China has made its first strike on the West

Matthew Henderson
Thu, August 3, 2023

It is becoming increasingly clear that Chinese computer hackers may have penetrated American military and civil critical infrastructure in ways that could cripple a US response to Chinese armed aggression from the outset. Certainly that would align with Beijing’s strategy, familiar from Sun Tzu’s “Art of War”, which is to win the war before a shot is fired.

In the modern digital context this entails preemptive cyber attacks not just against its enemies’ military forces, but also on the pillars of social and economic security, including communications, transport, energy, water and health systems. The aim is to damage opponents so badly that battle would never be joined, or only briefly before they collapse into domestic disarray and disaster.

To achieve this, China must first access data on the targets it wants to disrupt, and then devise cyber attacks that will avoid preventive measures and create sudden, irreversible havoc. The US is now desperately hunting for malicious software discovered inside the power grids and communications systems that supply its military. The tools for a pre-emptive first strike against the West could already be in place.

It seems that US intelligence became aware of a serious threat to national security in February, around the time of the spy balloon episode. Since May, according to Microsoft, Chinese hackers have been secretly accessing data from the State Department and Commerce Department, among other targets including Western European entities.

These developments are part of an established pattern. A Chinese attack in 2021, compromising the Microsoft exchange server, was blamed by the UK Foreign Office and National Cyber Security Centre on the Chinese Ministry of State Security. A year later, the directors of the UK and US security services together announced that China “posed the biggest long-term threat to our economic and national security”. At the same time Nato, at its 2022 Summit, declared that “the PRC’s malicious hybrid and cyber operations and its confrontational rhetoric and disinformation target allies and harm alliance security”.

The US military is scrambling to find out how badly Chinese cyber warfare has compromised America’s defences. The UK lags far behind; despite years of clear warnings by the intelligence and security community, there has yet to be a proper UK response. However uncomfortable it may be to accept for beneficiaries of the faux “Golden Era” when Beijing bought its way into the UK establishment, the CCP was then, and is now, waging relentless hybrid warfare against us and our Allies and partners.

Beijing was shamefully welcomed into our nuclear sector, and deeply embedded in much else. It is to be assumed that they are hoovering up vast quantities of British data, encrypted and unencrypted. What they can’t read now, they are believed to be storing against the day that evolving quantum computer technologies crack the codes.

Before it’s too late, not only America but all of its Western allies and partners must grasp that the Chinese Communist Party – and not the unfortunate citizens it rules over – looks like an enemy and acts like an enemy because it is our enemy. Will it take catastrophic cyber attacks on our civil critical infrastructure and our militaries being brought to their knees before a shot is fired for our politicians to wake up?

U.S. Hunts Chinese Malware That Could Disrupt American Military Operations

The Biden administration is hunting for malicious computer code it believes China has hidden deep inside the networks controlling power grids, communications systems and water supplies that feed military bases in the United States and around the world, according to American military, intelligence and national security officials.

The discovery of the malware has raised fears that Chinese hackers, probably working for the People’s Liberation Army, have inserted code designed to disrupt U.S. military operations in the event of a conflict, including if Beijing moves against Taiwan in coming years.

The malware, one congressional official said, was essentially “a ticking time bomb” that could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to U.S. military bases. But its impact could be far broader, because that same infrastructure often supplies the houses and businesses of ordinary Americans, according to U.S. officials.

The first public hints of the malware campaign began to emerge in late May, when Microsoft said it had detected mysterious computer code in telecommunications systems in Guam, the Pacific island with a vast American air base, and elsewhere in the United States.

More than a dozen U.S. officials and industry experts said in interviews over the past two months that the Chinese effort predated the May report by at least a year, and that the U.S. government’s effort to hunt down the code, and eradicate it, has been underway for some time. Most spoke on the condition of anonymity to discuss confidential and in some cases classified assessments.

They say the Chinese effort appears more widespread — in the United States and at American facilities abroad — than they had initially realized. But officials acknowledge that they do not know the full extent of the code’s presence in networks around the world.

The discovery of the malware has touched off a series of Situation Room meetings in the White House in recent months, as senior officials from the National Security Council, the Pentagon, the Homeland Security Department and the nation’s spy agencies attempt to understand the scope of the problem and plot a response.

Biden administration officials have begun to brief members of Congress, some state governors and utility companies about the findings, and confirmed some conclusions about the operation in interviews with The New York Times.

There is a debate inside the administration over whether the goal of the operation is primarily aimed at disrupting the military, or at civilian life more broadly in the event of a conflict. But officials say that the initial searches for the code have focused first on areas with a high concentration of American military bases.

In response to questions from The Times, the White House issued a statement Friday night that made no reference to China or the military bases.

“The Biden administration is working relentlessly to defend the United States from any disruptions to our critical infrastructure, including by coordinating interagency efforts to protect water systems, pipelines, rail and aviation systems, among others,” said Adam Hodge, the acting spokesman for the National Security Council.

He added: “The president has also mandated rigorous cybersecurity practices for the first time.” Mr. Hodge was referring to a series of executive orders, some motivated by concerns over SolarWinds, commercial software used widely by the U.S. government that was breached by a Russian surveillance operation, and the Colonial Pipeline ransomware attack by a Russian criminal group. That attack resulted in the temporary cutoff of half the gasoline, jet fuel and diesel supplies that run up the East Coast.

The U.S. government and Microsoft have attributed the recent malware attack to Chinese state-sponsored actors, but the government has not disclosed why it reached that conclusion. There is debate among different arms of the U.S. government about the intent of the intrusions, but not about their source.

The public revelation of the malware operation comes at an especially fraught moment in relations between Washington and Beijing, with clashes that include Chinese threats against Taiwan and American efforts to ban the sale of highly sophisticated semiconductors to the Chinese government.

The discovery of the code in American infrastructure, one of Mr. Biden’s most senior advisers said, “raises the question of what, exactly, they are preparing for — or whether this is signaling.”

If gaining advantage in a Taiwan confrontation is at the heart of China’s intent, tabletop exercises conducted by the government, think tanks and other outside experts suggest time is of the essence. Slowing down American military deployments by a few days or weeks might give China a window in which it would have an easier time taking control of the island by force.

Chinese concern about American intervention was most likely fueled by President Biden’s several statements over the past 18 months that he would defend Taiwan with American troops if necessary.

Another theory is that the code is intended to distract. Chinese officials, U.S. intelligence agencies have assessed, may believe that during an attack on Taiwan or other Chinese action, any interruptions in U.S. infrastructure could so fixate the attention of American citizens that they would think little about an overseas conflict.

Chinese officials did not respond to requests for comment concerning the American discovery of the code. But they have repeatedly denied conducting surveillance or other cyberoperations against the United States.

They have never conceded that China was behind the theft of security clearance files of roughly 22 million Americans — including six million sets of fingerprints — from the Office of Personnel Management during the Obama administration. That exfiltration resulted in an agreement between President Obama and President Xi Jinping that resulted in a brief decline in malicious Chinese cyberactivity. The agreement has since collapsed.

Now, Chinese cyberoperations seem to have taken a turn. The latest intrusions are different from those in the past because disruption, not surveillance, appears to be the objective, U.S. officials say. At the Aspen Security Forum last week, Rob Joyce, the director of cybersecurity at the National Security Agency, said China’s recent hack targeting the American ambassador to Beijing, Nicholas Burns, and the commerce secretary, Gina Raimondo, was traditional espionage. But he said the intrusions in Guam were “really disturbing” because of their disruptive potential.

The Chinese code, the officials say, appears directed at ordinary utilities that serve both civilian populations and nearby military bases. Only America’s nuclear sites have self-contained communication systems, electricity and water pipelines. (The code has not been found in classified systems. Officials declined to describe the unclassified military networks in which the code has been found.)

While the most sensitive planning is carried out on classified networks, the military routinely uses unclassified, but secure, networks for basic communications, personnel matters, logistics and supply issues.

Officials say that if the malware is activated, it is not clear how effective it would be at slowing an American response — and that the Chinese government may not know, either. In interviews, officials said they believe that in many cases the communications, computer networks and power grids could be quickly restored in a matter of days.

But intelligence analysts have concluded that China may believe there is utility in any disruptive attack that could slow down the U.S. response.

The first hints of the new campaign by China came in May, when experts at Microsoft released some details of the malware found in Guam — home to major U.S. Air Force and Marine bases — and elsewhere in the United States. The company attributed the intrusion to a Chinese state-sponsored hacker the experts called Volt Typhoon.

A warning from the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency, the National Security Agency and others issued the same day said the state-sponsored hacker was able to avoid detection by blending its attack in with normal computer activity but did not outline other details of the threat.

Officials briefly considered whether to leave the malware in place, quietly monitor the code they had found and prepare plans to try to neutralize it if it was even activated. Monitoring the intrusions would allow them to learn more about it, and possibly lull the Chinese hackers into a false sense that their penetration had not been exposed.

But senior White House officials quickly rejected that option and said that given the potential threat, the prudent path was to excise the offending malware as quickly as it could be found.

Still, there are risks.

American cybersecurity experts are able to remove some of the malware, but some officials said there are concerns that the Chinese could use similar techniques to quickly regain access.

Removing the Volt Typhoon malware also runs the risk of tipping off China’s increasingly talented hacking forces about what intrusions the United States is able to find, and what it is missing. If that happens, China could improve its techniques and be able to reinfect military systems with even harder-to-find software.

The recent Chinese penetrations have been enormously difficult to detect. The sophistication of the attacks limits how much the implanted software is communicating with Beijing, making it difficult to discover. Many hacks are discovered when experts track information being extracted out of a network, or unauthorized accesses are made. But this malware can lay dormant for long periods of time.

Speaking earlier this month at an intelligence summit, George Barnes, the deputy director of the National Security Agency, said the Volt Typhoon attacks demonstrated how much more sophisticated China had become at penetrating government and private sector networks.

Mr. Barnes said that rather than exploit flaws in software to gain access, China had found ways to steal or mimic the credentials of system administrators, the people who run computer networks. Once those are in hand, the Chinese hackers essentially have the freedom to go anywhere in a network and implant their own code.

“China is steadfast and determined to penetrate our governments, our companies, our critical infrastructure,” Mr. Barnes said.

“In the earlier days, China’s cyberoperations activities were very noisy and very rudimentary,” he continued. “They have continued to bring resources, sophistication and mass to their game. So the sophistication continues to increase.”

The post U.S. Hunts Chinese Malware That Could Disrupt American Military Operations appeared first on New York Times.