How America Is Fighting Back Against Chinese Hackers

This week, United States and Chinese leaders sat down for a special cybersecurity working group, a rare but increasingly necessary opportunity to clear the air of rumors and untruths about each country's hacking practices. The talks went fine but also served to illustrate further how difficult a challenge the Pentagon and Department of Homeland Security have when it comes to protecting our nation's cybersecurity. But that doesn't mean they aren't trying. Here's how we're fighting back.

It's been six months since a New York Times investigation uncovered a group of Chinese hackers as the source of a major on-going attack on the newspaper. That revelation led to further revelations, like the fact that the attacks on U.S. media outlets very much resembled the behavior of Chinese military hackers. It also gave America's cybersecurity chiefs a chance to strike back. Finally, some details about what those retaliatory measures look like are starting to emerge.

The Wall Street Journal just published a lengthy look at the U.S. strategies for combatting Chinese hackers. In effect, the administration is fighting a new battle on a fresh front, one where the traditional rules of engagement don't necessarily apply. Because both countries' economies depend heavily on cyberspace, there's more than national security at stake.

A Delicate Balance

This is probably why the administration's first mode of attack was simple public shaming. Not long after the details of the Chinese attack on The New York Times emerged, the administration named a cyberunit of China's People's Liberation Army as the culprits in a series of recent cyberattack. This "naming and shaming" strategy appeared to be effective at first, as the attacks abruptly stopped after the name of the group, Unit 61398, appeared in industry reports and official Pentagon reports. By May, though, the Chinese hackers were back, attacking many of the same targets they'd hit before. This highlighted the need for a more aggressive strategy, one that the administration's been pursuing for a few months now.

The government's chief ally in the war against the Chinese hackers has to be internet service providers, since all attacks are routed through their infrastructure. And so covertly, the Department of Homeland Security approached the nation's major internet service providers with a long list of IP addresses that it believed were connected to the Chinese hackers, and encouraged the service providers to block access to as many as possible. This was no simple request, since some of the IP addresses are tied to Chinese business interests. Interfering with commerce would take this cybersecurity fight to the next level.

This kind of confusion is what things like this week's talks help navigate. Inevitably, the U.S. needs a way to fight back against the Chinese hackers while ensuring the Chinese government doesn't take the defensive measures as an attack on the country as a whole. At the same time, the U.S. can't reveal too much about its efforts because that will just tip off the hackers that the authorities are coming after them. So many meetings are necessary. The Department of Homeland Security met with cybersecurity experts this week ahead of the U.S.-China diplomatic meetings, and the administration's been bringing other agencies like the NSA and folks from the Pentagon into the mix.

Direct Hits

Speaking of the Pentagon, there are hackers in our own government who are fighting the Chinese hackers by hacking the hackers. This week, the China Daily reported that one third of all attacks against Chinese targets originate in the U.S. And those are just the attacks we know about. The Chinese government's been up in arms over the U.S.'s own hacking practices, especially since revelations of the NSA's assertive snooping revealed in the documents leaked by Edward Snowden last month. Some Chinese hackers even reference the Snowden leak in phishing attacks on unsuspecting American email users. Meanwhile, the naming and shaming strategy is still at work on this side of the pond.

It appears that the government has stopped short of going all Stuxnet on China. That weapon—perhaps the most powerful cyberweapon ever built—wreaked havoc on Iran's nuclear facilities a few years ago and provided the world with a benchmark for what true cyberwarfare would look like. While the U.S. never took credit for the weapon, it's widely accepted that it was us and Israel getting serious with Iran. And while we know we're capable of truly weaponizing code if we need to, it appears that we're not quite there yet with China.

At the end of the day, we can't know everything about the administration's strategy for bringing down the Chinese hackers. We can gain a better understanding of how cybersecurity stands to define the success of U.S.-China relations. Because no matter how polite John Kerry and President Obama are to visiting Chinese dignitaries, they won't make any progress if the Chinese think that the U.S. is undermining everything they do with aggressive cyberattacks.

It also doesn't help anybody if China continues its assault on U.S. targets. As the president and the Pentagon have said in the past, it doesn't take much for these cyberattacks to escalate in actual attacks. And we really, really don't want to go to war with China right now. [WSJ]

Image via Flickr / Dan Hankins