Made in USA, Remade in China: Part 1: Chinese Cyber Intimidation Spreads Beyond Its Borders

I have a simple way to assess the freedom of the country you’re in. Go to the capital city, stand in a visible public place, and make a speech criticizing the current leadership. If nothing happens besides your getting a few critical remarks from onlookers, you’re in a free country. If, however, you are arrested, assaulted, harassed, or investigated, you are not in a free country. Clearly, most people don’t need to go through this test to understand their degree of freedom. I certainly wouldn’t advise doing this in North Korea, for example. In fact, the degree of fear or apprehension you have on even contemplating such an act should be an indication of how free the society you’re in truly is.

You can find a more thorough report on the freedom level of various countries by viewing the report from the organization Freedom House. Here, you will see countries classified as being either free, partly free, or not free. Their political liberties (PL) and civil liberties (CL) are rated on a 7 point scale, with 7 being the least free. North Korea, for example has the dubious honor of being among the least free places on earth (PL-7, CL-7), which probably surprises no one. However, it may be surprising that Burma (6/5) and Iran (6/6) are now freer than China (7/6). Russia (6/5) is now rated with the ‘not free’ countries and has the same freedom ratings as many of the countries of the Middle East.

Another way to gauge oppression is by checking the Reporters Without Borders World Press Freedom Index. Here, out of 180 countries, you will find Russia at position 148, North Korea at 179, and China at 175. In other words, freedom of speech in China is almost nonexistent, and, in Russia, it is extremely restricted.

To restrict freedom to such a degree requires a large police force and army. The police force must be respected or at least feared for such restrictions to work. To restrict internet freedom requires a similar fear-based cyber surveillance system. Cyber fear is important in controlling cyber behavior. Censorship must be pervasive and it must be clear what can happen to individuals if certain boundaries are crossed. It is easier to control the internet in China than in most countries since all internet access is controlled by the government. On top of this, China has an internet police force of about 2 million individuals who monitor websites and chat rooms, erase anti-government comments and post pro-government messages. The physical presence of police outside of all public internet rooms gives a not-so-subtle message to those surfing the web within. It is little wonder, therefore, that more netizens are in prison in China than anywhere else in the world. Saying anything the government doesn’t approve of can get you three years in prison.

China bans a lot of internet content. It bans certain websites and certain search terms. Sites that may be allowed most of the time may find that they are suddenly closed down for no apparent reason. More restrictions occur around certain dates, such as June 4th, the anniversary of the Tiananmen Square uprising. Some Chinese, knowing that they could not mention certain terms at this time of the year and knowing that many sites would be shut down, jokingly refer to this as ‘Chinese Internet Maintenance Day’. Although some social media sites are banned, there is no need for the government to do so as long as they can be monitored. This allows authorities to gather information about potential troublemakers, who can then be weeded out. All foreign companies desiring a Chinese presence must agree to have internet content monitors. Yes, there are ways to get around the Great Firewall of China, but they are not easy. Many, if not most, VPNs have now been blocked and “one of the country’s main ISPs, China Unicom, automatically cuts a connection as soon as it is used to transmit encrypted content.”

The fact that the Chinese government maintains strict control over its internet users may not be anything new. However, what is disturbing is that China has increasingly grown to believe that they have the right to control internet use beyond its borders. The first real indication that they wanted to control the output of foreign media was when they attempted to find the sources for an article to be published by the New York Times concerning the fortune amassed by former Prime Minister Wen Jiabao. Similar attacks have been launched against CNN, The Washington Post, Twitter, and The Wall Street Journal. In Tibet, Buddhist monks were put under surveillance because they were the only group that had not been previously monitored. It was, therefore, suspected that they were being used to transmit information that may contradict Chinese policies. The result was that “on 1 September (2012), 60 military vehicles descended on the Zilkar Monastery. Computers, DVDs, documents and photographs were seized from the monks’ rooms.” This new wave of interest in the monks culminated in August of 2013 when the Dalai Lama’s website was the victim of a waterholing attack.

These attempts by the Chinese government to control foreign media comes as no surprise to Xiao Qiang, a Chinese dissident now living in the U.S. In speaking of the Chinese government, Qiang says, “if they can, they will try to stop the story altogether. If being inside a computer system puts them a step ahead because they know who the reporters are speaking to, they will cut off the sources back in China. That’s what they’re really trying to achieve.”

Why don’t companies complain more about China? Because they are afraid to. According to one source, “U.S. companies who speak out against the attacks are threatened by the Chinese.  The Chinese government is more than willing to ban U.S. firms that rock the boat, locking them out of the lucrative emerging market of almost 1 billion internet-active device users.” Not all threats have had a financial basis. Physical threats against foreign staff in China have been made. When engaged in a patent dispute with Chinese phone maker Huawei, InterDigital’s China-based staff was threatened with arrest if they attended a meeting. Coincidentally, an agreement was reached between the two parties shortly after. As one observer noted, “there may also be a link between alleged threats from a Chinese government agency to InterDigital’s staff and the seemingly quick settlement.” Bloomberg news apparently shelved an important story criticizing Chinese President Xi Jinping because “Bloomberg feared having its employees exiled from China, and the company sells a tremendous amount of financial data terminals in China.” Companies from all over the world that have experienced persistent attacks from China are reluctant to talk about them for fear of retaliation. Although many companies may be secretly applauding the recent U.S. indictment of 5 Chinese hackers, they will never say anything publicly. “One reason for companies’ muted reaction to the U.S.’s hacking indictment may be concern about provoking retaliation from China.” According to one government official, “one of the major challenges was persuading the victim corporations — which feared a loss of sales in China or state retaliation — to come forward.”

“They had to gather really strong evidence that these companies had been hacked, and then had to convince the companies to go public, despite fear of retaliation,” said James A. Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington.

Back in 2009, Mark Bregman, chief technology officer at security firm, Symantec, said he was given advice about bringing his laptop to China. “I was advised by people in three-letter agencies in the US Government to weigh the machine before I left and when I got back. They also don’t want me to take my phone. They said to buy a mobile phone in the US and throw it away when you come back.” Bregman said the US was also “concerned about its companies employing Chinese coders, particularly in security. He said the ‘software supply concern’ was due to fears that Chinese developers would insert malicious code into software sold to American companies or the US government. If you’re a big company doing development in China the US government asks, ‘Why should we trust you? We won’t buy from you.'”

This is an interesting anecdote for two reasons: 1) Symantec had a year earlier (2008) entered into a joint venture with Chinese telecommunication giant Huawei and 2) recent revelations have shown that the US government began spying on Huawei in 2009. This government interest in Huawei may have been because of accusations by Canadian telecommunication company Nortel that it was hacked by Huawei as early as 2004. Oddly, Huwei approached Nortel about a joint venture with them in 2005. The deal was scrapped in 2006. It is well-known that Chinese firms will enter into negotiations with companies they later plan to hack. In any event, Symantec released information about the Elderwood Platform in 2009 (see my last post for details) but did not mention China as the power behind the attacks. No doubt doing so would not be in their financial interests. There is also the danger of putting a target on your back for Chinese government-based hackers to aim at. For similar financial reasons, Symantec pulled out of the Huawei joint venture in 2011. It seems that continuing work with the company would exclude it from lucrative US government contracts. This whole scenario is a little murky and I’m still trying to track down more details which I hope to report on at a later date. The key point to extract from all of this is that China has many tools in its arsenal to control the behavior of foreign businesses and to extend its cyber empire. Remember what I said at the beginning. If you live in fear of speaking against those in control, you are not living in a free country…or a free world.

________________________________________________________

In part 2 I look into the question of whether you should buy any computer or mobile device from China.

About Steve Mierzejewski

Marketing consultant for InZero Systems, developer of the next generation in hardware-separated security, WorkPlay Technology. I've worked in Poland, Japan, Korea, China, and Afghanistan. I'm a writer, technical editor, and an educator. I also do some work as a test developer for Michigan State University.
This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s