By Cong Ge Source:Global Times
Qihoo 360, one of China’s biggest cybersecurity firms, on Tuesday published a document detailing how the US Central Intelligence Agency (CIA)’s hacking group (APT-C-39) has attacked a wide range of Chinese sectors including aviation, scientific research institutions, the petroleum industry, internet companies and government agencies. The company identified the person in charge – a former CIA employee (Joshua Adam Schulte) the cyber weapon that was deployed (Vault 7), and listed five relevant pieces of evidence. The attacks lasted for eleven years, the firm said.
Although there have plenty of credible reports about the US engaging in cyber espionage against not just China but many other countries, including its close allies, the revelations in the Qihoo 360 document are still profoundly startling and deeply concerning. The findings, if confirmed, lay bare the US’ astonishing hypocrisy in attacking China for years, while accusing China of cyber-attacks against its institutions and even imposing sanctions on Chinese entities and individuals.
But much more critically, they sounded a timely alarm about how vulnerable China’s critical sectors are to the US’ powerful cyber weapons and how China sorely needs to take all necessary action to protect its citizens, institutions and national security.
First, the Qihoo 360 document should be taken seriously and investigated thoroughly. If the revelations are confirmed, swift action must be taken against the involved US institutions, including the CIA, its hacking group and personnel involved in the cyber-attacks.
Legal and all other possible channels should be considered to remedy the damages the US attacks have imposed on Chinese institutions and the public. This is not only imperative in protecting China’s interests but also perfectly appropriate given the US’ actions against China and relevant international rules and norms.
Second, given the wide-ranging sectors and information targeted by the US cyber-attacks, a thorough investigation should also be conducted to assess the damage and the potential risks. For example, in attacks against aviation institutions, the CIA were specifically after developers, who are responsible for developing systems that handle air traffic controls, cargo information, payments and passengers. It cannot be overstated what a grave danger this poses to potentially millions of Chinese air travelers and aviation workers. Necessary measures should be taken to close the potential loopholes in these areas to minimize the damage.
While stopping the bleed should be top priority, long-term plans should also be discussed to beef up the nation’s cybersecurity system. China is among the most digitized countries in the world, and entities in almost all sectors each handle massive volumes of the data of citizens. Although all businesses and institutions may have set up their own cybersecurity systems, they cannot go up against attacks by the world’s largest intelligence agency with some of the most powerful cyber weapons at its disposal. Therefore, efforts to enhance cybersecurity should be a society-wide goal. More resources should directed to the research and development of cybersecurity technologies.
Finally, cybersecurity is a global challenge that requires collaboration among all countries. Even before the Qihoo 360 report, leaked documents from the US have shown the US’ massive global surveillance programs and cyber-attack capabilities. In an apparent bid to hide its vicious attacks, Washington has waged a relentless global campaign to accuse China and other countries of cyber-attacks without any proof. The world cannot be fooled by the US and turn against each other to help the US crack down on Chinese tech companies. Countries should join hands in addressing cybersecurity issues.
The author is a reporter with the Global Times. [email protected]