How China Is Building an Army of Hackers

How China Is Building an Army of Hackers: Inside the Cyber Espionage Race

For as long as computers have existed, so have hackers—those clever individuals who find ways to infiltrate, manipulate, and disrupt systems. Today, a major player has emerged in the world of cyber espionage: China. But how far have they come and what does it mean for the rest of the world? Let's take a look at China's rapidly growing cyber capabilities and what recent leaks reveal about this hidden war.

Hacking Competitions: The New Battlegrounds

Hacking competitions aren't just games; they're proving grounds where cyber skills are sharpened and vulnerabilities are exposed. Let's explore how these competitions play a crucial role in the global cyber landscape.

Pwn2Own: Where Ethical Hackers Shine

Since 2007, Pwn2Own has attracted top cybersecurity researchers (often called "ethical hackers") to find weaknesses in everyday software and devices. These researchers aim to uncover vulnerabilities in exchange for cash prizes.

One area of focus this year is EV chargers, including the Tesla Wall Connector. Did you know that an EV charger can communicate with a vehicle, and vice versa? Imagine plugging in your car at a charging station and unknowingly compromising your vehicle. This compromise could then spread to other charging stations.

What are the potential dangers of EV charger hacks?

• Vehicle compromise
• System manipulation
• Autopilot control

If a hacker takes control of a vehicle, they could potentially mess with its systems or even take over the autopilot in self-driving cars, causing accidents. This is why it's important to identify and fix these bugs before malicious actors exploit them. When vulnerabilities are found at Pwn2Own, the hacking team must share the details directly with the affected company, such as Tesla, so they can start working on fixes immediately.

While teams from many countries participate, Chinese teams have been notably absent since 2018 due to government restrictions.

Tianfu Cup: China's State-Sponsored Hacking Arena

Unlike Pwn2Own, where discovered vulnerabilities are disclosed to the affected companies for patching, Tianfu Cup takes a different approach. Vulnerabilities found here are funneled directly to Chinese law enforcement and intelligence agencies.

Say a Chinese researcher discovers a vulnerability in the iPhone and exploits it at Tianfu Cup. That vulnerability could then be used by Chinese police to spy on the Uyghur population in Xinjiang. This reportedly happened back in 2021.

Regulation on the Management of Software Vulnerabilities

In 2021, China implemented the Regulation on the Management of Software Vulnerabilities. This policy requires businesses operating in China to report software vulnerabilities to the government within 48 hours of discovery. This gives the Chinese government near-instant access to newly discovered vulnerabilities.

In contrast, in the US, companies and researchers aren't legally required to disclose vulnerability information to the government. Although, US agencies like the CIA and NSA also collect vulnerabilities for their own purposes.

The Rise of Chinese Hacking Competitions

Since Xi Jinping came into power, state-sponsored hacking competitions in China have grown significantly. According to an Atlantic Council report, there have been 129 hacking competitions in China since 2004, most of which started after 2013. The Wangding Cup, the largest of these competitions, hosted 35,000 participants.

China's Cyber Strategy: A Closer Look

What's driving China's focus on cybersecurity? Let's look at some key factors.

The Turning Point: Snowden Leaks and the Arab Spring

The Snowden leaks, which revealed US offensive cyber capabilities, and the Arab Spring uprisings, which demonstrated the power of internet-based activism, played a significant role in shaping China's cyber strategy. These events highlighted the potential for both offense and defense in the digital space. China decided to invest heavily in its cyber capabilities, focusing on talent, programs, and technology.

Government Policies and Curriculum Changes

From 2015 to 2017, the Chinese government implemented policies to improve cybersecurity education in universities. In 2018, they began promoting hacking competitions through government ministries.

Inside the Machine: The I-Soon Leaks

In 2024, the world got a rare glimpse into China's hacking ecosystem through a data leak from the Chinese cybersecurity firm I-Soon. The leaked documents, posted on GitHub, suggest the Chinese government uses private firms to carry out hacking operations on its behalf.

Chat Logs and Hacking Techniques

The I-Soon leaks included revealing chat logs between engineers, showing their hacking techniques. For example, one engineer boasted an "80% chance" of getting into a system, followed by "Mail server! Mail server!" indicating a successful breach.

The Pervasiveness of Hacking

One unique aspect of the I-Soon documents is that they reveal contracts with not just national and provincial law enforcement, but also city-level police departments. This is like city police departments in the US contracting out hacking services. The leaks also showed a direct line from hacking contests to these firms, which then use the discovered vulnerabilities to hack on behalf of the Chinese government.

US Indictments and China's Response

The US has since indicted I-Soon employees and government officials. In response, China has denied involvement and accused the US of conducting its own cyber espionage.

Cyber Espionage: A Global Game

Tensions between the US and China have led to increased cyber espionage and disruption campaigns worldwide.

Ripple Effects: Targets and Consequences

Targets include phone companies and state agencies in India, Malaysia, and Taiwan, as well as the British government and think tanks in London.

Salt Typhoon and Volt Typhoon

Two suspected Chinese state-backed hacking groups have been identified: Salt Typhoon and Volt Typhoon. Salt Typhoon allegedly breached the US Treasury and telecommunication networks like Verizon, AT&T, and Lumen, stealing call data and records. Volt Typhoon infiltrated critical infrastructure using a technique called "living off the land," which makes them hard to detect because they blend in with normal activity.

Dragos: Simulating Critical Infrastructure Hacks

Dragos, a US-based industrial control system security firm, simulates critical infrastructure hacks to identify vulnerabilities.

The Domino Effect: Consequences of Infrastructure Attacks

Attacks on infrastructure can have a domino effect. For example, a power outage can affect hospitals that rely on generators, but what happens when the oil refinery powering those generators is also compromised? The consequences can quickly cripple essential services.

The Guam Hack

The Volt Typhoon hack on Guam, which hosts a key US military base, highlights the potential strategic implications of cyber warfare. Disrupting Guam's systems could hinder the US response in a conflict.

Facing the Threat: The Future of Cyber Warfare

China's hacking program is massive—larger than every other major nation combined. So, what can be done?

While preventing all Chinese hacking activity may be unrealistic, pushing for international norms around responsible disclosure is crucial. This promotes online safety and helps protect critical infrastructure.

The Chinese cyber threat is real and growing, but awareness, vigilance, and international cooperation can help mitigate the risks.