Black Code: Inside the Battle for Cyberspace (10 page)

The GFW is part of an elaborate regime of domestic cyberspace controls, one element in China’s overall information and communications strategy. It is reinforced by a thicket of laws, policies, regulations, and policing up and down the ecosystem of Internet communications.
Contrary to principles of network neutrality, ISPs, hosting companies, websites, chat clients, and blogs operating in China are all required to police their networks. Internet cafés are routinely surveilled, and all individuals and organizations are held accountable by law for what they do and post online. According to a 2010 White Paper published by the Chinese government:

(If the Puritans suffered from a profound fear that someone, somewhere was having a good time, given these “provisions” what can we say about the Chinese government?)

China routinely downloads responsibilities to police the Internet to the private sector, which must follow government regulations in order to be allowed to operate. In 2008, the Citizen Lab discovered that
the Chinese version of Skype, TOM-Skype, was coded in such a way that it secretly intercepted private (and encrypted) chats whenever people used any number of banned keywords – Tiananmen and democracy, to name two. Despite the outrage after the release of our report and the condemnation levelled at Skype for colluding with Chinese authorities, four years later the same system is still in place. In fact, it is now more elaborately designed and frequently updated, sometimes on a daily basis in response to current events like the ongoing dispute with Japan over islands in the South China Sea, or the controversy around disgraced Communist Party official Bo Xilai. In fact, all Internet companies operating in China – Baidu, Sina, Tencent QQ, Youku, and others – are required to stop the “spread of harmful information” over their networks. The policing is typically undertaken through filtering and surveillance of the type TOM-Skype engages in, enforcing the use of real names in registration processes (to eliminate anonymous postings), and even direct intervention by paid officials in forums warning users not to engage in unwelcome, perhaps even illegal, discourse.

While downloading control to manufacturers of equipment and services is routine in China, occasionally there is pushback. For example, a proposal to have all new PCS manufactured in China come pre-equipped with the Green Dam censorship system met
with widespread condemnation from users and was withdrawn. However, though the Green Dam was a big “ask” even for the Chinese government, more often than not companies simply comply in order to do business.

The system is hardly foolproof.
Researchers at Cambridge University, for instance, once demonstrated how easy it would be to disable the GFW, and even without outside meddling the gateway routers can be overwhelmed by peak usage. Also, technical means to circumvent the GFW are plentiful. Using tools like Tor, Psiphon (a circumvention tool invented in the Citizen Lab in 2006, and now a private Canadian company), and commercial virtual private networks (VPNS), many users play a cat-and-mouse game with authorities; by some estimates millions break through censorship walls on a daily basis. Chinese citizens have also proven themselves adept at outflanking and mocking the censors.
Code words, metaphors, neologisms, and ingenious images circulated as Internet memes are used in place of conventional terms to circumvent Skype and other companies’ filtering and surveillance regimes. So, when any reference to “Bo Xilai” was censored, Internet users began referring to him as “Gua’s Father” instead (indicating that Bo Xilai is the father of Bo Guagua), until that term was filtered, and so on. The average Chinese user might go days without bumping into attempts of state control online, but the threat is always lurking. In this sense the system is less like
1984
and more like Jeremy Bentham’s Panopticon, a system that gives the
feeling
of being watched, that someone somewhere knows what you’re doing. No doubt, this creates considerable self-censorship, especially when combined with high-profile arrests of those who openly challenge the system.

It’s noteworthy that China’s cyberspace strategy – unlike, say, North Korea’s – is not aimed at completely isolating the country’s population from outside influence. Rather, it’s deliberately designed to take advantage of information and communications
technologies which the Chinese see as critical to their long-term future, while maintaining political stability around one-party rule. Continued economic prosperity is essential to the legitimacy of the Chinese Communist Party, and information and communications technologies are central to a burgeoning knowledge economy. China doesn’t fear the Internet; rather it embraces its own particular version of it. Indeed, the Chinese are building a robust alternative design that may actually be succeeding.

•  •  •

Often ignored is the
connection between China’s domestic controls and the international dimensions of its cyberspace strategy. Part of China’s objective is the wholesale exploitation of cyberspace for intellectual property, political espionage, and targeted threats against meddlesome human rights, ethnic, and religious groups the government describes as separatists or terrorists. It has pioneered ways to vacuum up information of strategic value to the government and national industries, and has done so without shame. The GhostNet probe may have been one of the first to expose what this looks like from the inside out, but it was neither singular nor unique.
Evidence of GhostNet-like compromises now surface almost weekly, and show a level of audacity and rapaciousness that is remarkable: dozens of government ministries and departments, from spy agencies to prime ministers’ offices in numerous countries, have been breached, with all the perpetrators having operated out of Chinese Internet networks. Scores of defence, aerospace, petrochemical, nuclear, and communications companies have all been infiltrated, and dozens of NGOS have had their computers turned into the digital equivalent of wiretaps.

A particularly noteworthy case is Canada’s Nortel Networks, which was thoroughly compromised for nearly ten years. In 2012,
ex-Nortel employee Brian Shields, who had led the forensic investigation of the compromise, came forward to disclose his experiences. According to Shields, the breach (which Shields traced back to IP addresses in China) was so thorough that the attackers had control of seven passwords from top company executives, including the CEO, which gave them complete and direct access to the company’s internal secrets and intellectual property. (Attackers downloaded technical papers, R&D reports, business plans, employee emails, and other documents from computers under their control.) Shields discovered the breach in 2004, but his warnings were constantly ignored by top executives, one of whom (former CEO Mike Zafirovski) subsequently admitted that they just “did not believe it was a real issue.” Shields estimates that the attacks had been going on since at least 2000, and lasted nine years. Nortel went bankrupt in 2009, and Shields’s revelations have caused many to wonder about the possible connections between the breaches, its demise, and the rising fortunes of Nortel’s chief China-based competitors, Huawei and ZTE.

In 2012, China’s state-owned company, Sinopec Corp., made a controversial bid to acquire Talisman Energy, one of Canada’s top oil and gas exploration companies, for more than $1.5 billion. While Canadian news reports focused on the question of foreign ownership of national assets, few noticed that Talisman Energy had been victimized by a major China-based cyber espionage operation called Byzantine Hades in 2011. The attackers gained access to Talisman’s Asian-based networks, and had control of them for over six months. (Notably, a Bloomberg News report on this issue disclosed that the same Chinese attackers, called The Comment Group, had infiltrated the computer of a Canadian Immigration and Refugee Board adjudicator involved in the case of Lai Changxing, a Chinese tycoon extradited by Canada to China, where he is now serving a life sentence in prison.) There is no evidence connecting the hackers to the
Talisman takeover bid, but it certainly raises some intriguing questions about whether, and/or to what extent, information gleaned by the attackers made its way to Sinopec.

In 2001, three individuals working for the state-owned Datang Telecom Technology Company of Beijing were indicted for stealing secrets from U.S.-based Lucent Technologies. In 2002, two people funded by the City of Hangzhou were indicted for stealing secrets from several Silicon Valley technology companies, including Sun Microsystems and NEC Electronics. In 2003, an employee of PetroChina working with U.S.-based 3D-GEO was found to have copied up to $1 million of 3D-GEO’S proprietary source code for seismic imaging onto his laptop. In 2009, an employee at Ford Motor Company was arrested and found guilty of stealing trade secrets on behalf of Beijing Auto. When such cases are combined with the reports of widespread China-based cyber espionage, it raises the question: Is it all part of a deliberate campaign?

While cyber theft and spying are menaces, the potential military implications are more frightening.
It’s unlikely that China would see any benefit in an armed conflict with the United States, but Chinese military literature emphasizes its capacity to degrade American satellites, as well as its other surveillance systems, should an armed conflict occur. Like those of many other countries, China’s military planners have fully integrated cyber warfare into their military doctrine and operational plans. Because the U.S. has a military alliance with Taiwan and Japan, in the event of a regional war – say, over Taiwan or the disputed islands of the South China Sea – the People’s Liberation Army would be hard pressed
not
to deploy its cyber warfare assets to confuse, deter, and even disable American military and civilian assets. As the Stuxnet worm aptly demonstrated in 2010, a menacing virus or trojan horse can be used to sabotage critical infrastructure. Such an attack would invariably provoke a wider response from the U.S., which now
defines a cyber attack as an act of war. As security strategist Herman Kahn noted about the Cold War, this can be described as an “escalation ladder,” one step leading to another, further and further into an armed imbroglio that neither side fully controls or desires.

Part of China’s international strategy revolves around the setting of technical standards, like those relating to wif protocols. In the early 2000S, after China lobbied unsuccessfully to have its WAPI standard for wireless networking adopted internationally, its government turned to promoting WAPI (WLAN Authentication and Privacy Infrastructure) as the domestic standard instead, making many handsets less than fully functional. For example, the official Chinese iPhone offered by China Unicom didn’t include wifi (which helps explains the burgeoning iPhone grey market in the country). However, in 2010 Apple introduced a new-generation iPhone with the China-preferred WAPI wireless standard on its handsets, as did Motorola and Dell. In discussing such standards, it is noteworthy that Huawei is now the world’s largest telecom equipment manufacturer, bypassing Sweden’s Ericsson in 2011, and China’s Lenovo is now the second-largest PC maker in the world, behind only Hewlett-Packard. Technical standards are the
sine qua non
of cyberspace control: they shape the realm of the possible, structure the limits of what is permissible, and define a path of dependency for future trajectories of technical development that is difficult to escape. When millions of devices worldwide contain a particular country’s standards, those devices are linked to that country’s industry and manufacturing base, and contain a structure of rules that are set by the decisions of that one country.

•  •  •

While technical standards-setting
may work in indirect ways to further China’s influence abroad, its policy engagement at
regional and international forums is more directly illustrative of its determination to control cyberspace. China’s participation at international forums where global cyberspace rules are debated has grown significantly, its agendas more clearly articulated and promoted. The country’s representatives come in force, usually well prepared and organized around a common agenda at the Internet Corporation for Assigned Names and Numbers (ICANN), the Internet Engineering Task Force (IETF), the International Telecommunications Union (ITU), the UN Group of Governmental Experts on Cyber Security, and, as we discovered, the Internet Governance Forum. Their actions at the book launch may have been Monty Pythonesque, but the long-term effect of China’s influence on the IGF is anything but laughable. Presently the IGF reports to the UN Department of Economic and Social Affairs, whose top person just happens to be Mr. Wu Hongbo of China.

China is also active at a regional level, as evidenced by its leadership, along with
Russia, in a security alliance called the Shanghai Cooperation Organization (sco). The SCO also includes Kazakhstan, Kyrgyzstan, Tajikistan, and Uzbekistan. Afghanistan, India, Iran, Mongolia, and Pakistan have observer status, and Belarus, Sri Lanka, and Turkey are dialogue partners. The organization is used to coordinate security concerns, primarily through the Regional Anti-Terror Structure, known by its acronym RATS. At RATS and SCO meetings member states’ security services coordinate anti-terror exercises and share information on “threats” – which many human rights groups suspect include domestic opposition groups. Transparently, the intent is to restrict citizen-led revolts like those of the Arab Spring, tied as they were to social media. At a 2012 meeting of the RATS, Sergei Smirnov, first deputy director of Russia’s secret service agency, the FSB, said: “New technologies are used by Western secret services to create and maintain a level of continual tension in society with serious intentions extending even to regime
change … Our elections, especially the presidential election and the situation in the preceding period, revealed the potential of the blogosphere.”