Iran. Some of the biggest attacks are:
A malicious computer worm, Stuxnet, targeted supervisory control and data acquisition (SCADA) systems and caused substantial damage to Iran’s nuclear program. Stuxnet was first discovered in 2010, although it is believed that this worm had been in development five years prior to its discovery.
Through a USB flash drive, this worm could spy on industrial systems and even cause fast-spinning centrifuges, used to separate nuclear material, to rip themselves apart— all through three phases:
- Targeting zero-day flaws in Microsoft Windows systems and networks
- Seeking out Siemens Step 7 software (windows-based program)
- Compromising the programmable logic controllers (PLCs)
Although it has not been confirmed, there are many speculations that this cyber-attack was orchestrated by a partnership between America and Israel.
An attack on the Saudi oil industry in 2012, a computer virus known popularly as “Shamoon” or “Disstrack” is possibly the world’s first solely destructive cyber weapon. The virus spreads to a whole network transporting data from the system to the attacker and then overwriting the master boot record of the system making it unusable. Shamoon came to be known as one of the biggest hacks intended solely for cyber warfare in history.
This attack was carried out by a group that called themselves “the Cutting Sword of Justice,” and resulted in the damage of 30,000 systems of a Saudi oil firm.
While the US and China play a dicey game of cyber retaliation, they have so far only instigated a trade war. However, if the conflict escalates to a physical war, it is inevitable that the first shots fired will originate in a computer.
Is this the beginning of a new “Operation Aurora”? Let us know what you think in the comments below!