China’s ‘Code War’ attacks on US internet titans

Online security researchers say Beijing has launched major cyber strikes against American IT giants eyeing its market.

China Internet
China''s cyber army is strengthening the 'Great Firewall' that encircles the country's 649 million netizens [Kevin Holden/Al Jazeera]

Beijing, China – As China creates one of the globe’s leading cyber armies, it is stepping up hacking attacks on American internet leaders Google, Apple, Yahoo and Microsoft, online security analysts say. 

These massive attacks are part of Beijing’s campaign to fortify the “Great Firewall” that encircles the country’s 649 million netizens and strengthen the ability to spy on all web-based communications.

Google has headed Beijing’s blacklist of cyber enemies since it halted censorship of internet searches conducted via its Google China site, and China’s virtual army recently completed a total blockade on access to Google’s search engine and Gmail across the People’s Republic.

Now, Chinese hackers are intensifying assaults on e-mail systems operated by Microsoft, Yahoo and Apple, which have all been allies of China’s rise into the planet’s biggest platform of internet users, according to online monitoring group 

The founders of GreatFire, which has been at the forefront of investigating Chinese government blocks on websites worldwide and its ever-expanding hacking operations, say in Apple’s case, advanced encryption technology introduced in the new iPhone 6 impelled Beijing to preemptively hack into the devices of new users to tap their online communications.

Teams of hackers staged “man-in-the-middle” attacks on Chinese iPhone users, deploying servers disguised as Apple’s iCloud system to intercept passwords and messages, said GreatFire co-founder Percy Alpha. 

Apple leader Tim Cook was so alarmed by the attack that he jetted into Beijing to ask the Chinese leadership to help halt the hacking operation, said Alpha.

High level involvement?


by ”Erik

were most likely either directly involved with assisting the attack, or at least aware of the attack since critical changes would have to be made to their network routing infrastructure.”]

Erik Hjelmvik, a researcher at the Swedish internet security firm Netresec, said an intricate analysis of the iCloud attack conducted by Netresec revealed,”The attacks are being performed on backbone networks belonging to China Telecom as well as China Unicom.” 

The leaders of both of these Chinese government-run telecom giants “were most likely either directly involved with assisting the attack or at least aware of the attack since critical changes would have to be made to their network routing infrastructure”, he said. 

“The fact that identical attacks were carried out simultaneously on the China Telecom and China Unicom networks indicates that this was a coordinated operation, carried out by an organisation or agency with authority to interfere with network traffic.”

GreatFire’s founders said the battle plan for the iCloud intercept operation was most likely drafted by Lu Wei, China’s new internet czar.

Lu was appointed to head the new Cyberspace Administration of China by Chinese Communist Party chief Xi Jinping, and is likewise on the inner party’s new internet security commission headed by Xi. Lu’s third crown comes from his leading position in the CCP’s Central Propaganda Department, said GreatFire co-founder Charlie Smith.

Attacking America’s search engines

While secret cables sent from the US Embassy in Beijing, published by WikiLeaks, revealed the initial round of Chinese attacks on Google was orchestrated by the CCP’s ruling Politburo, Smith said the latest hacker invasions of Google, Apple, Microsoft and Yahoo are being masterminded by Lu, with the Politburo’s approval.

Alpha added that highly organised hacking attacks originating from the well-guarded backbone of the Chinese internet have been staged six times over the past two years against targets, including the leading American search engines.

These digital strikes, GreatFire’s co-founders said, are aimed at establishing Beijing’s absolute authority, or “Cyber Sovereignty,” over all Internet operations within Chinese borders.

Cyber czar Lu, they added, has the power to determine everything from which websites to block to which IT systems need to be stealthily invaded to strengthen the surveillance state. 

China’s blacklist of websites, which includes The New York Times and the BBC, Dropbox and Instagram, Facebook and YouTube, currently bars at least 48,000 sites operated around the world, Alpha said.

Following the intricate Chinese hacking operation against iCloud, Apple issued a worldwide security warning acknowledging it had discovered “organized network attacks” on iPhone users, but curiously did not identify China as the source of those attacks.

“Tim Cook has said China will soon be the largest market for Apple products,” said Alpha. 

Paying the price

Apple, like other Western internet titans that aim to ride China’s rise as an economic superpower, is likely under tremendous pressure to tolerate these “organized network attacks” as part of the price of remaining in the Chinese market, he added.

Foreign IT players who want to operate in China are forced to sign agreements that require compliance with Beijing’s internet censorship regime, said Hosuk Lee-Makiyama, a legal scholar who co-heads the Brussels-based European Centre for International Political Economy.

The only American internet giant to publicly renounce cooperating with China’s censors so far has been Google, which also identified “the Chinese government or its agents” as being the masterminds of a sophisticated attack on Google’s central servers.

Google has since issued a position paper calling on American and European government leaders to launch an action with the World Trade Organization to enforce the group’s rules on the free flow of information globally.

“We would strongly encourage US legislators to consider implementing censorship-related legislation that would be similar to the Foreign Corrupt Practices Act but for censorship controls,” said Smith.

 Soft power?

This prohibition on cooperating in Beijing’s censorship system could protect US-listed corporations operating in China by mapping out clear boundaries on permissible practices, he added.

Meanwhile, apparently irate over GreatFire’s ongoing exposure of Beijing’s cyber surveillance and hacking activities, the Cyberspace Administration of China recently branded the group’s founders as “overseas anti-China forces” engaged in “groundless slander”.

The leaders of the tiny but defiant GreatFire replied with an online “Open Letter to Lu Wei and the Cyberspace Administration of China” that underscored the group has published solid evidence on all of the Chinese hacking manoeuvres it reported.

“We are not anti-China but we are anti-censorship in China,” GreatFire said. “We are here to watch what you are doing … and we are encouraging netizens and companies alike to fight against the Great Firewall and Chinese internet censorship in general.”

Smith said in an interview with Al Jazeera: “We take issue with being labeled anti-China. All three co-founders [of GreatFire] have very close relationships with China.

“We just don’t love these overbearing censorship restrictions, we have a plan for getting rid of them, and we are putting our plan into action,” he added.

Plausible deniability

Franz-Stefan Gady, a global cybersecurity expert at the EastWest Institute, said when confronted over mounting cyber assaults on Western IT outfits, “China often hides behind a veil of plausible deniability by accusing domestic hackers of having gone rogue.”

Yet he noted that Beijing has never arrested a single hacker accused of joining these escalating assaults.

Five members of a secret People’s Liberation Army hacking base in Shanghai were charged with attacking American corporations in a US Department of Justice criminal indictment issued last May, but Beijing balked at extraditing them. Senator Charles Schumer has since called on Washington to launch a parallel WTO action against China.


Earlier this month, China was accused of hacking into US health insurer Anthem Inc’s network and stealing personal data on as many as 80 million of its clients. China denied any involvement.

“The US side should not make groundless accusations against China,” said Hong Lei, a spokesman from China’s Foreign Ministry. “It is unreasonable to make an accusation without enough evidence.”

On Friday, President Barack Obama said private industry and the government must cooperate to tackle the threat of foreign government cyber attacks. 

“The cyber world is the Wild Wild West – to some degree we’re asked to be the sheriff,” Obama said.

Last week, while unveiling the new Cyber Threat Intelligence Integration Center, one White House aide said cyber strikes against US targets are being launched worldwide.

“At the state level, threats come from nations with highly sophisticated cyber programmes, including China.”

Source: Al Jazeera