Chinese Hackers, Businesses and Government Coordinate Cyber Efforts

China likely will be one of the United States’ main adversaries—or perhaps more accurately, competitors—in the cyber realm for the foreseeable future. U.S. business leaders may not understand the extent to which attacks against their own corporate networks actually are coordinated efforts by Chinese hackers, Chinese business interests and elements of the Chinese government. Many of the tactics and schemes the People’s Liberation Army (PLA) is employing in cyberspace have their basis in history, and some of them are anchored in Chinese philosophy.

Chinese strategic thinking and foreign policy since the establishment of the People’s Republic in 1949 have been driven primarily by the principle of mínzú, or respect for China, rather than an ideology of exporting class struggle and revolution. Mínzú would have been familiar to the Nationalist Chinese at the turn of the last century as part of political leader Sun Yat-sen’s Three Principles of the People philosophy championing nationalism, socialism and democracy. Mao Zedong and the Chinese Communist Party (CCP) fully agreed with this aspect of Nationalist philosophy and continued to interpret it in exactly the same way when the party came into power. While today’s leaders of the People’s Republic of China (PRC) internally use rhetoric such as “building socialism,” “grasping revolution,” “upholding proletarian internationalism” and “uniting with Marxist-Leninist parties and oppressed peoples the world over,” the actions they have taken outside of their own borders consistently have promoted one sovereign, powerful, economically secure and respected China.

Historical wrongs, humiliations and partitions inflicted on China by Westerners and the Japanese during the 19th and 20th centuries include the Opium wars, the Boxer Rebellion, the Sino-Japanese wars and the World War II occupation. These are not distant memories. They are deeply felt by even young Chinese people to this day. The desire of masses of individuals to ensure that colonialism and the hegemony of foreign countries never again insult China’s national character is said to spring from an “inner patriotism.” Although the Communist Party itself is concerned with maintaining its continuous rule, individual Chinese people generally make little mention of the preservation or extension of socialism. China’s actions during the Korean and Vietnam wars, while viewed by the West at the time as efforts to support and export communist revolution, instead should be interpreted as reactions to the perceived extension of U.S. hegemony close to China’s borders. These perceptions also threatened the respect Chinese leaders believed their country was due in the historically Sinocentric region of Asia; insulted the nationalistic consciousness of the Chinese people; and directly countered the strategic aim of mínzú.

The PRC’s latest ploys to bring about mínzú can be traced to Mao’s “10 Great Policies for Anti-Japanese Resistance and National Salvation,” written in the 1930s. These policies, in turn, are influenced deeply by Sun Tzu’s The Art of War. While Sun never hesitated to use violence when he thought it was appropriate, he also indicated that what is known today as “kinetic war” should be a last resort. He believed that states should pursue policy by means other than decisive action whenever those means are available. Subduing an enemy or a competitor and achieving one’s ends without fighting should be viewed as the height of mastery. 

In our own time, at least one Chinese academic has written of lessening distinctions between wars and nonwars and between military and nonmilitary specialists who are now players in operations such as information warfare (IW). Chinese strategists seem intent on pursuing their national interest in the cyber realm incrementally and continuously, without declaring or conducting a decisive, kinetic war. 

Sun said leaders should develop shì, or roughly, a situation that “will build on favorable conditions to tip the tactical balance” in China’s favor. Shì may be developed cumulatively, over long time frames, while gradually shifting a situation to one’s benefit. An authoritarian government may develop shì over hundreds of years. The balance of power is not tied to a four-year election cycle or annual budget cycles, such as in the United States. Shì also may consist of the energy with which an organization will accomplish its mission as well as elements of its leaders’ situational understanding (SU). The development of shì is a continuous process, beginning long before any hostilities might erupt. Shì, or strategic configuration of power, along with comprehensive national power (CNP), or zònghé guólì, are two central concepts of the CCP. 

Sun developed five factors, or metrics, to help in divining the true situation. These included qualitative and quantitative metrics covering territory, natural resources, economic prosperity, diplomatic influence, international prestige, domestic cohesiveness, military capability and cultural influence, all of which make up CNP. By these measures, China’s leaders divine their present status in the world and plan for the future.

The Art of War introduces the concept of two complementary forces or efforts that an organization may employ: zhèng kě and qí. Zhèng kě is generally the normal or direct force that distracts the enemy in preparation for a decisive indirect attack. Qí is the indirect or extraordinary force—the moving, flanking, unusual force that helps make unanticipated attacks happen. Qí can be decisive when the enemy is distracted by a zhèng strike. Zhèng kě and qí are used together and simultaneously, and the qí force can become the zhèng effort in the next cycle. 

The two-force model may have a direct parallel with current Chinese efforts in cyberspace. Two distinct Chinese groups used in IW employ efforts that seem at least coordinated, if not directed, by the PLA and the CCP. These are the supposedly nongovernmental Chinese hacker groups such as Red Hacker Alliance and Honker Union of China, along with government-employed and government-directed professionals. We know a great deal about many of the individuals in the former group. U.S. agencies have been aware of many of them for more than 10 years and tracked some as they came to the United States to obtain advanced degrees at universities here. 

Some of their efforts initially appeared to be clumsy, electronic “human wave” denial of service (DOS) attacks conducted by individuals lacking technical proficiency. These individuals are purposely portrayed by their hacker leaders as more numerous but less skilled than U.S. hackers. Those leaders also publicly say that network security in the United States is superior to what the Chinese employ. When asked if their attacks are spontaneous (as in “people’s war”) or deliberate, Wan Tao, leader of hacker group China Eagle Union, admitted that both aspects are involved.

Westerners may regard the activities of some of the more visible hacker groups as a zhèng effort coordinated with a less visible, more professional qí effort aimed at an obscure target. While both may develop shì, the qí effort probably focuses on higher value resources of large Western corporations or military and government assets and establishes conditions within the enemy’s camp. Meanwhile, the loosely coordinated zhèng effort distracts U.S. network security professionals by, for example, harmlessly defacing public websites. 

A slightly different application of the indirect qí attack would be to target a Western company’s business partners or vendors who can access resources inside the company’s cyber perimeter. According to a 2013 report on 450 global data breaches, 63 percent involved the compromise of a third-party component of information technology system administration. In 2015, 70 percent of attacks with known motives included a secondary victim. Obviously, not all of these attacks can be attributed to Chinese hackers, but the attack method would be familiar to an actor versed in Sun Tzu.

The very influential Maj. Gen. Li Bingyan, PLA, has advocated for incremental changes to Sun’s basic strategies that would incorporate Western emphasis on technology but retain the Eastern concept of coordination between struggling parties to reach an equilibrium favorable to China and building shì. This IW stratagem is distinctly different from the Western assumption of a polarity between competing parties as assumed in treatises by military theorists Antoine-Henri Jomini and Carl von Clausewitz—which nearly all Western field-grade military officers have read—or the standard sports metaphors common in Western business leaders’ thinking. 

This stratagem does not propose a clearly delineated struggle. It would leave U.S. business network professionals and conventional U.S. military forces with no standard enemy, no declared war, no recognizable start time for hostilities and periods of hostilities interrupted by periods of seeming cooperation by the adversary. U.S. troops would lack clear legal authority to act under Title 10 of the U.S. Code. 

Western business leaders may find it difficult to understand that their Chinese competitors are supported by a continuous “whole of nation effort” to gather information and develop a business environment that favors China and Chinese companies. But Chinese philosophy offers some explanation and can help in countering the Middle Kingdom’s pervasive cyber attacks.

Chief Warrant Officer 2 Bryan W. Bowlsbey, USA, is acting S-6 and combat service support automation management officer (CSSAMO) for the 405th Brigade Support Battalion, Illinois Army National Guard, and the manager of infrastructure engineering for WOW, a medium-size Internet service provider based in Denver. The views expressed are his alone and do not necessarily reflect the views of the U.S. Army or the Illinois National Guard.