Starting last week, hackers foiled a handful of software providers that promote freedom of information by helping web surfers in China reach the open Internet. The attacks that drastically slowed the anti-censorship services of San Francisco-based GitHub and China-based GreatFire.org emanated from computers around the world. Unbeknownst to their owners, attacking computers apparently were infected by code triggered by using the advertising or analytics tools of Baidu, China’s largest search engine—a company whose shares are traded on the NASDAQ exchange. Baidu has said it has found no security breaches and is working with other organizations to get to the bottom of the attacks. Have the latest cyberattacks, as some coverage has suggested, “weaponized” the computers of unsuspecting global netizens? What should governments, businesses, and individuals do about this apparent spread of China’s official command-and-control vision of the Internet beyond its borders? —The Editors
Wednesday, April 1, 2015 – 6:01am
The Chinese have already weaponized the Internet. They assume that everyone else has done the same thing. China does not see the Internet as a benign force. They see the Internet as a weapon aimed at their heart. It is therefore completely natural that they will respond to what they see as threats directed at China that originate on the Internet.
One method they will use for protection is to create a Chinese sovereign Internet. Within China, the Internet will be entirely in the control of the Chinese authorities. This is a Balkanization of the Internet. The Chinese authorities understand this and welcome the result.
The problem for the Chinese is then is what to do about attacks against China that come from outside of the borders of China. They have a two-prong policy. First, the Great Firewall will block access to China. This is the primary strategy. Second, where the Great Firewall is not effective, China will strike back, using the open Internet as a weapon. This is exactly what is happening in the current GitHub denial of service attack.
Officials of the Chinese government and their academic advisors believe that their actions are completely justified. Every country has a right to self-defense and China is simply exercising that basic right. For this reason, cross border discussions asking the Chinese to stop this practice will fail. That is, this kind of attack is not an example of malicious hacking. From the Chinese point of view, it is legitimate self defense.
So what can be done? There are three basic strategies:
- Submit to the will of the Chinese and remove all content that the Chinese see as a threat to their interests.
- Understand the threat and install countermeasures specifically designed to deal with the threat from China and other countries with a similar basic approach.
- Attack back, understanding that cyber-war is still war and that any counter-attack may result in unanticipated consequences: more extreme damage, blowback, collateral damage, and the like.
Since no one in the U.S. has made any effort to understand the Chinese position, no one is publicly taking any steps that are likely to have any practical impact. I therefore expect that capitulation will be the most common response. Capitulation is fine when you are small and weak. Capitulation is humiliating when you pretend otherwise.
TEXT: CHINA FILES