Pages

29 July 2021

U.S. allegations of China hacking disingenuous and self-defeating


The Biden administration has scored a diplomatic victory of sorts by strong-arming the EU, NATO and a handful of other countries into blaming China for the Microsoft exchange server hack that was revealed early this year and patched in March. But beyond the verbiage, there is no real substance behind the allegations. In fact, these allegations are only the latest installment of the administration's doomed-to-fail ideological crusade to confront and contain China with a shaky coalition of the unwilling.

We must recognize that cybersecurity is indeed an increasingly important concern for individuals, companies, businesses and governments around the world with Eugene Kaspersky, CEO of Kaspersky Lab, the Russian cybersecurity and anti-virus provider, estimating millions of unique viruses in the wild today. Also, cyber-warfare has not only become a legitimate means of combat but perhaps even the arena in which the fate of nations will be decided. As such, any country that values its sovereignty must ensure that it possesses balanced and effective capabilities in cyber-warfare are sufficient to meet the geopolitical challenges which it faces.

And so, when I say that there is no substance behind these allegations, I am not offering an opinion or verdict on whether or not any Chinese-affiliated entities conducted these hacks. Instead, I am saying that the blame levied by the U.S. against China is disingenuous and hypocritical in a self-defeating way.

In fact, the U.S. has been the most aggressive and reckless in developing and deploying offensive cyber-capabilities. For example, ECHELON, which began in the late 1960s as a way to monitor the military and diplomatic communications of the Soviet Union and its Eastern Bloc allies during the Cold War, subsequently morphed into a worldwide electronic system to conduct mass surveillance by surreptitiously intercepting and examining private and commercial communications.


And these capabilities were also used to conduct industrial espionage as outlined in a report published by the European Parliament. The report lists numerous abuses with these two as illustrative. It accuses the National Security Agency (NSA) in 1994 of stealing information about an aircraft order placed by Saudi Arabia for an Airbus and sharing it with Boeing and McDonnell-Douglas, its American competitors, which resulted in McDonnell-Douglass winning the contract. The report also describes an instance of the CIA hacking into the computer system of the Japanese trade ministry in 1996 to advantage Mickey Kantor, the U.S. negotiator, in setting import quotas for American cars in the Japanese market.

More recently, the U.S. has been implicated in cyber attacks against Iran. For example, in 2010 Iran's nuclear site at Nantanz was severely damaged by the Stuxnet worm, which has been attributed to the U.S. and Israel. And in April 2012 a virus forced the country to disconnect its main oil terminals and facilities from the Internet to protect them from damage. After conducting investigations, the attacks were attributed by Iran to the U.S.

In terms of recklessness, the U.S. has also been the biggest contributor to worsening the threat environment by not adequately securing its cyber-weapons. Like many major powers, it has stockpiled zero-day bugs and weaponized them. But it has also allowed these destructive tools to fall into the wrong hands. For example, the Equation Group, which is suspected of being affiliated with the NSA, is described by Kaspersky Labs as "one of the most sophisticated cyber-attack groups in the world and the most advanced we have seen." But in August 2016, the Shadow Brokers, a hacking group, released malware that it had stolen from the Equation Group.

The Biden administration may have scored a hollow diplomatic victory against China; but it also recognizes that this is perhaps the only kind possible here. As such, the U.S. must be careful to not miscalculate as it continues this disingenuous rhetorical barrage.

No comments:

Post a Comment