Over the last 30 months, Chinese hackers have targeted Bloomberg News, Google, Hotmail, Yahoo, The New York Times and The Wall Street Journal — as well as the US Chamber of Commerce, then-Secretary of State Hillary Clinton and then-Chairman of the Joint Chiefs of Staff Mike Mullen.
And our policymakers still don’t realize the extent of the threat.
The Journal recently announced that its editors and reporters have been under systematic attack since last year, perhaps longer. It’s only the latest revelation of an ongoing cyber assault from China that’s becoming our nation’s top national-security challenge.
The threat’s been growing since 2004, when hackers originating in China went after various US military computer systems, including the Army Space and Strategic Defense installation.
In 2007, they got into the defense secretary’s e-mail system, forcing the shutdown of 1,500 separate Pentagon communication networks. Then they broke into the State, Energy and Commerce departments’ networks, making off with enough data — much of it highly sensitive — to fill every bookshelf in the Library of Congress.
In 2010, it was Google’s turn. In May 2011, defense contractor Lockheed Martin, maker of the super-high-tech F-35 fighter, announced it had been hacked. That year, the Gmail accounts of senior US officials like Clinton and Mullen were systematically worked over, almost certainly by hackers originating from China.
Retired US Army Lt. Col. Timothy Thomas is the go-to American expert on Chinese cyberstrategy; he’s been translating articles freely available from China’s military journals. Most important, he notes that the Chinese rarely even use the word “cyber”: Their term is “information war,” which doesn’t distinguish between cyber attacks and circulating disinformation, propaganda and other ways of influencing how people think — which is one reason they like to target ourmedia.
And these hackers aren’t just the estimated 5,000-plus cyber professionals who work for the People’s Liberation Army. Beijing also encourages much of the nation’s 340 million-strong online population to join in a cyber version of Chairman Mao’s People’s War — targeting Western Web sites and systems, military and commercial, classified and unclassified.
Chinese cyber experts at the Academy of Military Science (a sort of military MIT; we don’t have an equivalent here) know all you need to wage cyber-war is a computer, an Internet connection, time and patience — and the Chinese have plenty of all four.
Cyber-war guru Wang Xiadong even wrote in an essay widely circulated in Chinese military circles: “Since thousands of personal computers can be linked up to perform a common operation . . . an Information Warfare victory will very likely be deter
mined by which side can mobilize the most computer experts and part-time fans”— meaning civilians trained in the art of hacking.
And who can prove Beijing is responsible for someone operating from a roadside Internet café in Nanjing — or even out of a dorm room at the University of California?
Most important is that the Chinese goal isn’t simply to be set to pull off a massive Pearl Harbor-style attack that paralyzes the United States in the event of war, as many cyber-war experts here assume. It isn’t even exclusively about stealing military and commercial technology — although there’s plenty of that happening, as well (just ask systems engineers at Lockheed Martin and Boeing).
No, the point of “information war” is to influence American decision-makers, both civilian and military, in peacetime as well as wartime, to the point where — as one Chinese cyber expert has put it — it’s possible to “make enemy commanders make wrong decisions or even stop fighting,” or ignore an order to stop.
The ultimate nightmare might be a US B-2 bomber launching a missile at a US ship, because Chinese hackers have made him think it’s about to fire on him. Or it might be the peacetime equivalent — say, a director of national intelligence who doesn’t realize key parts of his threat assessments are being edited in Beijing instead of at Langley.
For China, cyber-war is total war. Dealing with it requires much more than just added firewalls, tighter access controls and more sensors that detect attacks as they happen.
It also means following the adage of the ancient Chinese strategist Sun Tzu: “Know your enemy” — and developing a national response that accepts those realities instead of ignoring them.
Arthur Herman’s latest book is “Freedom’s Forge.”