Chinese hacks, US hacks
Much has been made in the past couple of days of the report put out by Mandiant which links a bunch of recent, high profile security attacks to a group of Chinese hackers that are presumably a part of the People’s Libration Army (PLA) — i.e., the Chinese military.
The report is here by the way — and it’s a very interesting read. Recommended.
Anyways, people are treating this as though it’s shocking new information. Really? You didn’t know that the Chinese state spies on foreign entities, principally corporations, to gain commercial advantage? I would think that’s well known and unsurprising.
At the same time, people treat this as though it’s only the Chinese doing it. One of the largest government agencies in the US is the National Security Agency (NSA). What do you imagine they do for a living?
More than that – we should think about the nature of cyber warfare. The Chinese, from recent experience, are really interested in just two things:
- Criticism of their leadership, and in particular the interesting ways in which their families accumulate extreme wealth.
- Commercial information — intellectual property, pricing information, plans for take-overs, mineral development, etc.
So what does the US focus on? It seems they’re more interested in traditional targets for spying — foreign governments and military agencies. Interestingly, the US does something in the cyber warfare space that no other government seems to do (yet?), and that is to deploy an offensive capability. Worms such as Stuxnet have been spectacularly successful at delaying Iran’s ability to refine weapons-grade uranium, and represent a capability and military policy totally unlike China’s.
So what do we take away from all this?
- Yes, just as everybody already knew, and despite the totally non-credible denials, China’s military engages in espionage on an industrial scale.
- China’s hacks are focused on fairly mundane stuff: IP theft, commercial intelligence and protecting the reputations of their leadership.
- The US, in contrast, has a conventional espionage regime, targetting governments and military agencies.
- Also unlike China, the US both possesses and has deployed an
It may only be a matter of time before other players engage in the offense or emulate China’s commercially-oriented spy tactics.
We live in interesting times.