It’s been a busy couple of weeks in the world of cyber security, and it’s been a period that defines the discussion in new ways. Not only did the New York Times directly accuse the Chinese military of hacking activity, the US government released a legal review of its cyber policies which included the ability to order a pre-emptive strike. The two aren’t directly related, but it’s hard to ignore the coincidence of both revelations in the same week, with the stakes in the cyber world being raised yet again.
Over the past decade it’s been hard to escape reports of Chinese hacking of government and private sector computer systems. What makes the New York Times’ hacking worth further examination is the directness and detail of the accusations and what the NYT stands to lose as a business.
To recap, the NYT had been subject to sustained hacking for four months, beginning after the paper published a story in October last year regarding Wen Jiabao’s relatives accumulating several billion dollars through various business dealings during his time in power. The release of this story led to the Chinese government blocking access to the newly launched (June 2012) NYT Chinese language site, and censoring searches for the paper online. In addition, telecommunications company AT & T informed the NYT that it had noticed behaviour ‘consistent with other attacks believed to have been perpetrated by the Chinese military’. It’s not known how the hackers initially accessed the systems, but a ‘spear-phishing’ attack, (an email with an inconspicuous attachment which contains malware) is suspected. The various details of the hacking process are fascinating to read.
Akin to a collective sigh of relief amongst the US media community that someone was opening the door to their shared problems, Bloomberg, the Wall Street Journal and the Washington Post all admitted to similar hacking incidents related to stories they published on Chinese politicians, political and legal issues in China and the state-owned telecom giants Huawei and ZTE.
This story is going to make life difficult for the NYT’s Chinese language enterprise, which was established just last year with 30 newly-hired staff. Not only are Western companies reluctant to make such announcements due to possible negative publicity and lowering of shareholder confidence but also the because of the risk of antagonising the Chinese government.
The NYT’s investment is considerable: in an increasingly crowded global media market that’s seen as the holy-grail for western media firms, the Chinese population is a relatively untapped opportunity. But it comes at a high price, as Rupert Murdoch discovered, having attempted for twenty years to create a fully global media empire by courting senior leaders within the Chinese government in order to create a satellite network which would be fully accepted by the Chinese public. In August 2011, News Corporation sold its controlling stakes in three of its Chinese television channels. Also, operating media sources in China isn’t without its costs—it’s a case of be careful what you say as the censors are watching. However, change is slowly progressing, demonstrated by the week-long stand-off between Chinese journalists at the Southern Weekend newspaper and their state censors.
In many respects this incident mirrors the international debate currently raging regarding global governance of the internet. As I’ve previously explored, there’s a risk that Chinese and Russian pressure will steer the negotiations on governance towards tight regulation of the internet and its users. For the media, tighter regulation means increasing governmental influence and control of messages, including media sources. The private sector needs to have a voice in the discussions—as the NYT case shows, they’re being targeted more and more frequently. And not only do they need to be able to understand the threats, but have to assist in shaping and influencing the international dialogue and policies being developed.
It seemed like calculated timing on behalf of the NYT (or indeed the US Government) to release a story about a secret legal review of US approaches to the use of offensive cyber attacks some three days after the revelations about the hacking of the NYT’s systems. Yet the message was stark: US officials determined that the cyber weapons at their disposal ‘were so powerful that—like nuclear weapons—they should be unleashed only on the direct orders of the Commander in Chief, and that pre-emptive strikes should be allowed if the US detected credible evidence of a major digital attack coming from abroad, however difficult it may actually be to assess imminent threats in cyberspace.
How China views this review is yet to be seen, but indications of their irritation at being caught has been illustrated by their own claims of US sourced hacking on Chinese systems. It’ll have surely raised a few eyebrows in Beijing and beyond. There’s no doubt that the stakes are being raised ever higher in cyberspace, and more than ever constructive dialogue is required before escalation produces some unwanted consequences for all involved.
Tobias Feakin is a senior analyst at the Australian Strategic Policy Institute. Image courtesy of Flickr user Dillsnufus.