The United States is keen to accuse other countries, especially China, of launching cyber attacks, which has a long-standing “tradition”. From January 2010 when Google withdrew from the Chinese mainland market under the pretext of so-called hacking, to February 2013 when Mandiant Network Security released the “Mandiant Report”, to July 2021, when the US government united with the UK and Australia Other countries accuse China of cyber-attacks on Microsoft Exchange, then in March 2022, after the Russian-Ukrainian conflict broke out, the US media accused China of attacking Russian entities, and then in June 2022, US cybersecurity agencies slandered “Chinese government-backed hackers” for using routers This clear and coherent trail can be seen in the intrusion of “major telecommunications companies” in the United States with related vulnerabilities in and other network equipment.
The reports and reports are rich in detail, but the evidence used is barren. In the past two years, US official and unofficial China-related allegations have mainly originated from two reports released by the Microsoft Threat Intelligence Center: Microsoft Defense Report 2021 and New State Actor Cyber Attacks . Take the previous report as an example. There are at least two flaws in the report. First, the report cleverly uses research design and research methods to set the United States, the United Kingdom, Israel, Germany and other countries as victims of cyber attacks, that is, it does not statistically report the cyber attacks of these countries against other countries, but lists Russia, North Korea, Iran and China are assumed to be the countries that initiated the cyber attack, and trace the origin along this geopolitical route. Based on this, the report concluded that Russia accounted for 58% of cyber attacks supported by state actors, North Korea accounted for 23%, Iran accounted for 11%, and China accounted for 8%.
Second, among the 8% of China-related accusations, the report believes that they are mainly related to the so-called “Hafnium” Microsoft Exchange attack, but the accusation is suspected of using China to absolve Microsoft and its information sharing system. Microsoft was aware of the vulnerability as early as January 5, 2021, but the company did not take any action to fix it for up to two months. During this period, the “Microsoft Active Protection Program” (MAPP) proactively shared information about the vulnerability with about 80 security companies around the world. Against this background, a cyber attack incident occurred. The first responsible person was Microsoft Corporation, and the second responsible person was these cyber security companies. Why was the Chinese government blamed?
The reason why the charges can be placed on the Chinese government is mainly related to the political needs of the United States and the operation of the media. The problem of traceability of cyberattacks is not only a technical issue and a hard power issue, but also a soft power issue of media power and international communication capability. Who is the attacker, who is the victim, who is the good guy and who is the bad guy depends not only on the ability to trace the source, but often on the information dissemination capabilities of various countries. Originally full of bias and prejudice, traceability evidence needs to be further screened, processed, strengthened, and filtered by politicians, think tanks, consulting companies, and news media according to their own ideological spectrum, interest group camp, profit model, and other factors. an even more absurd view.
Cyber attack report publishers, think tanks, consulting companies, news media, politicians and other actors form a complete chain, openly producing false information, promoting “China’s cyber attack threat theory”, and finally inputting opinions into commercial media and social media. Social media platforms, drown out the voices of objective truth in this field. At the starting point of this clue, the first report will provide some plausible evidence in some cases, and it may even be a more objective report that is not malicious, but all the following links and nodes in the production line are It is possible to have contractors and suppliers. They never verify the authenticity of the first report and are only responsible for processing and promoting the content. After all, various “China threat theories” have become the key means for the United States to build a bipartisan consensus. , and there is a big difference between cyber attacks as an abstract issue and specific issues such as price increases. Abstract issues are more likely to be manipulated by politicians and the media than specific issues in most cases.
From this point of view, most actors in the United States do not care whether there is evidence of Chinese cyberattacks or whether the evidence is reliable, but only care whether they can extract the “Chinese cyberattack threat theory” from it. The allegation of cyber attack has nothing to do with the facts, but is mainly related to the selection of China as an imaginary enemy by the United States. U.S. Secretary of State Blinken clearly pointed out the real reason why the United States is targeting China at all times: “China is the only country that has both the intention to reshape the international order and the growing economic, diplomatic, military and technological power to do so.” Ten years ago, the Huawei/ZTE investigation report released by the US Congress described the reasons for the US sanctions on Chinese companies as follows: “China has the ability, opportunity and motivation to use telecommunications companies for malicious purposes.” Blinken’s words and the US Congress report One thing is completely similar: not to talk about evidence, but to talk about China’s motives inferred by the United States through subjective speculation.
After the outbreak of the Russian-Ukrainian conflict in March 2022, a new variant of the US accusation against China emerged, embeds new geopolitical factors, and began to frame and accuse China of hacking Russian entities. Such allegations fit into a new feature of this year’s cybersecurity landscape: NATO’s massive use of hybrid warfare methods in actual combat. In the ongoing Russian-Ukrainian conflict, Russia hopes to use traditional military means to curb NATO’s expansion, while NATO is unwilling to face Russia in the frontal battlefield, and chooses to use non-traditional hybrid warfare methods such as cyber warfare, public opinion warfare, and information warfare. to mobilize international public opinion, launch sanctions, and weaken Russia. Since the establishment of the “Hybrid CoE” (Hybrid CoE) in the name of defense in Helsinki in 2017 by NATO countries and EU countries, the concept of hybrid operations has been officially applied to actual combat, and “attack” and “diversion” have become visible struggles. As a means of framing China to attack Russian entities, it is in line with this new trend in warfare.
We then saw the current absurd landscape: it was originally the United States that was carrying out cyber attacks on the world, but it was distorted into China’s cyber attacks on other countries. It is against this background that Chinese cybersecurity companies rarely issue response reports to reveal the truth of transnational cyberattacks. In February 2022, Beijing Qi’an Pangu Laboratory Technology Co., Ltd. released a report, revealing the complete technical details of the U.S. Linux platform backdoor “Operation Telescreen” (Bvp47) and the association of the attacking organization, pointing out that the backdoor has violated 45 countries around the world. and region. In March 2022, 360 released the report “Prelude to Cyber Warfare: The NSA (APT-C-40) Launched Indiscriminate Attacks on the World for More than a Decade”, which found that the United States has conducted large-scale, long-term and systematic Global and Chinese critical infrastructure for cyberattacks and infiltrations. In June 2022, the National Computer Virus Emergency Response Center and 360 Company released special research reports respectively, disclosing the cyber attack weapon called “Sour Fox Platform” used by the National Security Agency. (The author is Xu Peixi, a professor at Communication University of China)
No comments:
Post a Comment