On numerous occasions in the past, China’s authoritarian regime has publicly stated that the U.S. is its ideological enemy. Comments made by Chinese defector Chen Yonglin to Australian authorities in June support the theory that China’s leaders view the U.S. as their main adversary. “The U.S. is considered by the Chinese Communist Party as the largest enemy, the major strategic rival. The U.S. occupies a unique place in China’s diplomacy,” noted Yonglin.
With inflammatory statements like those noted by Chen Yonglin, it is easy to understand why national security questions still resonate in Washington from the December purchase of IBM’s PC division by China’s largest computer company Lenovo. Although eventually approved by the Committee on Foreign Investments in the United States (CFIUS), critical questions concerning the ultimate use of the company’s state-of-the-art computers as they relate to state-sponsored cyber crime and hacking attacks, still remain largely unanswered.
Specifically, could Lenovo computers or other domestic computers be used by Beijing to initiate a coordinated cyber attack against the U.S. to fracture the stability of global financial markets, interrupt international communications, damage interconnected security networks and harm the overall effectiveness and rapid response capabilities of the U.S. military?
If history is any indication, the possibility of such an attack is authentic and should be given serious attention.
Washington should be deeply concerned about the growing possibility of a massive, state-sponsored cyber attack against U.S. interests originating from mainland China – however, the opposite seems to be true. Surprisingly, there seems to be a dangerous lack of leadership, information sharing, structural flexibility and vision in the area of cyber security. “They are ignoring cyber security and it poses an enormous vulnerability,” said Edward Lazowska, professor of computer science and engineering at the University of Washington.
China’s Emerging PC Market: Making an Attack Possible
According to the Gartner Group, a global research firm, Asia, with 3.6 billion people or 60% of the world’s population, will have 242 million Internet users by the end of this year -- the largest number of Internet users in the world. China is the world’s second largest PC market and is growing seven times as fast as the current volume leader the U.S. With 1.3 billion citizens, China will likely have 100 million computers in the next decade. Some experts predict that by 2009, annual PC sales in China will reach 30 million units.
The increased availability of computer technology in Asia is a concern for many Western intelligence analysts who see an intrusive and menacing Chinese government as the driving force behind the country’s dramatic PC market growth. In April, research firm International Data Group (IDC), a global provider of market intelligence, reported that computer sales in China were ahead of projections due primarily to demand from the Chinese government.
“The rapid increase in notebook PC production [an IBM trademark product] is a major factor driving this growth,” said Mark Saunderson, publisher of Global Sources’ Electronic Engineering Times-China and Electronics Supply and Manufacturing-China.
Asia is already the leading breeding ground for software piracy, hacking and virus proliferation. Therefore, it is not implausible to imagine young groups of Chinese “hackers” feverishly at work in hundreds of government sponsored “hacking centers” attacking U.S government computer mainframes, especially during a time of conflict with the U.S.
In 2001, Chinese hackers launched targeted attacks against U.S. websites in response to the death of a Chinese pilot killed in a collision with a U.S. spy place. Recent attacks have been more copious, better coordinated and extremely intrusive.
With the third largest PC maker now in the fold, an increasing consumer base and a computer savvy population, a destructive Chinese cyber attack could occur very soon.
Recent Chinese Cyber Attacks
Cyber attacks originating in mainland China are increasing at an alarming rate posing a substantial threat to U.S. national security and the security of its allies. According to the Korean Information Security Agency (KISA), a total of 10,628 cases of hacking were reported in the first half of 2004 – 30 times higher than for the same period in 2003.
In January, Japanese officials reported that Chinese hackers were routinely attacking website and Internet services such as the Yasukuni Shrine, a point of contention between the two countries. “In the case of Yasukuni, the attack caused by the Chinese hackers was well organized with a certain amount of groups and people participating,” said Kuninori So, an analyst at the Cyber Defense Institute in Tokyo.
In June, the National Infrastructure Security Coordination Center (NISCC), the British department responsible for combating threats to U.K. national security, reported that unidentified hackers from Asia were launching attacks on vital government and corporate computer systems in the U.S., Canada, Australia and Great Britain for the purpose of securing confidential information. NISCC spokesman James Cox commented that the attacks were “well-organized” and were being employed by coordinated groups.
Could the Chinese government be the sponsor of these clandestine cyber attacks?
In 2005, Chinese hackers assaulted South Korean government computers gaining access to information concerning the country’s National Assembly, Atomic Energy Research Institute, Democratic Progressive Party and even the itinerary of South Korean President Chen Shui-bian. Law enforcement officials have stated that the hacking was an example of state-sponsored espionage. One hacker was identified as a student at a school run by the Chinese army.
This month, Taiwan’s Criminal Investigative Bureau (CIB) warned other governments that a large amount of sensitive data had been transferred to several servers located in China. These intrusions are not a matter of coincidence – they are all examples of a carefully planned cyber assault on the West by China.
Some pro-China enthusiasts argue that China remains too fragmented and disorganized to launch a well-orchestrated cyber attack. However, recent developments prove that underestimating the Chinese could be dangerous. A report prepared for the U.S.-China Economic and Security Review Commission, a congressional committee, found that predictions purporting that Chinese technological advances would be slow were off the mark, “Predictions a decade ago of a slow Chinese progress have been proved to be false.” said Pentagon official Michael Pillsbury. China has shown an increased proclivity for flexibility and secrecy, especially in areas of national interest such as the modernization of its military forces.
Why should the Chinese computer industry be any different?
The Lenovo Sale – A Bad Omen
Statements made by Lenovo executives that the company is interested in increasing global sales remains open to healthy skepticism. Prior to the Lenovo sale, IBM’s PC business had been losing approximately $1billion dollars a year for the past several years. Making the sale even more questionable, Lenovo’s co-founder and Chairman Liu Chuanzi hails from a military conformist background, known more for his rigidity than creativity. When asked about Lenovo, one anonymous source stated, “It [Lenovo] is very militaristic. It’s not an environment that fosters creativity. You just do what you’re told.” Most of Lenovo’s managers lack international business experience; overseas training and a knowledge of the English language.
With recent financial troubles and a lack of international business experience, should we believe that the new Lenovo was created to succeed in the highly competitive international PC market? Does the Chinese government have other plans for the new company? Is the new Lenovo interested in selling computers to the West; or was it created as a tool to provide China’s communist leaders with affordable computers that could be used in a large-scale cyber attack?
With 30 a percent share in Lenovo, will the Chinese government use its influence to pressure the companies’ board of directors to revise the company’s strategic decision making processes, goals and long-term vision?
Beijing’s Internet Cafés
As an owner of the world’s third largest PC maker, one would like to think that Beijing would be a supporter of free speech and market competition – unfortunately, we all know that is not true. In the first three months of 2005 alone, 16,000 Internet cafés were closed by the Chinese government under the guise that the cafés were a “fire risk” and endangered the morals of juveniles.
Taking firm control of the Internet and political dialogue has been one of China’s chief tasks over the past 18 months. About 40,000 Internet police filter sites dealing with issues on Taiwan, human rights, Tibet and the banned Falun Gong group. In addition, software is used to filter the emails of over 80 million Chinese for suspicious keywords. Under new regulations passed this year, foreigners will now be required to login using their passport numbers.
This type of dictatorial behavior proves Beijing is intolerant of the basic freedoms and principles associated with computer technology.
Information is power and possessing the technology that allows a country to gather and analyze that information is an enabler. In the right hands, information and technology are powerful tools, but in the wrong hands, they can give unscrupulous and untrustworthy governments’ new ways to sabotage legitimate systems.
Chinese defector Chen Yonglin recently noted, “When the day is mature, the Chinese government will strike back.”
To dismay of the U.S. and its citizens, that day may soon be upon us.