Hacker using computer showing most cyber attacks on China are from U.S.
New CNCERT Report Shows Most Cyber Attacks on China Originate from United States by Nicole Lindsey

New CNCERT Report Shows Most Cyber Attacks on China Originate from United States

For years, U.S. politicians and top corporate executives have complained about Chinese cyber attacks on industrial and government targets located within the U.S. homeland. And now it looks like China is trying to flip the script on the U.S., alleging that the U.S. is conducting exactly the same types of cyber attacks against Chinese targets with a previously unseen intensity. In fact, a new CNCERT (China’s National Computer Network Emergency Response Technical Team) report suggests that the scale and intensity of the U.S. cyber attacks is starting to resemble an all-out cyber war against China.

Findings from the CNCERT report on U.S. cyber attacks

Two key findings from the Chinese CNCERT report particularly stand out as proof that the U.S. is now the primary overseas cyber adversary of China. One of these is the fact that U.S. servers are being used to implant viruses and carry out botnet attacks against Chinese computer assets. In 2018, 14,000 servers in the U.S. infected by a Trojan virus or botnet controlled 3.34 million host computers in China. This represents a nearly 90.8% increase in attacks on a year-over-year basis. Another is the fact that U.S. IP addresses lead the way as the origin of these attacks. In 2018, 3,325 U.S. IP addresses infected 3,607 Chinese websites.

And that’s not all. The CNCERT report found that U.S. cyber attacks also included all-out hacking attempts on Chinese computers. These attacks increased by 43% on a year-over-year basis in 2018. And U.S. cyber adversaries are now using apps to tap, steal information and analyze information from Chinese computers. This suggests that the U.S. cyber posture – at least, as it relates to China – has shifted from purely defensive to more offensive. That’s more than just mere speculation, given that the U.S. now has 133 different cyber teams engaged in different cyber activities, and that the U.S. has been very vocal about shifting to a more offensive cyber posture.

It’s now the case, according to CNCERT, that the most cyber attacks from overseas now originate in the U.S. If the numbers from CNCERT are to be trusted, it means that the U.S. has set up a massive network of command & control servers, ready to take over Chinese industrial, infrastructure or communications assets at a moment’s notice.

Cyber escalation and economic retaliation

The big question, of course, is whether these large-scale cyber attacks are being carried out as part of a broader trade war and economic rivalry between the United States and China. One suggestion that has been made is that the U.S. is intensifying its cyber attacks on Chinese assets to block China from achieving its long-term economic potential. Another suggestion is that the U.S. could be using cyber attacks as a way of applying pressure on Chinese, as a form of advanced trade negotiation tactics. In return for trade concessions, for example, the U.S. might back off on some of its cyber attacks.

At the same time, both the United States and China have been rolling out dueling cyber security laws and cyber-focused executive orders, designed to stymie each other from having too much power, influence or control over any infrastructure, grid or industrial targets with long-term strategic implications. China started the ball rolling with a 2016 cybersecurity law designed to protect the national security and sovereignty of the country, while giving the Chinese government plenty of leeway to crack down on any internal or external security threats. Recently, the Trump administration in the United States has been signing executive orders designed to black list or ban Chinese companies such as Huawei from getting their hands on U.S. technology. And China’s Cyberspace Administration has responded in kind, threatening to require government sign-off on any technology purchases or acquisitions that might impact Chinese national security.

So could all this economic rivalry eventually lead to a full-scale cyber war? The CNCERT report, by focusing on the massive scale and intensity of U.S. cyber attacks, seems to be making that suggestion. And, as the CNCERT report also makes clear, China will not sit back and simply be a victim of these cyber attacks. China is ready, the report says, for a “full-scale fight back.”

A new era of offensive cyber attacks

One thing is certain from the CNCERT report on U.S. cyber attacks – nations around the world are increasingly using cyber as both an economic weapon and a military tool to achieve strategic objectives. For smaller nations, cyber attacks enable an asymmetric response to much larger rivals. And for larger nations, cyber attacks give military planners and politicians another tool in the toolbox to exert influence, all without being forced to respond with military means.

The real risk, of course, is that all of these cyber attacks could soon spiral out of control, with many unanticipated consequences. Cyber attacks are notoriously difficult to attribute to a single, original source, and that raises the risk that a third-party nation-state (or rogue actor on the world stage) will attempt to get involved in the U.S.-China rivalry. What’s to stop Iran, for example, from getting involved in even more aggressive cyber attacks against the U.S., if it’s possible to somehow pin the blame on China?

A new cyber paradigm

Going forward, nations around the world will need to decide on the rules of engagement, and what types of cyber attacks deserve a proportional response from the victim.  For example, the Chinese cyber report primarily focused on Trojan viruses being used by the U.S. to gain control of Chinese computers and websites. That might be aggressive in nature, but does it really deserve a heavy-handed U.S. response? If the Trojan attacks start to take down part of China’s energy grid, though, then the policymaking dimensions would change dramatically. In that case, a U.S. cyber attack might even be designated an “act of war” if it leads to civilian casualties or loss of life.

It’s a bold new world for cyber. Defensive and neutral cyber postures are being replaced by more offensive postures and by even more insidious cyber weapons that can be nearly impossible to detect until it’s too late. For now, China and the U.S. have played their cyber games in the shadows. All bets are off the table if the cyber attacks continue to intensify in nature, scope and visibility.