“For China, cyber-war is total war. Dealing with it requires much more than just added firewalls, tighter access controls and more sensors.”
I wrote that in February 2013, when the Wall Street Journal revealed that its editors and reporters had been under more or less continuous attack from Chinese hackers — as were The New York Times, Yahoo, Google, and a host of other tech companies and media outlets.
Events last week show that we remain clueless about the nature of this threat and about how to deal with it.
Apple announced last week that it’s been the target of the latest hacking outrage, after a series of devastating attacks on its iCloud server. Recall that Google’s server came under attack back in September.
Cloud storage is supposed to be safer than keeping data on a computer or device. But using what’s called a “man-in-the-middle” attack, hackers can interpose themselves between the cloud and user in order to steal vital login information. So while users last week thought they were directly communicating with Apple, in fact Chinese officials were intercepting their credentials.
That is, at least, the conclusion of GreatFire, the best watchdog of China’s cyberactivities. The Chinese government has of course denied it, but the attacks came from servers that only government and state-controlled telecommunications firms use. It appears to be an attempt to spy on what Chinese citizens see and say on their new iPhones. It also sends a message to Apple, that their vaunted iCloud security is vulnerable no matter where it is.
This didn’t stop the government for blaming Apple for the breach. Apple’s Tim Cook even had to fly to Beijing to explain to the Chinese government, in effect, why its own operatives had been able to hack into the Apple cloud.
This kind of absurdity reigns in our cyberdealings with China, in large part because our government won’t treat them as a systematic threat to our economy — including our banks and corporations, our government, and our national security — and deliver a proportionate response.
Instead, the Obama administration has had to be dragged into even publicly identifying China as the source of all these recent attacks, including one on the Pentagon.
Nothing changed this spring, after President Obama promised a firm chat on the subject with the Chinese premier. Then the Justice Department indicted five Chinese army hackers of a hacker army which, along with its civilian helpers, numbers in the tens of thousands.
Indictments and private admonishments get us nowhere. As in any cold war, deterrence is the key. Our government needs to take the fight to the enemy, with what experts call an “active cyber defense” that traces hackers back and disrupts or shuts down their service.
The Chinese government will scream bloody murder. They may even launch new attacks in retaliation — all indirect and deniable, of course. But we now have no choice but to fight cyberfire with cyberfire until Beijing learns to rein in its hackers or pay the price.
Critics will worry as to what affect this cyber deterrence strategy might sour our trade relations with China, but they’re already a mess thanks to cyber-theft, which is estimated to pull out more than $400 billion from the US economy annually. According to a recent government commission on intellectual property, China accounts for 75 to 80 percent of this activity. The head of US Cyber Command, General Keith Alexander, has pronounced it “the greatest transfer of wealth in history” — and it’s not about to stop.
For now, the Chinese still hold the initiative, while our beleaguered security experts inside and outside of the government still try to catch up and plug the holes in the cyber-dike.
Until Congress and a new White House take the threat seriously, we will remain exposed — and every iPhone and terminal will be the enemy’s potential tool in this, the Cold War of our time.