TechCrunch Global Affairs Project examines how the tech sector and global politics are increasingly interrelated.
Cyber espionage has been a tradition for criminals. Criminals who are affiliated with China's Ministry of State Security, (MSS) can be protected from prosecution and conduct many of China’s espionage operations as government hackers. This is not an unusual phenomenon, however alarming it may sound. According to the U.S. Department of Justice, the simultaneous criminal-espionage activities of two Chinese hackers dates back as far as 2009. FireEye, a cybersecurity firm, claims that APT41, another group of MSS hackers began as a criminal organization in 2012, and then transitioned to state espionage starting in 2014. There are reasons to believe that China has been setting the stage for change since 2012.
China was able to replace criminals who had been contracted through a series of policies that began in 2015. CCP's 2015 first attempt was to standardize cybersecurity education at universities by drawing inspiration from the United States' National Initiative for Cybersecurity Ed -- a NIST framework for improving America's talent pipeline. China built a National Cybersecurity Talent and Innovation Base (Wuhan) one year later. It includes all components and is capable of training and certification of 70,000 people per year in cybersecurity.
Similar to the previous announcement, the Central Cyberspace Administration of China awarded a World-Class Cybersecurity Schools award in 2017. This program certifies 11 schools the same way that the U.S. government certifies universities as Centers of Academic Excellence for cyber defense and operations. However, China does not have to adopt a new approach because it has a pool of talented people that isn't influenced by criminal activity.
President Xi's goal to reduce corruption is directly tied to his efforts to professionalize state hacking groups. Xi's recent purge on China's state security service demonstrates the danger officials face by maximizing their personal wealth using government resources. Xi's anti-corruption campaign has specifically targeted the patronage relationships between contract hackers, their handlers, and this type of profiteering behavior.
Officers who run operations that attract international attention or indict foreign criminals are at risk of being turned in by their rivals in an increasingly competitive environment. Internal investigators could find officials targeted in internal investigations locked up in "black prisons". China's security service will end their relationship with underground hackers and weed out corrupt officials.
These measures indicate that the Chinese hackers against which the intelligence services and companies around the world are used to protecting themselves will be much more skilled by the end of this decade.
China that is more capable will be different from the China of today. The Ministry of Public Security tolerates some Chinese cyber criminals' operations, despite the difficulties they create, because it relies on illegal hackers to conceal its criminal and espionage activity. China's security service will soon be able to move these operations in-house once criminal activity ceases to be a norm. Government spying is a common practice in international relations. China's Ministry of Public Security could therefore conduct more cyber-criminal operations. Analysts should monitor for an increase in anti-crime operations that are internal to China, as this could be a sign of a shift in operational tactics.
As the number of countries and entities targeted by Chinese hackers grows, this shift in Chinese cyber capabilities will be felt around the world. As the number of state hackers grows, espionage priorities that have been neglected for a long time will be rediscovered. These campaigns won't be more sophisticated than previous operations because China's hacking team is already at par with the best. They will be more common.
We can expect to see a decrease in cybercrime by contract hackers and other state-connected hackers over the next decade as China's security-backed hacking gradually sheds its criminality. This trend away from thuggery is accompanied by an increase in espionage, intellectual property theft. China's dependence on criminal hackers will look like a remnant of the old MSS, corrupted and even amateurish in hindsight.
This shift will not be rapid, but we can expect some indicators such as rumors of crackdowns in the security service or reports about disappearing or being indicted criminal organizations. We can expect to see the gradual separation between technical indicators for criminal and espionage hackers over time.
Spying isn't an offense, but U.S. policymakers must continue to prioritize cybersecurity across all government agencies, the defense industry base, and critical infrastructure operators. Already, the White House is moving in this direction. In August 2021, the administration rallied NATO allies to cyber policy and identified 500,000 vacant cybersecurity jobs. The NSA, for its part, launched the Cybersecurity Collaboration Center in August 2021 to improve cybersecurity systemwide. CyberPatriot competitions are used by the United States to encourage students to join its well-developed cybersecurity talent pool. New programs that encourage job retraining at community colleges, which are certified in cyber defense, would draw on existing resources and attract students who have missed the K-12 pipeline.
Policymakers must remain vigilant. The threat of China using criminals has not diminished, but it has changed. The U.S. government must be ready to consider all options in order to face the threat posed by China's next generation hackers.