Americans have been bombarded for weeks by reports that the United States is engaged in a shadowy cyberwar against Chinese hackers. This has included warnings that Chinese digital spies have thoroughly infiltrated U.S. networks and that a national shortage of cyberprofessionals has put the country at a strategic disadvantage. All of that is true. But that doesn’t necessarily mean Washington isn’t snooping back. What can we learn about American intrusions into Chinese networks?
The Pentagon doesn’t talk much about its cyberoffense. To do so would risk giving away tactical knowledge — however insignificant — that foreign defenders might find useful. Still, as NPR’s Tom Gjelten reported last month, commanders have spoken publicly on occasion about their offensive activities. Stuxnet, the worm that sabotaged Iran’s nuclear centrifuges, is widely believed to be a U.S. cyberweapon. Now China says it has come under attack from American hackers.
According to China’s defense ministry, its website and China Military Online suffered as many as 144,000 “hacking attacks” from outside the country each month last year. Geng Yansheng, a ministry spokesperson, claimed that 62.9 percent of those attacks came from American IP addresses — the unique set of numbers that identify your computer to the Internet.
It’s obviously impossible to know whether Beijing is being honest about those figures. But if this is their way of accusing the United States of doing the same thing that they are — and that everyone should quit complaining — it’s a pretty weak defense. Even if we take their figures at face value (more on that next), there’s a big difference between knocking a website offline and penetrating a corporate network undetected so that you can steal trade secrets. The former involves very low stakes; anyone can do it, and the payoff is insignificant. Espionage and intelligence-gathering is all about the latter.
Sixty-three percent of China’s website hacks were traced back to the United States. But, just as it’s very difficult to prove with 100 percent certainty that recent cyberspying on American firms was the work of Chinese hackers and not, say, Russian or North Korean hackers routing their work through China, it’s equally hard to prove that the American government was responsible for the hacks going in the other direction. This is what’s called the attribution problem: All the circumstantial evidence points you to one culprit, but you can never know if you’ve fingered the right actor for sure. If the United States is retaliating against China with hacks of its own, website vandalism should be the least of Beijing's complaints.