New Times,
New Thinking.

How hacking became the new frontier of tensions between China and the West

The Microsoft Exchange attack is the latest addition to a long list of Western grievances held against the rising superpower.

By Jonny Ball

When Xi Jinping became Chinese premier in 2012, some Western observers heralded his takeover as a welcome sign of political and economic liberalisation. Eleven years had passed since China had joined the World Trade Organisation (WTO), an event itself hailed as a victory for Western-style multilateralism. And although the WTO still categorised China as a “Non-Market Economy”, it was felt that the communist state, as a rising economic powerhouse, was a clubbable partner for the capitalist West.

Xi’s takeover presented commentators with the opportunity to continue in the rich vein of Western triumphalism that characterised Nineties and Noughties Sinology. Cheng Li, a senior fellow of the Brookings Institution, a US think tank, predicted that Xi would pursue “policies to promote the development of the private sector”. David Lampton, director of the China programme at the John Hopkins School of Advanced International Studies, claimed his conversations “with people in the United States” led him to believe that the “reigning understanding” of Xi was that he was “‘a guy we can work with’”.

Much was made of the new premier’s backstory. A red princeling scion of a senior party official, his father had been purged and imprisoned during the Cultural Revolution, and the young Xi had spent seven years in internal exile living in cave houses deep in the Chinese countryside. It was thought that this first-hand experience of Maoist overreach would have placed him firmly in the camp of the Chinese Communist Party’s reformist wing, pursuing rapprochement with the West, democratising the opaque structures of the state, and embracing free-market economics. But this was not the case.

In July this year, the UK, EU and US accused China of carrying out a cyber attack against Microsoft Exchange servers. Around 30,000 organisations globally were said to have been affected by the hack, reportedly carried out by Hafnium, a group Microsoft described as “state-sponsored and operating out of China”. From January onwards, IT systems in businesses, local government and state institutions were said to have been compromised. Defence contractors, legal firms and medical researchers were among those that had been spied on. To make matters worse, once the software vulnerabilities had been exposed, other hacker groups also started exploiting them.

The EU said the attack had “resulted in security risks and significant economic loss for our government institutions and private companies”. Dominic Raab, the UK’s foreign secretary, described it as part of “a reckless but familiar pattern of behaviour” from the Chinese state. A consensus has emerged among Western governments that the Hafnium group and its counterparts have affiliations with the Chinese Ministry of State Security, which they say uses armslength hacker organisations as proxy forces. China denies any involvement.

The immediate, unified response of Western allies to the Microsoft Exchange breach gave a signal as to the breadth and depth of the attack, which intelligence officials said was more serious than anything they had witnessed before.

Its scale was said to outstrip the recent SolarWinds campaign, suspected of being undertaken by the Russian authorities against US federal government targets last year. That had led to ramped-up sanctions on Vladimir Putin and the Russian Federation, but so far there has been little practical response to this latest incursion, save for a large amount of sabre-rattling: Nato’s General Secretary Jens Stoltenberg even warned that cyber attacks against member states could lead to land, sea or air responses from the military alliance and a triggering of the Article 5 common security pact (only ever invoked once – by the US after September 11).

[Read more: How the SolarWinds hack has exposed the centrality of cyber security in geopolitics]

“People often try and segment this as a separate cyber security issue,” says Chris Painter, an associate fellow at Chatham House and former senior cyber official working at the FBI, US Department of Justice, White House National Security Council and State Department. “The way I look at it is not that we have a cyber problem with China, we have a larger geopolitical issue with China… [and] cyber is part of that larger geopolitical fabric.”

When Donald Trump became president in 2016, US attitudes towards China’s seemingly inexorable rise hardened aggressively. Trade barriers were erected between the great power rivals after Trump’s Republicans made an appeal to working-class voters in deindustrialised Rust Belt states a key part of their election platforms. China’s unfair, mercantilist trade practices, including industrial subsidies, domestic preference, and maintenance of an artificially cheap currency were cited as primary factors behind the decline of US manufacturing. “China’s entrance into the World Trade Organisation,” said Trump, “has enabled the greatest job theft in the history of our country.”

Open rivalry with the People’s Republic has continued into the Biden era, with anti-China tariffs maintained, and a multi-trillion-dollar spending package brought to Congress aimed partly at restoring US competitiveness in industry and infrastructure, countering China’s economic might. The last two administrations have done away with a bipartisan policy of “strategic engagement” that had held since President Nixon’s 1972 meeting with Mao. Biden’s Democrats are pursuing a policy of government intervention and protectionism that edges the US’s liberalised Anglo-Saxon economy just a little closer to something resembling China’s own statist system, but nevertheless aimed at decoupling itself from the rising power by reshoring industry and bolstering domestic supply chains.

The recent deal between the two countries at the Cop26 summit provided a rare glimmer of bilateral cooperation. As the two biggest emitters of greenhouse gases, both agreed to ramp up efforts to reduce coal consumption, introduce methane targets and protect forests. Prior to that, observers had cast doubt on the ability of the two superpowers to set aside their differences at the conference.

Despite this unexpected success story, cyber is just one field of many where the two global hegemons now stand in a tense face-off.

“Given the tensions with the US,” says Painter, it’s “not surprising” that China is engaging in malicious cyber activity. Relations have deteriorated so far, he says, that they now have “no incentive to rein themselves in”.

Xi’s People’s Republic, against the predictions of many, has abandoned his reforming predecessor Deng Xiaoping’s foreign policy doctrine, which favoured “keeping a low profile and biding your time”. Instead, a stance of aggressive “wolf warrior diplomacy” has been adopted, pursuing open competition, including propaganda and information warfare with the West. But is China the only aggressor in cyberspace?

“I work on the principle that both sides do it,” Martin Jacques, author of the acclaimed book When China Rules the World, tells Spotlight. “The Western media is ridiculous. It presents these things as totally one-sided – as if China is at it and the West isn’t, which is complete nonsense. The United States has an extremely bad record of such spying and espionage. Look at the [Edward] Snowden revelations – they were listening in on everyone, including Western leaders.”

Indeed Snowden, the National Security Agency (NSA) contractor turned whistleblower, who leaked large amounts of classified material on the espionage activities of the NSA in 2013, found the US had spied on 35 world leaders, many of them Nato allies, including the German Chancellor Angela Merkel. His disclosures also revealed specific instances of cyber espionage targeting China, with servers at telecoms equipment giant Huawei hacked along with two of the country’s largest mobile networks.

But for Painter, the Chinese approach stands out as “particularly egregious”. “There are rules a country should play by… To talk about Hafnium’s Microsoft Exchange hack, many people say it’s just espionage,” he says, “but… it was carried out in a very haphazard and grossly negligent manner that left a lot of victims exposed to other criminal activities like ransomware… This wasn’t just the theft of trade secrets, the stealing of information (which is bad enough), it actually opened people up to further abuse by non-state actors.”

Lack of regard for intellectual property is another area where Chinese cyber activity stands out as exceptional, Painter claims. He had a hand in negotiating a 2015 agreement between the US and China, which the then president Barack Obama declared would mean an immediate end to “cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage”.

Clearly, the Microsoft Exchange hack breaks that agreement. “It’s not that we haven’t seen malicious Chinese activity in the past,” Painter tells Spotlight. “For many years [before the 2015 deal] we had theft of intellectual property on a grand scale.”

“This is all about the rise of China and the growing influence of the US in the region,” says Jacques. “The real problem for the United States isn’t [the threat of Chinese hackers], it’s that it has been losing economic influence and presence in the most rapidly growing and largest economic region in the world.” As late as 1986, the US was the largest trading partner of all ten member states of the Association of Southeast Asian Nations (Asean), the regional economic bloc, as well as of South Korea and Japan. In that same year, the US’s GDP was 15 times larger than that of China’s. Today, Japan, South Korea and all ten Asean nations count China as their largest trading partner, and, measured by purchasing power parity, China’s economy is now larger than the US’s.

It is that rate of growth, says Jacques, and the relative decline of Western influence, which has prompted the formation of new military alliances like Aukus – between the US, UK and Australia – along with Britain’s defence tilt towards the Indo-Pacific.

Britain’s latest integrated review of defence and foreign policy promised a modernisation of its military and an “embrace of the newer domains of cyber and space”. It warned of a new era of “China’s increasing international assertiveness” and “systemic competition” between “democratic and authoritarian values and systems of government”. We’ve moved a long way from the days when David Cameron and George Osborne posed for photos with Xi Jinping and Manchester City’s star footballers, sipping pints of real ale in country pubs and declaring a “golden era” of relations, with the UK “cemented” as “China’s best partner in the West”.

Cyber incursions, along with disputes over Hong Kong, the South China Sea, and treatment of the Uighur minority in Xinjiang, can now be added to the long list of Western grievances against a rising China that refuses to act how the UK had once hoped.

This article originally appeared in our policy report on cyber security. To read the full report click here.

Content from our partners
The Circular Economy: Green growth, jobs and resilience
Water security: is it a government priority?
Defend, deter, protect: the critical capabilities we rely on