Security

Understanding what motivates Chinese hackers

Michael P. Kassner, with the help of a noted academic and author, looks at what motivates Chinese hackers. It may not be what you think.
With the number of Chinese citizens reaching 20% of the world's population, they're going to have an impact in any endeavor they take on. Consider the Internet — China has more users than any country in the world, nearly twice the number as the United States (courtesy of internetworldstats.com).

Another area where the Chinese are exerting influence is the ability to manipulate the Internet. As proof, consider the NSA-originated competition TopCoder Open:

TopCoder Open is a world-wide programming and designing tournament open to all TopCoder members 18 and older who meet the eligibility criteria. There are six competition tracks: Algorithm, Design, Development, Marathon, Mod Dash, and Studio Design.

In past years, the Chinese have crushed the opponents, some say by sheer number of entries, but I doubt that's the only reason. In 2009, China had 20 finalists: the United States had two. Last year, 2012, China fielded two finalists, the United States — none.

Where's this going?

Anyone the least bit interested in "things cyber" understands why the relationship between China and the United States is tense, so no sense wasting electrons venturing down that media-saturated path. I prefer to take some advice from a very astute gentleman I knew, my grandfather, never forgetting his gentle reminder, "Things always go better when you know, really know, the other person's story."

To that end, I hooked up with Professor Nir Kshetri from the University of North Carolina. He's been helping me understand something overlooked by mainstream media — cultural differences.

I first became familiar with Nir's work through his book, Cybercrime and Cybersecurity in the Global South. I learned rather quickly I needed help comprehending the complex cultural implications. With a deadline bearing down on me, I shamelessly barged into Nir's life.

Note: Before we take a look at what I learned, I thought I had better address the controversy surrounding the term hacker. Nir and other experts use hacker throughout their papers. So, to keep things simple, let's continue using hacker, associating the term hacker with highly skilled individuals who break into computer systems and networks.

Definition of Internet

Right from the start there is a dramatic difference of opinion regarding what the Internet and its governance mean to China and the United States. The Chinese government according to Nir:

[E]mphasizes the importance of creating and promoting a healthy and harmonious internet environment. It is important to elaborate this point. A healthy cyberspace is ‘porn-free,' ‘crime-free,' and ‘harmonious,' meaning it does not threaten to destabilize the state's social and political order.

How does that compare to your version of the Internet?

Information security versus cybersecurity

This next difference is complicated, I'm not sure if I get it, even with Nir's help. But, I thought I'd toss it out, and see where it lands. China and its allies have a different view of cyberspace governance than the United States and its allies. China is more concerned about "information security" and the United States prefers to focus on "cybersecurity." Nir offers an explanation:

They (China) like to control information that is likely to provoke what they call the three "evils" (terrorism, extremism, separatism). They also consider it important to prevent other nations from using their technologies to disrupt economic, social, and political stability.

All I know is if two powerful countries are looking at something like cyberspace governance that differently, it's time to talk.

Strong government

It may not be what you or I are used to, but Nir points out the Chinese are tolerant of a strong state government; especially the "post-Tiananmen generation," having experienced little or no hardship during their lives. Nir adds:

[T]he state has adapted a body of complex scholarship to bolster its legitimacy through invoking a deep sense of ‘Chineseness' among citizens. China's strong nationalism is arguably related to ethnicity and race rather than universalistic ideals (e.g., democracy, rule of law, free marketplace) and institutions. Opposition to the West has become a defining value.

Another divergent viewpoint is, in this case, what constitutes a national government.

Chinese hackers and nationalism

Most hackers are of the "post-Tiananmen generation," and have a high degree of patriotism. I remember reading on more than one occasion where Chinese hackers have left messages stating they were willing to devote their skills, even their lives to China. Nir agrees:

When Chinese hackers see the honor of their motherland is compromised, they consider it important to take necessary actions to restore China's honor, glory, and integrity. They also consider it their responsibility to fight what they see as imperialism in cyberspace.

Whether you agree or not, Chinese hackers see no wrong in what they are doing; they're being patriotic.

Chinese hackers are rock stars

Most people view hackers in a negative context. That is not the case in China. As Nir points out, Chinese hackers are revered in a fashion similar to rock stars:

[S]tartling is the fact that some young Chinese tend to treat hackers like rock stars, and a significant proportion of students identify them as positive role models, wishing to emulate them. According to a 2005 Shanghai Academy of Social Sciences survey 43 percent of elementary school students said they "adore" China's hackers, and one third said they would like to be one.

It would be interesting to see the results a similar survey taken in the United States.

Making headway against cybercrime

From what I've read, there appears to be a huge chasm between what the United States thinks, and China thinks about their eliminating cybercrime within China, and cracking down on global hacking. According to Nir, here's what the Chinese think:

Chinese officials argue they should be praised, not criticized, for taking measures to control cybercrimes at home and collaborate internationally.

Nir cited a few examples of why they feel that way. In 2009, China added computer crimes to its Criminal Law. The penalty for hacking is a seven-year prison sentence. Next, Nir referred to a China.org.cn article that mentioned:

[T]he country's police have destroyed more than 80 criminal gangs involved in computer hacking, the online theft of data, and running botnets to spread malicious software.

One similarity at least

People have mentioned, with more than a little sarcasm that my home state of Minnesota is the only state to have been governed by an "All-Star" professional wrestler. That is true, and I'm thankful for one special piece of wisdom passed on by Mr. Jesse Ventura: "If you want to know what's going on, follow the money."

If China and the United States have one thing in common about the Internet, it is "the quest for money." Nir told me about two examples where the Chinese government has decided not to enforce certain regulations as they would create a financial burden.

The Green Dam Youth Escort program had several flaws, but the one that appeared to put a stop to loading the Web-filtering software on every computer made in China was the added cost. Another example is the regulation requiring bloggers to register using their real names. Sina Weibo, the popular Chinese version of Twitter, did not abide by the regulation: stating the company would lose customers and untold revenue. As of mid-2012, Sina Weibo has over 360 million registered users.

Final thoughts

China is a big, rapidly growing, and complex country that is flexing its newly-found muscles. The operative word to me is complex. I'll leave you with one final example of that complexity. Chinese allegations against the United States only come from top-level government officials. United States allegations against the Chinese come from the government officials, tech-media types, and private sector security professionals. Nir explains:

China's strong state and weak civil society means criticism, by China's private sector and security analysts, of foreign-originated cyber-attacks is practically nonexistent: probably because of the strict censorship by the Chinese government.

I'll end by reiterating my grandfather's wisdom, "Things go better when you know the other person's story."

About

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks