Cyberspace is arguably the most important warfighting domain of the future, and the future is now. The United States is certainly at the forefront of the advancement of capabilities of this domain but China might be approaching if not surpassing the United States in this domain very soon. A four part series by “Modem Mischief” describes several stories of China’s criminal hacking community. One story in the series tells the story of a hacker who found himself deep on the wrong side of the law, which is not good under the Chinese government. Eventually this man was given a choice—go to jail or join the ranks of China’s elite cyberwarfare fighting group. Involvement in China’s underground hacking community led this man to join competing against Chinese military hackers and going through an arduous and intensive hacking training program especially designed for China’s military. China’s hacking culture is real and evidently, naturally breeds prime candidates for cyberwarfare. Along with the culture of China’s hackers, the qualities and overwatch of the government surely foster an environment that is central to the development of a dominant cyber force within the Chinese military and government.
The origins behind the culture of the Chinese Hacking community dates back to before the Internet boom. Events such as the Tiananmen Square protests were talked about in close social circles before the rise of the Internet but as more people gained access to the Internet in the 90s and 2000s people found ways to communicate how they felt on certain topics that they otherwise wouldn’t be able to talk about in public under the watchful eye of the Chinese Communist Party (Howlett 54). People knew they could use the Internet for good and wanted to keep it a place of free expression for all, but the Chinese Communist Party was and is still able to heavily regulate what people see, do, and say on the Internet. At the dawn of this new era people would use code words and phrases to symbolize certain events or topics. One example of this was in reference to Tiananmen Square; people would use the phrase May 35 when talking about the protests, and specifically June 4th, 1989, online (Howlett 54). As more and more people gained access to computers and restrictions were made tighter and tighter by the government people had to come up with creative ways to remain somewhat anonymous or mask what they were talking about in forums to keep free expression.
At its core, hacking is the process of figuring out how things work and breaking them to make them do something they weren’t suppose to do for your benefit. The peoples’ goal of remaining anonymous and maintaining free expression on the Internet formed the culture of Chinese hackings. Although this community may have developed with generally benign purposes in mind, the community grew to consist of criminals, hacktivists, and legal security analysists, for example, which make up black hat, gray hat, and white hat hackers respectively. Black hat hackers are specifically people that hack with criminal intent while gray hat hackers typically have a virtuous purpose in mind but often disregards laws (Howlett 56-57). Due to the sheer size of the hacking community in China they have an enormous advantage in terms of the ability to share new ideas, new methods of breaking a certain piece of software, or new ways of breaking into a network, etc. (Howlett 66).
A culture of personal and communal growth likely sprouted from the original goal of working together to express themselves freely. Although there are significant amounts of criminal hackers in China, as there is anywhere else in the world, the large portion of the hacking community has actually developed more of a patriotic calling. Even though many hackers participate in illegal activities, the community around them praises and even promotes some of their actions. There are many newspapers that write stories on these hackers and many universities host capture the flags, which are hacking events where you solve challenges to showcase your hacking and problem solving abilities. There are also many cases of the hackers themselves promoting their work publicly on their own websites or blogs. (Howlett 68). The main reason for this level cultural support likely comes from hacktivism. Howlett describes hacktivism as “an act of breaching a system based on political and/or social motivations. (69)” In China, hacking culture heavily revolves around political and social events that take place in mainland China and around the world.
Patriotic hacktivism revolves around motivations in support of China and its people. The explosion of Chinese hacking can often be attributed to the Indonesian riots of 1998 where many Chinese people, citizens or not, were the targets of mob violence, rape, and murder (Howlett 72). Hackers in China were outraged at these atrocities and used their skills to perform malicious attacks on the Indonesian government. In response to the riots the first Chinse hacktivists formed and communicated in Internet Relay Chat rooms to develop plans to retaliate. The first attack on the Indonesian government was bombarding their email system in what is known as a distributed denial of service attack (Howlett 75-76). The Red Hacker Alliance hacking group in China would ultimately form from the riots and continued the attacks by taking control of several different Indonesian websites and defacing them. Pages on the exploited websites would display messages such as “Your site has been hacked by a group of hackers from China. Indonesian thugs, there can be retribution for your atrocities, stop slaughtering the Chinese people (Howlett 76).” The actions of the Red Hacker Alliance received large amounts of praise and support in mainland China from newspapers and media. The hacking culture of China fed on the support of the media and universities but the most important backer of patriot hackers is the Chinese Communist Party themselves. No one is truly anonymous or safe in cyberspace so it is clear that the Chinese Communist Party has motives and goals with the hacking community of China and is perpetuating the culture that developed from the desire to have a space where free expression is permitted.
The support by the Chinese Communist Party seems counterintuitive to its typical censorship of the Internet and free expression in general. Although hacking can be an extremely dangerous form of expression, especially to a government like China’s, China knows the importance of the cyberspace and believes it can leverage the hackers’ passion for protecting the interests of the Chinese people and rejecting countries that they believe harm China. China’s prominence in cyber warfare is highlighted by one of its many breaches on the United States government. A group known as “Titan Rain” managed to steal information from government agencies such as the Defense Information Systems Agency, the US Army Aviation and Missile Command, and the US. Army Space and Strategic Defense Installation (admin). Titan Rain is just one example of a hacking incident that originated within China that was able to display the strength of China’s cyberwarfare capabilities. Although this specific attack is believed to be a state sponsored attack, in reality all Chinese cyber attacks are state sponsored attacks. According to admin, “Chinese citizens are expected to actively support their government, which…mandates that Chinese “citizens get involved with hacking or cyber attacking an enemy’s systems.” (admin).” The Chinese government has the power and influence to essentially start and stop cyber attacks at will by encouraging this behavior and using the media to its advantage. As describe early, Chinese hackers feed off of the support and praise of the media, which also happens to be directly controlled and monitored by the government.
The Chinese Communist Party is willing to support these hacking groups because they can easily claim plausible deniability, they want to enhance their cyber warfare capabilities, and promote nationalism (admin). The ability to claim plausible deniability essentially means that because these hackers aren’t under the direct control of the government, they are effectively out of their control and can claim that they had nothing to do with any attacks. In order for the Chinese government to keep up to pace with the United States, they are using what is described as a “total nation” strategy meaning that by allowing the people to perform attacks on the enemies of China will ultimately help them win the continuous cyber war due to the sheer amount of attacks and complexity of some of them. Through the media, China promotes these patriotic hackers and praise them as heroes. In this method they are developing a strong sense of nationalism, which has become directly embedded in Chinese hacking culture. People feel a strong sense of pride and purpose when they feel like they can make change, especially when it comes to a political topic that they have strong beliefs about. It cannot go without saying that the Chinese government does face some drawbacks by promoting patriotic hacking. Some of these drawbacks come in the form of hindering intelligence operations. According to admin, in the 2001 “US-China” hacker war patriotic hackers destroyed data on United States web servers that the Chinese government could have been using for intelligence gathering operations. Incidents in the late 2000s such as attacks on Taiwan even led to the arrest of patriotic hackers and the shutdown of the Black Hawk Safety Net site, which was a place where over 170,000 patriotic hackers used to communicate. Despite these drawbacks, the promotion of hacking in China is ultimately beneficial in the race against the United States and the development of China’s cyberwarfare capabilities.
Hackers that anger the Chinese Communist Party or commit crimes when the government decides it is a crime call to mind the story from Modem Mischief in which the hacker, who was found to be guilty of multiple hacking related crimes in China, was ultimately recruited by the government to perform actual military operations. Promoting a strong hacking culture and one that is made up of mostly patriots can not only lead to the benefits mentioned above but can potentially lead to top tier recruits for the government cyber operations. In the early 2000s, as the community of people with advanced knowledge of internet technology was growing at an immense rate and China knew they could take advantage of this. Since 2002, the People’s Liberation Army has been establishing militia units directly within commercial firms and universities, which happen to be a large supporter and hub of hacking. One of the People’s Liberation Army goals from establishing these militias was to find “politically reliable” operators that already had advanced knowledge in computer network operations (Deweese 33). According to several media sources within China, the information warfare militia units, as they are described, were tasked with “offensive and defensive CNO and EW responsibilities, psychological warfare, and deception operations (Deweese 34)”. A militia group in Yongning County (Ningxia Province, Lanzhou Military Region) established in 2008 was tasked to “attack the enemy’s wartime networks according to the unit’s Website (Deweese 34).” Clearly this is a recruiting effort from the government and People’s Liberation Army to advance China’s cyber capabilities and have a watchful eye over the people that could potentially be within China’s hacking community.
According to Deweese, there is an obvious hacker and state co-op in play to develop China’s cyber capabilities and gain a tighter grip on smaller hacking groups or individuals to perform attacks on China’s enemies. There are even many cases where former independent hacking groups developed their own security firms. There is also concrete evidence that suggests that these firms are working directly with the government and were founded by prominent Chinese hackers. One security firm, NSFocus, is led by founding members of the Green Army Alliance, which used to be a hacker group from 1997 through 2000 (DeWeese 41). The Green Army Alliance was likely a patriotic hacking group that moved into the commercial sector to play a larger role directly within government cyber operations. Another group that operated under Black Eagle Honker Base, were hackers that formerly operated under a similar name before getting arrested by the Henan Provincial Public Security Bureau (DeWeese 42). After their return under the new name, they “vowed to focus its efforts on training people for the state and working to improve the state’s network security industry (DeWeese 42).” The story of this group is very similar to the story from the Modem Mischief podcast that was described earlier. China’s method to control these hackers is to either let them run free if their actions align with interests of the government and, if they don’t, to arrest them and force them to work for the state. China promotes the growth of a patriotic hacking culture through the media and universities in order to get the people to hack for the government on their own, which allows China to claim plausible deniability. Although there is certainly evidence of these cases were China takes in rouge hackers, it likely comes with a lot of risks.
Due to the risks that come with taking in hackers that could pose as potential risks for the government or tie the government to a hack on another country China recruits on a smaller scale. Evidence from hacking forum websites, such as EvilOctal, show recruitment posts from government public security research institutes. In these posts they are looking for individual people with the right skills rather than entire hacking groups (DeWeese 45). In other cases, DeWeese’s research suggests that the prominent hacking group known as Javaphile has a direct consulting relationship with the Shanghai Public Security Bureau and has even submitted security research for one of China’s top universities. Javaphile is a patriotic hacking group whose history of attacks include targets such as the White House (DeWeese 46). The open recruitment of hackers and hacking groups seems dangerous but is necessary for China to keep up and potentially surpass the United States in its hacking capabilities.
Overall, Chinese hacking culture is one that is very focused on free expression and the open sharing of knowledge but at the same time consists of a substantial number of patriotic hackers that are found in independent hacking groups, commercial firms, and in the military if they have been recruited. The culture thrives on the bolstering from the media, universities, and the government themselves. Clearly the Chinese hacking culture takes a lot of pride in performing attacks on China’s enemies and those that harm the people of China in any way. The Chinese Communist Party and People’s Liberation Army are taking advantage of their psychological control over the hacker community to essentially perform attacks for them without being tied to the attack in a way that could actually harm them. Keeping a loose leash on the hacking community is a double edged sword because there are criminals out there that do break China’s laws but the solution to this is to simply threaten these hackers with an extremely long sentence in jail or for them to agree to use their knowledge for the benefit of the state. Through China’s hacking community and the culture that has developed around it, China’s cyber capabilities are continuously improving and growing. From the inception of the Internet in China to the present day the Chinese hacking community is the top contributor to the advancement of the government’s military cyber capabilities and the greatest threat to the United States in the cyber domain.