Reacting to Chinese Cyberattacks

[0] From New York Times, I'm Michael Babaro.

[1] This is Daily.

[2] After blaming Russia for a major hacking operation last year, the U .S. is sanctioning more than 30 individuals and entities after intelligence...

[3] The Biden administration responded with extensive sanctions designed to punish its government.

[4] There are some of the most punitive U .S. measures taken against Russia in years.

[5] That did not happen this week, after the administration blamed China for a lot of.

[6] a similar hat.

[7] President Biden is condemning China for a massive cyber attack, but so far at least not going beyond tough words.

[8] China's not facing any punishments from the United States as of right now, not even sanctions.

[9] Is that a mistake?

[10] Asted Herndon spoke with our colleague, David Sanger, about why the U .S. is taking a different approach with China.

[11] It's Wednesday, July 21st.

[12] David, what is this Chinese cyber attack that the Biden, administration just came out and condemned.

[13] There has been so many of these attacks it feels recently.

[14] It's kind of hard to keep track.

[15] Sure, instead.

[16] It can be a little bit confusing because every time you turn on the TV or open the newspaper, you read about another hack coming out of Russia or China or someplace.

[17] Some of them are state -sponsored.

[18] Some of them are done by private groups.

[19] And this one that the Biden administration was going after, was fascinating because we learned that it was a little bit of each.

[20] So let me just walk you through what happened.

[21] You'll remember that at the end of last year, just during the presidential transition, everybody was transfixed by a big hack that was done by the Russians.

[22] It was called Solar Winds, and it was very ingenious because it got into the supply chain of software that companies use to basically manage their computer systems, network management, and things like that.

[23] So about a month later, people discover that there is another hack or a hack underway involving companies that are running Microsoft software, particularly a system called Microsoft Exchange.

[24] Microsoft dug into it, and the more that some of other investigators did, they discovered that there were breaches all over the place.

[25] And while they initially thought it was a Russian Ultimately, they traced it back to China's Ministry of State Security, which is the main intelligence unit run by the Chinese government.

[26] Microsoft says that Chinese hackers have been targeting its email server software.

[27] They gained access to emails.

[28] In some cases, they took over computers.

[29] Upwards of 30 ,000 U .S. entities were breached in the hack.

[30] Universities, defense contractors, law firms, and infectious disease researchers.

[31] There's enormous frustration I can tell you on the business.

[32] government side.

[33] And so at the end of February and early March, they began sending out warnings to people that said, hey, we think we found an intruder.

[34] This intruder has found a vulnerability in all the software we've given you that we didn't know about.

[35] The company released a patch protecting users from similar future hacks.

[36] However, the patch does not fix issues for those who already had their network breach.

[37] Okay, so this is the cyber attack that the Biden administration decides to come out against.

[38] That's exactly right.

[39] Now, do we know what China was after?

[40] It's a great question, and we're not certain.

[41] But in this case, there were so many companies running this Microsoft Exchange system that it's hard to say exactly what they were looking for.

[42] And they may not have known exactly what they wanted.

[43] they may have simply known that this system is used by many of the biggest defense contractors, by many of the biggest companies in America.

[44] And once they were inside, they could look around and decide what was worth stealing.

[45] This strikes me as pretty brazen from an outsider perspective.

[46] The Chinese government hacking Microsoft, one of the world's most important and integrated companies into the global economy, is that how it was received as a kind of brazen or bold?

[47] thing?

[48] It was brazen and it was bold.

[49] We've seen that before, but it was also indiscriminate, and that was what was new.

[50] Previously, when we've seen the Chinese go into companies or federal agencies, it's usually been a pretty specific attack.

[51] In this case, they just went into everybody's systems and said, once we're inside, we'll figure out what we want.

[52] So the Biden and The administration knew from the start that this was China.

[53] Microsoft had said it.

[54] Their own intelligence agencies were pretty clear.

[55] They understood the Chinese had exploited a vulnerability that no one knew existed in the Microsoft software.

[56] And since the attack had hit many different countries, they decided to go use it as a way to try to show China that the rest of the world, or at least the rest of the Western alliance, was lined up against them on these cyber attacks in a way that we had never seen before.

[57] So they began going around the world, going to countries like Germany, which had seen probably the second largest number of attacks and information losses under this, taking the evidence to them, and tried to get everyone, including all of the NATO nations, lined up to go condemn China simultaneously.

[58] Now, that doesn't sound like a big deal, but it is one.

[59] Because believe it or not, NATO is still so back in the world of old traditional threats that they had never actually condemned a cyber attack, even though cyber attacks have hit their member nations for years and years.

[60] Wait, wait, wait.

[61] NATO has never condemned a cyber attack before?

[62] That's right.

[63] This was the first time.

[64] That feels shock it.

[65] Well, it tells you a little bit about how so much of the Western alliance is still stuck in the old threats.

[66] So it's been a real slog to get them to think about cyber attacks the same way they would think about military attacks.

[67] So part of the effort here was just to get the diplomacy to catch up with the technology.

[68] And what happened here was that the United States basically convinced the European nations, members of NATO, Japan, Australia, others, that if you let this go unchecked, the Chinese would, over time, use techniques like this to get into all of their systems.

[69] So once the U .S. and these other countries agreed to actually condemn China, what do they end up saying?

[70] Well, they were all a little bit different.

[71] The United States really took the lead on this, since it got the brunt of the attack, and they directly accused the Ministry of State Security of being behind this specific hack.

[72] But then they went further, and they said, we also found evidence that the Chinese Ministry of State security wasn't only operating by itself, but that it was condoning and in some cases financing criminal hacking groups and letting them run out of China, which is a charge that in the past we've really only made about Russia.

[73] Now, other countries, including NATO, they weren't as specific, in part because they can't see the kind of evidence the U .S. does.

[74] So most of the Europeans said simply that they were condemning Chinese activity in cyberspace and urging them to respect international law in this area without specifically accusing them of guilt in this individual hack.

[75] So how did China then respond to this coordinated multinational condemnations that came out on Monday for this hack?

[76] Well, instead it was fascinating because it was a combination of dismissiveness and a counterattack on the U .S. for its own cyber.

[77] operations.

[78] What do you mean?

[79] On the dismissive side, they said, oh, we hear this from the Americans all the time.

[80] They're constantly making accusations like this.

[81] They're never really putting out the evidence who can believe this.

[82] But the next thing the Chinese did is that it was really fascinating.

[83] And they said, you know, if you want to talk about cyber criminals, why don't you start looking at yourselves, America?

[84] They said, remember the Snowden disclosures?

[85] Of course, that's going back now, 7 .8.

[86] years.

[87] And in the Snowden era, what did we learn?

[88] We learned that it was the United States that was going into foreign computer systems, conducting exactly the kind of surveillance you're accusing China of doing today.

[89] And in fact, they have a pretty good case to make there.

[90] Because while Snowden talked about revealing government intrusions into the private communications of Americans, all of the most interesting stuff in the Snowden documents actually showed that the national security agency and what later became United States Cyber Command broke into foreign computer systems, including China's.

[91] In fact, they went after Huawei, the big Chinese telecommunications giant, got into their computer systems, figured out how their systems worked in case the U .S. ever needed to counter those systems.

[92] And this was all in the Snowden Docks.

[93] And so the Chinese were saying, hey, if anybody invented the game of breaking into foreign corporate systems and extracting data from them, well, why don't you start looking at Fort Mead, which is where the NSA is located just up near the Baltimore -Washington Airport?

[94] So it seems we have, on the one hand, most of the West condemning China for what the United States is describing as a uniquely indiscriminate and brazen cyber attack.

[95] And on the other hand, you have a Chinese government that is not.

[96] not backing down and is, in turn, pointing fingers back at the United States.

[97] What you have here is a formula for escalation and further confrontation.

[98] And that's a big problem when you're dealing with the world's largest economy and the world's second largest economy.

[99] We'll be right back.

[100] Okay, David, so Biden and some of our allies are saying that they're not happy with China for this hack.

[101] But let's talk specifics.

[102] What can the U .S. actually do to punish China for this?

[103] So you know, instead, the normal thing that you would do when you want to go punish a country without actually risking, escalating into a military conflict, is to impose economic sanctions.

[104] And that's exactly what the Biden administration did against the Russians for that earlier hack called solar winds.

[105] But what we've learned is that when dealing with an economy as big as China's, it gets pretty risky.

[106] First of all, a lot of those economic sanctions can blow back on American companies.

[107] You know, our economies are deeply interlinked, right?

[108] You can't walk into Walmart without buying Chinese goods.

[109] You can't walk into an auto parts store without buying Chinese goods.

[110] You can't walk in to an electronic store or go on Amazon without buying Chinese goods.

[111] Whereas with a country like Russia, we've got a lot more leeway because we're not as dependent on them for a range of consumer goods and technology.

[112] So that's one reason.

[113] But the second is China is also just a huge consumer of Western goods.

[114] And so a lot of American companies and a lot of our European allies are extremely reluctant to see the United States government get involved in an economic sanctions war.

[115] You know, when the Germans were thinking about banning Huawei, the Chinese -telegged.

[116] telecommunications company, the Chinese showed up and said, hmm, nice cars you make around here, love those Mercedes, those BMWs.

[117] In fact, as we look at the market, it looks like we're buying about a quarter of all of your luxury cars.

[118] Be a shame if that whole market dried up for you.

[119] And boy, did that change the politics in Germany.

[120] So the Chinese have learned how to go use their role as a huge producer and a huge consumer to not only stave off economic sanctions, but shape the rules of the world economy.

[121] The simple answer seems to be that it's not only unclear that sanctions would impose harm to the Chinese, but it's more clear that it would probably backfire and maybe do some bad stuff to our own economy.

[122] That's right.

[123] And you have to remember, instead, that countries, hack with different strategic objectives and different national interests.

[124] And so you've got to think about a series of incentives and punishments that actually fit what it is that those countries are trying to do when they're attacking you.

[125] And that's why Russia and China have traditionally been quite different.

[126] You know, Russia's fundamentally a weaker state, certainly a weaker economy.

[127] It's got an economy about the size of Italy's.

[128] Its power in cyber comes from its ability to disrupt.

[129] So when we've seen hacks from the Russians, frequently they have been designed to undercut our confidence in our own networks, to make us believe that our systems are vulnerable.

[130] They put code into our electric power grid as a reminder that any time they wanted, they could begin starting blackouts in the United States.

[131] Wow.

[132] I didn't know that.

[133] Yeah.

[134] Now, until now, that's not been the Chinese M .O. here.

[135] The Chinese have largely been interested in stealing intellectual property.

[136] They've usually been about building up their own economy and their own state -run companies by stealing U .S. data.

[137] Traditionally, instead, we've viewed these as very different kinds of attacks.

[138] each of which requires a very different kind of response.

[139] The response to stealing intellectual property is in some ways easier because we have a big body of international law that prohibits stealing copyrighted and patented works, right?

[140] So if the Chinese steal a pharmaceutical firm's drugs for treating COVID -19, we know how to go deal with that.

[141] The problem is that now the Russian disruptive activity is to some degree being mimicked by the Chinese, who are growing bolder, whose ambitions around the world are becoming more obvious, and whose ability to disrupt is linked to the fact that they're building networks all across the globe, whether that means that they're laying undersea cable that they control, or sending Huawei out to build telecommunications networks that they control, they are making the point that they can turn on and off the flow of information around the world or gasoline around the world or supply chains around the world that are feeding American companies.

[142] So China is not only becoming more bold in the cyber attack space, but also seems to be adopting tactics that were typically seen as ones that more aggressive actors like Russia have used in the past.

[143] That's right.

[144] But they've got greater means to go do it.

[145] So if the U .S. is not able to attack China economically to impose sanctions as it would with another country, what can it do?

[146] So a lot of people think that the best option here is actually a diplomatic one.

[147] it's one that begins to set some boundaries about what's out of bounds when you target attacks.

[148] And there you would start with critical infrastructure, where we would all agree the United States, Russia, China, that some things in peacetime are simply off limits.

[149] Do you think that the diplomatic method has a chance of success?

[150] It seems as if it still requires the Chinese to honor some sort of, agreement.

[151] What incentive what they have to do that?

[152] It's a great question, as Ed, because in the past, we've reached agreements with the Chinese on intellectual property, and they've followed them for a few years, and then you saw attacks like the one we've been discussing today.

[153] A few things would make this a lot easier.

[154] First of all, if we are more certain of our ability to attribute an attack to a specific nation and provide that evidence in public, The theory is you can name and shame countries more quickly.

[155] And that's a big change that both the Trump administration and the Biden administration have made in recent times.

[156] Number two is if you can organize the rest of the world to join in those condemnations, it makes it clear to the Chinese that this could be an impediment to their ability to sell their goods, but more importantly sell their influence around the world.

[157] So that's a second element of it.

[158] Is any of this going to be perfect?

[159] No. But you know, instead, we've invented this electronic highway system.

[160] We live on that system each and every day.

[161] We're glued to our phones and to our computers.

[162] And as long as we are addicted to those, we're going to be vulnerable to attacks on those systems.

[163] All we're trying to do at this point is set some boundaries the way we have over the years on nuclear weapons, on chemical weapons, on landmarks.

[164] on everything else that we've used against each other and we've decided over time is doing more harm to society than good.

[165] But based on the trajectory of cyber attacks, even just in the last year, it does feel like things are escalating considerably.

[166] What does that mean for the future of this cyber war?

[167] So instead, we're in a world of perpetual cyber conflict now.

[168] This isn't a set of incidents.

[169] This isn't something that we're going to beat back and make go away.

[170] This is a permanent state of being.

[171] The way the Cold War, in the 1950s, after the United States and then the Soviet Union got nuclear weapons, changed forever how countries deal with each other.

[172] And that means that we've really entered a new digital Cold War.

[173] We're just at the very beginning of this.

[174] Fundamentally, if you had to compare Cold War to Cold War, I would say we're sort of in the mid -1950s.

[175] We've all just discovered we have these horrible new weapons.

[176] We know there's some point at which their use becomes catastrophic, and yet we don't really want to give them up.

[177] And so now we're all just feeling our way, trying to understand how far we can push it, how bad is the risk of escalation, what could go a step too far.

[178] And the fact of the matter is, we don't really know.

[179] Thank you, David, for your time.

[180] Thank you, a step.

[181] We'll be right back.

[182] Here's what else you need to know day.

[183] CDC has released estimates of variants across the country and predicted the Delta variant now represents 83 % of sequenced cases.

[184] In testimony before the Senate on Tuesday, the director of the CDC, Rochelle Walensky, said that the Delta variant of the coronavirus now accounts for the vast majority of all new infections in the U .S. This is a dramatic increase up from 50 % the week of July 3rd.

[185] In some parts of the country, the percentage is even higher, particularly in areas of low vaccination rates.

[186] New daily infections have risen almost 200 % over the past two weeks to 35 ,000, most of them among unvaccinated Americans.

[187] And the Times reports that nearly 60 people connected to the Olympic Games, which are scheduled to begin on Friday, have tested positive for COVID -19, including several within the Olympic Village.

[188] The infections are a major challenge to the organizers of the games, which were delayed by a year, specifically to avoid infecting participants.

[189] Today's episode was produced by Sydney Harper, Luke Vanderplug, Rob Zipko, Austin Mitchell, and Chelsea Daniel.

[190] It was edited by MJ Davis -Land, engineered by Chris Wood, and contains original music by Dan Powell.

[191] It's it for the Daily.

[192] I'm Michael Wobar.

[193] See you tomorrow.