New Chinese Cyberattacks: What’s to Be Done?

Starting last week, hackers foiled a handful of software providers that promote freedom of information by helping web surfers in China reach the open Internet. The attacks that drastically slowed the anti-censorship services of San Francisco-based GitHub and China-based emanated from computers around the world. Unbeknownst to their owners, attacking computers apparently were infected by code triggered by using the advertising or analytics tools of Baidu, China’s largest search engine—a company whose shares are traded on the NASDAQ exchange. Baidu has said it has found no security breaches and is working with other organizations to get to the bottom of the attacks. Have the latest cyberattacks, as some coverage has suggested, “weaponized” the computers of unsuspecting global netizens? What should governments, businesses, and individuals do about this apparent spread of China’s official command-and-control vision of the Internet beyond its borders? —The Editors


Wednesday, April 1, 2015 – 6:01am

Steve Dickinson

Steve Dickinson is an Attorney with Harris & Moure, a boutique international law firm. The bulk of his practice is with foreign companies that do business with China. He works primarily with factories, fish plants, and farms that lie outside of Beijing and Shanghai. He conducts business primarily in Chinese and has lived in China for years.He has lectured in Chinese at the University of Beijing School of Law and the Shanghai Bar Association. He is a frequent speaker throughout the United States and in China (both in English and in Chinese) on various issues relating to International, Chinese, Japanese, and United States law. He also co-authors the China Law Blog.Dickinson received a B.A., summa cum laude and Phi Beta Kappa, in Chinese Language and Literature from the University of Washington and a J.D. with honors from the University of Washington School of Law.

The Chinese have already weaponized the Internet. They assume that everyone else has done the same thing. China does not see the Internet as a benign force. They see the Internet as a weapon aimed at their heart. It is therefore completely natural that they will respond to what they see as threats directed at China that originate on the Internet.

One method they will use for protection is to create a Chinese sovereign Internet. Within China, the Internet will be entirely in the control of the Chinese authorities. This is a Balkanization of the Internet. The Chinese authorities understand this and welcome the result.

The problem for the Chinese is then is what to do about attacks against China that come from outside of the borders of China. They have a two-prong policy. First, the Great Firewall will block access to China. This is the primary strategy. Second, where the Great Firewall is not effective, China will strike back, using the open Internet as a weapon. This is exactly what is happening in the current GitHub denial of service attack.

Officials of the Chinese government and their academic advisors believe that their actions are completely justified. Every country has a right to self-defense and China is simply exercising that basic right. For this reason, cross border discussions asking the Chinese to stop this practice will fail. That is, this kind of attack is not an example of malicious hacking. From the Chinese point of view, it is legitimate self defense.

So what can be done? There are three basic strategies:

  1. Submit to the will of the Chinese and remove all content that the Chinese see as a threat to their interests.
  2. Understand the threat and install countermeasures specifically designed to deal with the threat from China and other countries with a similar basic approach.
  3. Attack back, understanding that cyber-war is still war and that any counter-attack may result in unanticipated consequences: more extreme damage, blowback, collateral damage, and the like.

Since no one in the U.S. has made any effort to understand the Chinese position, no one is publicly taking any steps that are likely to have any practical impact. I therefore expect that capitulation will be the most common response. Capitulation is fine when you are small and weak. Capitulation is humiliating when you pretend otherwise.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s