By Tang Qiaoying, Zhang Xinzhi
Recently, in response to the cyberattack incident on the Wuhan Municipal Emergency Management Bureau's Earthquake Monitoring Center, a joint investigative team composed of the National Computer Virus Emergency Response Center and 360 Security has made significant progress. They have discovered backdoor malicious software that exhibits characteristics associated with US intelligence agencies.
The investigative team has pointed out that this US action aims to steal earthquake monitoring-related data and has clear military reconnaissance objectives, posing a severe threat to our country's cybersecurity and national security. The aforementioned incident is just the tip of the iceberg of the US' large-scale global network monitoring and espionage activities. The US, known for its double standards and hypocrisy, represents the greatest threat to the strategic stability and peaceful development of global cyberspace.
The US is the full-fledged surveillance empire through extensive cyberattacks
The US has repeatedly carried out cyberattacks against China, systematically stealing critical data, thereby posing a grave threat to China's national security and public interests. According to a report from China's National Computer Virus Emergency Response Center, during the first half of 2021, the majority of captured samples of malicious computer programs in China originated from the US, accounting for 49% of the total. In March 2022, Chinese cybersecurity firm Qihoo 360 Technology Co. Ltd.uncovered a decade-long cyberattack campaign by the US National Security Agency (NSA) targeting leading Chinese enterprises. In June 2022, the National Computer Virus Emergency Response Center and 360 Security revealed US cyberattacks against China using the "SourFox Platform". In September 2022, these organizations released an investigative report exposing over a thousand instances of cyberattacks conducted by the US Central Intelligence Agency's (CIA) Office of Tailored Access Operations against Northwestern Polytechnical University.
Meanwhile, the US, self-proclaimed as "human rights defenders," has conducted extensive global cyber espionage operations. For instance, since 2020, Danish media have repeatedly exposed the US' use of technological advantages to engage in data espionage against European countries, including Denmark, Sweden, Norway, Germany, France, and the Netherlands, monitoring the communications and text messages of various countries' political leaders. The US has also exploited technological backdoors to steal intelligence information from its business partners. An example is the covert manipulation of the Swiss encryption device supplier, Crypto AG, by the US and former West German intelligence agencies since the 1970s to obtain classified intelligence from 120 countries, including Iran, Saudi Arabia, India, Italy, the ROK, and many others.
The US deployment of offensive cyber operations marks it as the instigator of cyber warfare.
In recent years, the US has embraced operational concepts such as "preemptive defense,""persistent engagement," and "hunting forward ", and openly deployed offensive cyber operations globally. It has shifted the battleground of US cyber operations closer to China's periphery, with the aim of dragging the world into the quagmire of cyber warfare.
On the one hand, the US has been expanding its cyber forces and accelerating the development of offensive cyber capabilities. The US Cyber Command has introduced the principles of "preemptive defense" and "persistent engagement" into cyber warfare and, since 2022, has released multiple documents to intensify the cyber arms race.
On the other hand, the US has been conducting "Hunt Forward Operations (HFOs)" cyber operations in collaboration with its allied cyber forces. The US Cyber Command actively seeks cooperation with international allies to support the Cyber National Mission Force (CNMF) in conducting HFOs worldwide, pushing the location of cyberattacks closer to the "source of attack". To date, nearly 40 HFOs have been executed globally, primarily targeting countries like China and Russia for threat detection and monitoring. Additionally, the Biden administration is further strengthening technical cooperation with the ROK and Japan, planning to leverage the advanced cyber capabilities of these two nations to enhance the continuity of HFOs.
The US has long manipulated the issue of cyberattacks on the international stage
In the absence of a consensus on rules for cyber operations in the international community, the US has sought to "legalize" offensive cyber actions by establishing a legal framework for its cyber operations through collaboration between the US Congress and executive branches. This framework supports the "preemptive defense" strategy and includes providing both regular and special military authorizations for cyber military actions, as well as exempting cyber operations from congressional oversight through the classification of these operations as secret actions.
Despite engaging in offensive cyber actions, the US refuses to acknowledge its wrongdoing and, instead, utilizes media outlets and think tanks to make baseless accusations against other nations, alleging infringement on American interests. Some think tank reports, by citing so-called "reports", have become hubs for disseminating false information. The notorious "Clean Network" program employs tactics of tarnishing others without evidence, propagating the so-called "backdoor surveillance theory" and "China threat theory," thus creating a farce akin to "thieves crying stop thief!”
The US has arbitrarily expanded the scope of national security, employed various means to suppress cybersecurity companies, and obstructed the public disclosure of information related to cyberattacks. For example, US intelligence agencies, through programs like "CAMBERDADA," analyze whether cybersecurity firms have detected or acquired knowledge of their cyber weapons and activities, and engage in activities to infiltrate, divide, and suppress these firms. The US has also placed cybersecurity companies, including companies like Qihoo 360 and Knownsec, on entity lists with the aim of deterring and sanctioning these companies for disclosing US cyberattack activities.
A just cause gains great support, and an unjust one gains little. The misconduct of the US in cyberattacks and cyber espionage has become a global issue. The international community should strengthen dialogue, deepen practical cooperation, firmly oppose cyberattacks, and actively promote global cybersecurity governance, working together to build a community with a shared future in cyberspace.
Editor's note: Originally published on chinanews.com.cn, this article is translated from Chinese into English and edited by the China Military Online. The information and opinions in this article do not necessarily reflect the views of eng.chinamil.com.cn.
