chinese cyber attacks

Chinese Cyber Attacks from behind the Great Firewall

Jun 14, 2016 By Paul Curran

“All of this suggests that, from China’s view, a global conflict is already underway-in the world of cyberspace.” -Dean Cheng, Chinese Security Expert at the Heritage Foundation, in 2010, in response to nearly a decade of daunting cyber provocations from China.

These provocations heightened with the 2003 establishment of “information warfare units in the People’s Liberation Army (PLA) and the 2004 prioritization of using information to fight and win wars. In 2009, this trend continued with the infection of the cyber-espionage effort “Ghostnet” in over 100 countries and, perhaps the most disturbing, the diversion of almost 15% of global internet traffic through Chinese servers for 18 minutes in early 2010.


Accusations of cyber-espionage have been leveled against China from companies and governments in Australia, Canada, India and the United States and, in late 2015, the US and Chinese Presidents met at the Whitehouse to declare a “cyber-truce.”


One of the outcomes of this agreement was the creation of a “cyber crime hotline” which would allow parties in both governments to communicate throughout cybercriminal investigations and hopefully put an end to the American military’s fear of a crippling “cyber-Pearl Harbor.”

Chinese Cyber Attacks

Barak Obama and Xi Jinping after meeting to discuss issues of cyber security.
Photo credit: USA Today

While this meeting was a great photo-op for Barak Obama and Xi Jinping, the meeting raised more questions than it had answered. For instance, when it comes to cybercrime coming out of China, it is very difficult, and often impossible, to determine if a Chinese cyber attack comes from a state-sponsored entity because of the shadowy nature of the entities involved in international cyber-espionage.


In late December 2015, China admitted that the massive Office of Personnel Management (OPM) data breach was carried out by Chinese hackers. In this attack, 22 million records of government employees were leaked in this breach and highly sensitive documents may have also been compromised. The hacked data included full names, addresses, social security numbers, fingerprints and classified background information.


This was the first admission of this kind by China and led to the arrests of a number of hackers in China, but the question of whether or not this attack was state-sponsored remains.


A Record of Chinese Cyber Attacks on the United States

The line between cybercrime and cyber warfare is becoming increasingly blurry, especially with the increasing difficulty to accurately differentiate state and non-state actors. Perpetrators that have honed their hacking skills by stealing blueprints from American businesses can use that expertise to steal the sensitive blueprints of almost every major American weapons system. An intelligence report by Mandiant estimates that more than 100,000 cyber spies operate under the control of the People’s Liberation Army (PLA) and under the clear direction of the Chinese Communist Party.


The malicious parties, whether they are state sponsored or not, keep adapting to the heightened cyber security measures put into place by various departments within the American Department of Defense (DoD).


At first, attackers would attack the DoD at the Pentagon itself until their defenses were hardened. After that, attackers would focus on the military’s prime contractors until they hardened their security systems. This trend continued with the army’s prime contractors being attacked until they upped their defenses which led to attacks being aimed at foreign contractors of the US military.


The consequences of Chinese cyber attacks can be traced back all the way from the Clinton administration, through Bush’s time in office all the way to, and through, Obama’s two terms. The IP crimes against American commercial and military targets helped enhance and, literally, launch Chinese ICBMs in the late 1990s, the attacks led to top-secret stealth components of the F-35 Joint Strike Fighter being included China’s new J-20 fighter jet and today, America’s stolen drone technology keeps making appearances in China’s latest unmanned aerial vehicles.


International Chinese Cyber Attacks:


May 2013 –  ABC News reported that a cyber attack originating from a Chinese server had stolen the blueprints for the new Australian Security Intelligence Organization (ASIO) headquarters. These blueprints would have given the hackers the ability to figure out the wiring diagrams and deduce which rooms within the building would hold the most sensitive conversations. Once identified, the malicious parties could then work on trying to place listening devices within these sensitive rooms.



January 2011- Chinese hackers were able to access top-secret federal information and succeeded in forcing the two main economic nerve centers of the Canadian government, the Finance Department and Treasury Board, off the internet.


Experts, including former Canadian Security Intelligence Service (CSIS) intelligence officer Michel Juneau-Katsuya attribute the attack to what are known in China as “patriotic hackers,” who can have loose connections, and support, from the Chinese government. This hack was an example of an “executive-spear phishing attack” where government employees would have opened an innocent memo attached to an email which would have spread a virus amongst the computer network. Once on the loose, this virus would seek out sensitive information and send it back to the hackers.


Boots on the Ground versus “bytes in the air”

In the next major global conflict, it is clear that information warfare will play a major, if not deciding, role. To many researchers, the Chinese cyber attacks seen over the last decade have been tests to determine the extent of damage that is possible. A first strike scenario in a future war could involve all vectors of attack, from targeting civilian infrastructure and electricity grids to diverting forces and recalculating weapons systems and satellites. In an extreme scenario, malicious parties could even turn a nation’s own weapons against it.


With the increase of expertise and attacks perpetrated by Chinese state and non-state actors, it’s crucial to have your applications secure against all threats, attack vectors and vulnerabilities. For any organization, from governmental to civilian, it’s crucial to both educate all members against threats from social engineering and be sure that all applications are fully protected against any malicious threat. The best way to ensure that your software development lifecycle (SDLC) is secure is by integrating source code analysis at all stages.


To read about the threats involved with the race to make a “smart military,” using the Internet of Things (IoT), be sure to read Hack My Army.

The following two tabs change content below.

Paul Curran

Content Specialist at Checkmarx
With a background in mobile applications, Paul brings a passion for creativity reporting on application security trends, news and security issues facing developers, organizations and end users to Checkmarx's content.

Latest posts by Paul Curran (see all)

Stay Connected

Sign up today & never miss an update from the Checkmarx blog

Get a Checkmarx Free Demo Now

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.