EARLIER THIS year Microsoft found that a group of hackers, which it called Hafnium, had broken into hundreds of thousands of computer servers around the world that were running the firm’s mail and calendar software. The cyber-thieves were stealing emails, documents and other data from small businesses, NGOs and local governments in an enormous, seemingly indiscriminate, cyber-attack. In July America, Britain, other members of NATO and the European Union all blamed China. America was more specific. It named China’s civilian intelligence agency, the Ministry of State Security (MSS).
Such co-ordinated condemnation of the Chinese government for allegedly hacking into foreign computer systems was unprecedented. But it was no surprise in the West that China appeared to be responsible (as always in such cases, it denied involvement).
In 2015, standing next to Xi Jinping at the White House, Barack Obama said the two presidents had agreed that neither country would “conduct or knowingly support cyber-enabled theft of intellectual property” for commercial gain. But cyber-experts say China remains hard at it. In September attacks allegedly mounted by the Chinese government included ones against Indian media firms, Microsoft’s Windows operating system and Roshan, a telecoms network in Afghanistan.
Spy agencies everywhere hack into other countries’ computer systems. What irks Western governments is that China also steals commercial secrets to pass on to its companies, whereas there is no evidence that the West’s spies collude with business like this. Since Mr Xi took power in 2012, China’s hacking capabilities have grown.
The Chinese army’s signals-intelligence wing, the Third Department, used to be in charge of such work. It attacked everyone from American military contractors to Google. In 2014 America’s Department of Justice formally accused five Chinese citizens from the Third Department’s Unit 61398 of “computer hacking, economic espionage and other offences” against American companies involved in nuclear and solar power as well as metal production. (Those charged were believed to be in China and have not appeared in court.) By then, however, control over hacking activities was being transferred to the MSS. The army is still hacking, but its targets are now mainly government ones.
The MSS was first publicly linked to the hacking of foreign companies in 2017. Its involvement was exposed by an anonymous blog called Intrusion Truth, which monitors such attacks. Several cyber-security firms endorsed its analysis. Later that year the American government charged three alleged MSS hackers in absentia for attacks on foreign firms. Two of the accused had been identified by the blog.
Attributing cyber-attacks to China, let alone to specific government agencies, is tricky. Benjamin Read of Mandiant, an American firm that tries to keep tabs on who is hacking what, explains that he and his colleagues gather and analyse telltale tracks, such as the addresses of computers used to launch attacks. A single hacking incident usually does not leave enough information to identify the culprit: attackers can give their computers a false address. But that can be laborious, since, whenever they use a new address, the hackers must also reinstall all of the tools they use to carry out attacks. This creates an incentive to use addresses repeatedly, which facilitates the work of cyber-detectives.
Under military oversight, China’s cyber-attacks often seemed haphazard. Hackers were given lists of targets at the beginning of each month, but there appeared to be little supervision or co-ordination of their efforts. The MSS has integrated the process more closely with other intelligence-gathering operations, says Mr Read. One team might grab a target’s mobile-phone data from a telecoms firm, then hand the information to a different group that would use it to infiltrate the device.
Computer experts at Chinese universities have long co-operated with cyber-theft operations conducted by the army and the MSS. Such people have been obvious targets for recruitment by China’s intelligence agencies as in-house talent. Now the government is expanding the potential supply of hackers by creating a vast new teaching and research facility in the central city of Wuhan, says Dakota Cary of the Centre for Security and Emerging Technologies at Georgetown University in Washington. The 40-square-kilometre campus, called the National Cybersecurity Centre, is under the direction of the Communist Party’s Cyberspace Affairs Commission, led by Mr Xi. The centre will produce its first graduates—1,300 of them—next year.
Growing numbers of people are needed to sift through the huge volumes of data that are stolen by the hackers. Mr Brazil of BluePath Labs reckons there are probably several hundred thousand analysts working on this already. “The economy and military have greatly benefited from technology theft,” he says. “Why stop just because those foreigners are feeling aggrieved?”
America’s Federal Bureau of Investigation has been stepping up its efforts to curb the espionage. On November 5th an MSS officer was convicted in Ohio of conspiring to steal jet-engine technology from General Electric, an American conglomerate. In July two MSS spies living in China were formally accused of hacking into high-tech businesses around the world over the course of many years, most recently to steal pharmaceutical data related to covid-19 vaccines and treatments.
Companies that worry about China’s hacking often use a private cyber-security firm to monitor their networks for subtle patterns indicating an attack, and try to cut it off before it goes too far. Encrypting as much data as possible helps them to minimise their losses. But it is extremely hard to fend off all cyber-spying. If China’s hackers really want to break into a network, are willing to work slowly and are able to operate stealthily, they will often succeed. The entreaties of Western governments will not deter them. ■
This article appeared in the China section of the print edition under the headline “The spectral game”