Chinese President Xi Jinping (習近平) and US President Barack Obama talked cybersecurity this weekend in California, but experts say the state’s Silicon Valley and its signature high-tech firms should provide the front lines in the increasingly aggressive fight against overseas hackers.
With China seeking to grow its economy and expand its technology base, companies like Facebook, Apple, Google and Twitter are inviting targets. In fact, all have been attacked and all point the finger at China, which has denied any role.
The US government has stepped up efforts to thwart cyberattacks, but those efforts are mainly focused at protecting its own secrets, especially regarding military operations and technologies.
Paul Rosenzweig, a former US Department of Homeland Security official whose Red Branch Consulting provides national security advice, said the responsibility for preventing attacks in the private sector lies with the US innovators who created the technology that is being hacked in the first place.
“To some degree, they were getting a pass,” he said. “If a car manufacturer made a car that was routinely able to be stolen, they’d be sued. If software is made with gaps that are a liability, they bear some responsibility, and in recent years there’s been a sea change in high-tech firms accepting that responsibility.”
Big firms like Google employ thousands of security experts who can spot a potential attack on just a few individuals and quickly disseminate protection for everyone using their products. Google routinely detects unsafe Web sites that spread malicious software or trick people into revealing personal information, posting warnings in front of users and contacting Webmasters who may have been hacked.
Yet, Chinese hackers have managed to hit even Google, and in a book released this spring, Google’s executive chairman Eric Schmidt said China is the world’s “most sophisticated and prolific hacker.”
Cybersecurity was high on the agenda for meetings between Obama and Xi on Friday and yesterday in southern California’s Rancho Mirage. A recent US government report found nearly 40 Pentagon weapons programs and almost 30 other defense technologies were compromised by cyberintrusions from China. Earlier this year, cybersecurity firm Mandiant linked a secret Chinese military unit to years of cyberattacks against US companies.
Mandiant chief security officer Richard Bejtlich said his firm tracks more than 20 potentially threatening groups of hackers in China, some with links to the government and military.
China’s government denies any involvement, with Chinese Defense Ministry spokesman Geng Yansheng (耿雁生) telling reporters last Sunday that the US claims “underestimate the intelligence of the Chinese people.”
However, frustration is growing as the attacks continue. Although none have come out publicly, analysts say some US companies even are considering cyberattacks of their own as retaliation, even though it is illegal. Retaliatory hacking was a hot topic at the 2013 RSA Conference on tech security in March, where attorneys and sitting judges even held a mock trial over an imaginary firm that struck back.
And on May 20, the Commission on the Theft of American Intellectual Property, headed by former US ambassador to China Jon Huntsman and former US director of National Intelligence Dennis Blair, recommended that the US Congress and the Obama administration reconsider the laws banning retaliation.
“If counterattacks against hackers were legal, there are many techniques that companies could employ that would cause severe damage to the capability of those conducting IP [intellectual property] theft,” they wrote.
Marc Maiffret, chief technology officer at security firm BeyondTrust in San Diego, warns against private firms going on the offensive.
“There are a lot of people lobbying to ‘hack back’ but I think that is a disastrous idea,” said Maiffrett, who was a hacker of government sites before discovering the first Microsoft computer worm, “CodeRed.”
“Most of corporate America is failing to secure themselves, let alone become competent hackers to hack back against someone like a China,” he said.
Tim Junio, who studies cyberattacks at Stanford University’s Center for International Security and Cooperation, does not expect much to change because of the Xi-Obama talks.
“China benefits too much by stealing intellectual property from the US, so it’s really hard to imagine anyone convincing them to slow down,” he said.
Indeed, the payoff for successfully stealing critical information can be enormous. For example, if a company spends many millions of US dollars developing expensive intellectual property, such as a pharmaceutical firm investing in a new drug, it is very cost-effective for a Chinese firm or government entity to dedicate a small team of hackers to gain access to that company’s networks.
A patient approach of sending e-mails for months, hoping an employee eventually clicks on a link or opens an attachment that they should not, usually works. It is a probabilities game and the offense has the advantage, especially when targeting a company with thousands of employees. Sooner or later, someone will make a mistake.
Hackers then sell the stolen intellectual property to competing companies, which can try to replicate the product and sell counterfeits at a cut rate. For a developing country like China, this is a great way to stimulate domestic economic growth.
Junio suspects that China’s political leaders may not even be aware of the extent of hacking by their own cyberteams because corrupt government officials may also be using them for personal gain.
James Barnett, former chief of public safety and homeland security for the US Federal Communications Commission, said the US government’s role in fighting Chinese hackers should be to offer high-tech firms tax deductions, credits or liability limits.
“The private sector’s role is to continue to innovate, something it can do much better than the government, and something that Silicon Valley does better than just about anywhere in the world,” Barnett said.
A series of strong earthquakes in Hualien County not only caused severe damage in Taiwan, but also revealed that China’s power has permeated everywhere. A Taiwanese woman posted on the Internet that she found clips of the earthquake — which were recorded by the security camera in her home — on the Chinese social media platform Xiaohongshu. It is spine-chilling that the problem might be because the security camera was manufactured in China. China has widely collected information, infringed upon public privacy and raised information security threats through various social media platforms, as well as telecommunication and security equipment. Several former TikTok employees revealed
At the same time as more than 30 military aircraft were detected near Taiwan — one of the highest daily incursions this year — with some flying as close as 37 nautical miles (69kms) from the northern city of Keelung, China announced a limited and selected relaxation of restrictions on Taiwanese agricultural exports and tourism, upon receiving a Chinese Nationalist Party (KMT) delegation led by KMT legislative caucus whip Fu Kun-chi (傅崑萁). This demonstrates the two-faced gimmick of China’s “united front” strategy. Despite the strongest earthquake to hit the nation in 25 years striking Hualien on April 3, which caused
Two sets of economic data released last week by the Directorate-General of Budget, Accounting and Statistics (DGBAS) have drawn mixed reactions from the public: One on the nation’s economic performance in the first quarter of the year and the other on Taiwan’s household wealth distribution in 2021. GDP growth for the first quarter was faster than expected, at 6.51 percent year-on-year, an acceleration from the previous quarter’s 4.93 percent and higher than the agency’s February estimate of 5.92 percent. It was also the highest growth since the second quarter of 2021, when the economy expanded 8.07 percent, DGBAS data showed. The growth
In the 2022 book Danger Zone: The Coming Conflict with China, academics Hal Brands and Michael Beckley warned, against conventional wisdom, that it was not a rising China that the US and its allies had to fear, but a declining China. This is because “peaking powers” — nations at the peak of their relative power and staring over the precipice of decline — are particularly dangerous, as they might believe they only have a narrow window of opportunity to grab what they can before decline sets in, they said. The tailwinds that propelled China’s spectacular economic rise over the past