South China Morning Post
Advertisement
Advertisement
The US has accused China of being behind the attack on a Microsoft email platform. Photo: Shutterstock
Opinion
Gal Luft
Gal Luft

How the US shot itself in the foot with indictment against Chinese ‘hackers’

  • The details in the indictment against the Chinese nationals were most likely obtained by a US government hacking operation
  • China is hardly an outlier in a world where cyberspying and hacking is what modern intelligence agencies in all countries are paid to do
Gal Luft
Gal Luft
Why you can trust SCMP

Cyberattacks can be divided into two categories: those conducted by criminals typically for monetary gain and those executed by state agencies and their proxies for national security and economic reasons.

The distinction between the two is consequential. Governments are responsible for cybercrimes emanating from their territory and are obliged to identify, investigate and punish the perpetrators. A state-sponsored cyberattack is a whole different matter.

A hack that is the work of a government would be an act of aggression inconsistent with the United Nations Charter and justifies condemnation and even retaliation.

The Biden administration would like us to believe that the recent cyberattack on Microsoft Exchange, a popular email platform used by corporations worldwide, belongs to the latter category.
It may be true, but to date no evidence has been produced to prove that the Chinese state is behind the hack. This did not stop Washington from mobilising its Five Eyes allies, Japan, Nato and European Union members to condemn China for it.

02:44

US, Britain and EU accuse China of sponsoring massive Microsoft email server hack

US, Britain and EU accuse China of sponsoring massive Microsoft email server hack

Interestingly, in the same week the Microsoft Exchange scandal broke, Microsoft announced that its Windows operating system had been exposed to an attack caused by malware developed by a private company in Israel.

No one in Washington hinted that the Israeli government should be held accountable for a hack. But, when it comes to China, the possibility of independent actors conspiring to commit a cybercrime is not even on the menu of options. We are expected to believe that all 1.4 billion Chinese work for the Communist Party, and no stroke on a keyboard is possible without the approval of Beijing.

To make the case for Chinese culpability, again without providing any evidence, US Secretary of State Antony Blinken pointed to China’s Ministry of State Security as being responsible for the Microsoft hack.

And, with remarkably convenient timing, the US Department of Justice unsealed a grand jury indictment on a completely unrelated case involving four Chinese nationals – three of them believed to be employees of a company based in Hainan province, said to be a front for the ministry – who between 2011 and 2018 are claimed to have conducted cyber intrusions into dozens of countries, including the US.

The decision to unseal the indictment against defendants who will never set foot in a US courtroom at the same time as the explosion of the Microsoft hack story was meant to conflate two completely unrelated cases and cause the world to believe that all attacks originating from China must be the work of the Communist Party.

In claiming that Ministry of State Security agents “fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain”, Blinken suggests that when it comes to China there is a third category of cyber attackers, hybrid ones, who work for the government while trying to enrich themselves on the side through criminal activity.

US Secretary of State Antony Blinken delivers remarks at the National Security Commission on Artificial Intelligence Global Emerging Technology Summit in Washington on July 13. Photo: Reuters
In unsealing the indictment against the Hainan group, the US government shot itself in the foot. Reading the 30-page indictment, one can find unusually detailed information about the communications between the three ministry agents and the hacker they employed, including their personal photos, tactics used, the exact dates each malware was installed, even details about performance rewards they received.

What are the hacking accusations against China?

This begs the question of how such sensitive data, spanning a period of nearly a decade, about the life and work of Chinese spies, was obtained by the Department of Justice to begin with.

Ministry of State Security agents do not conduct their business using US-based servers, Gmail addresses or digital communication, which can be obtained through standard FBI search warrants. Such data could have only been obtained through US government hacking operations.

07:30

Why China is tightening control over cybersecurity

Why China is tightening control over cybersecurity
Department of Justice indictments of Chinese nationals, of which there are plenty courtesy of the department’s China Initiative, are rife with quotes from electronic communications among Chinese co-conspirators.
When the FBI wants to investigate US-based suspects, it can easily obtain a search warrant or issue a subpoena on a phone company or email provider, but when it seeks similar data from a Chinese national who is using a Chinese email provider, or messaging service like WeChat, the only way to obtain the data would be through brute hacking by the US intelligence community.

This means that the US blames China for the very same tactics the National Security Agency and CIA routinely use.

In 2013, the world was shocked by Edward Snowden’s revelations about the NSA’s illegal mass spying on millions of people around the globe including German Chancellor Angela Merkel. And, this year, it was revealed that Denmark helped the US spy on European officials.

How China’s surveillance state was a mirror to the US for Snowden

It should come as no surprise that a country which invests so much in spying on its friends would also want to spy on its adversaries.

Like it or not, cyberspying and hacking is what modern intelligence agencies of all countries are paid to do.

That’s the world we live in. Washington’s attempt to portray China as an outlier, a cyber empire which poses a unique threat to global security and therefore deserves condemnation and reprisal, is another arrow in a quiver of misrepresentation and hypocrisy – a pot calling the kettle black.

Gal Luft is co-director of the Institute for the Analysis of Global Security and professor at Ostim Technical University, Turkey

39