The TechCrunch Global Affairs Project looks at how the digital industry and global politics becoming increasingly entwined. On behalf of China, criminals have a long history of committing cyber espionage. Many of China’s espionage activities carried out by criminals turned government hackers who protected from punishment because of their association with the Ministry of State Security (MSS).
This is not a new phenomenon, as alarming as it may appear. According to a US Department of Justice, indictment announced this year, two Chinese hackers engaged in simultaneous unlawful espionage operations as long back as 2009.
APT41, a different cohort of MSS hackers, allegedly began as a criminal organization in 2012 and switched to concurrently executing state espionage from 2014 onwards, according to FireEye, a cybersecurity firm. However, there is reason to assume that China has been preparing the basis for change since then.
China has been able to replace hired criminals with new blood from colleges thanks to a series of regulations that began in 2015. The CCP’s initial initiative, launched in 2015, was to standardize university cybersecurity degrees, drawing on the National Initiative for Cybersecurity Education, a NIST framework for enhancing the US talent pipeline.
China announced the establishment of a new National Cybersecurity Talent and Innovation Base in Wuhan a year later. With all of the Base’s components together, it can teach and certify 70,000 individuals in cybersecurity each year.
In a similar vein, China’s Central Cyberspace Administration announced an award for World-Class Cybersecurity Schools in 2017, a program that currently certifies eleven schools, similar to how some US government agencies certify universities as Centers of Academic Excellence in cyber defense or operations. However, having a new pool of talent that not polluted by illicit behavior is not enough to convince China to modify its operating strategy.
President Xi’s political aim of combating corruption also closely connected to efforts to professionalize state hacking teams. The danger officials take by enriching themselves with government resources demonstrated by Xi’s recent purging of China’s state security forces. The sort of profiteering conduct that Xi has targeted in his anti-corruption effort is patronage links between contract hackers and their controllers.
Officers directing activities that generate international ire or foreign criminal prosecutions are liable to turned in by rivals in an increasingly harsh atmosphere. Internal investigators may place officials under house arrest in “black prisons.” As they filter out corrupt officials and recruit hackers directly, China’s security agencies will end their partnership with underground hackers. The ramifications of these steps imply that by the end of the decade, the Chinese hackers that the world’s corporations and intelligence services are used to fighting will be substantially more professional.
China will act differently than it does now if it becomes more capable. The Ministry of Public Security has supported certain cyber criminals’ Chinese operations, despite the challenges they bring, since it relies on illegal hackers to disguise its criminal and espionage activities.
Because government espionage is recognized conduct in international relations, China’s security services will discover that they can transfer these activities in-house if illegal behaviour is no longer the standard. As a result, China’s Ministry of Public Security may carry out more cyber-crime operations.
Analysts should keep an eye out for an increase in these internal-focused anti-crime activities, since this might signal a shift in operational techniques. As the list of targeted countries and entities grows, this change in Chinese cyber capabilities will felt throughout the world. As the number of state hackers grows, espionage goals that have languished towards the bottom of the list are likely to gain additional attention. Because China’s cyber teams are already on par with the finest, these attacks will not be more “advanced” than previous operations. They, however, grow increasingly common.
We should expect a reduction in cybercrime done by contract hackers and others tied to the state over the coming decade as China’s security-backed hacking loses its criminal sheen.
However, this shift away from thuggery will accompanied by an increase in espionage and theft of intellectual property. China’s dependence on criminal hackers would appear, in retrospect, to be a relic of the old MSS – corrupt and even inept.
While the transition will be slow, some markers, such as rumors of security service crackdowns or news of missing or indicted criminal organizations, should expected. We may anticipate a growing separation of technological signs between recognized criminal and spy hacking teams over time.
However, while espionage is legal, policymakers in the United States must continue to prioritize cybersecurity across government agencies, the defense industrial base, and critical infrastructure operators. In August 2021, the White House rallied NATO allies on cyber strategy and identified 500,000 vacant cybersecurity positions.
The National Security Agency, for its part, established the Cybersecurity Collaboration Center earlier this year to improve systemwide cybersecurity. Competitions like CyberPatriot already used in the United States to encourage students to enter the well-developed cybersecurity talent pipeline.
Creating new initiatives to encourage job retraining through community colleges that accredited in cyber protection would not only use current resources, but also it would also draw new students who missed the K-12 pipeline the first time around. Above all, policymakers must maintain their vigilance. The fact that China is using fewer criminals does not imply the threat has vanished; rather, it has evolved. To face the threat posed by China’s next generation of hackers, the US government should be prepared carefully evaluate the whole spectrum of choices.