The latest round of leaked cables that Charlie Howell wrote about a few days ago contained some compelling information about the People’s Republic of China. The cables alleged that officials on the politburo’s standing committee (the preponderance of power in the Chinese Communist Party that runs the PRC) may have ordered the cyber-attacks on Google that occurred in the beginning of this year.
The Chinese government’s ability to say one thing earnestly while everyone knows it’s doing the exact opposite fascinates me. It rebuts these claims via stories in its various press arms, saying first that the accusations that hackers are centralized at a certain tech school were laughable and then that the school’s faculty were becoming “bored” with the allegations.
But taken in the context of what we already know about Chinese hacker culture, the cable rings true. According to an article in Foreign Policy Magazine by Mara Hvistendahl, the PRC has this ingenious model in which it can deploy eager, patriotic youth hackers without having to develop an entire government infrastructure to wage cyberwar.
PRC youth’s desire to hack is the result of the fervent patriotism the CCP has instilled in them. The government handily declines to prosecute hackers – as long as they don’t target the PRC, that is. Such a hands-off policy allows a hacker culture to flourish. And the government sometimes takes advantage of their strength, specifically engaging them from time to time to break into its enemies’ networks.
The fact, though, that these foot soldiers of China’s cyber-army often act independently makes them difficult to control. As they aren’t exactly a part of the government, and often act without the explicit direction of the PRC government, state-level diplomacy would do little to stop them. And an attempt to wipe out each pinprick of hacking would prove troublesome indeed – not to mention the vast resources it would consume. In short, this whole decentralization strategy works as a pretty good defense for China.
There is a silver lining: Hackers’ weak organization will limit their effectiveness, confining their influence to lower-level breaches. That is, while China’s hackers could steal government secrets or hack into Gmail accounts, they could never develop something as coordinated and complex as the Stuxnet virus that hit Iran’s nuclear program, which took at least 10,000 hours to code and was incredibly precise in the operations of the machines it targeted. More typical of the next generation of cyberweapons, a Stuxnet-class virus would be difficult to pull off without an intelligence service.
How should we deal with this decentralized web of hackers? Should we simply ramp up our defenses and hope they hold or should we go on the offensive, and at least attempt to fight back? What do you think?
Posted on Dec 08, 2010