Home / Blogs

Chinese Hackers and Cyber Realpolitik

Gunter Ollmann

For many people the comments made by Michael Hayden, Former Director of the Central Intelligence Agency, at this week's Black Hat Technical Security Conference in Abu Dhabi may have been unsettling as he commented upon the state of Chinese cyber espionage.

I appreciate the candor of his observations and the distinction he made between state-level motivations. In particular, his comment "We steal secrets, you bet. But we steal secrets that are essential for American security and safety. We don't steal secrets for American commerce, for American profit. There are many other countries in the world that do not so self limit."

Perhaps I grew up reading too many spy stories or watched one-too-many James Bond movies, but I've always considered one of the functions of government is to run clandestine operations and uncover threats to their citizens and their economic wellbeing. The fact that Cyber is a significant and fruitful espionage vector shouldn't really be surprising. Granted, it's not as visual as digging a 1476 foot long tunnel under Soviet Berlin during the Cold War (see The Berlin Tunnel Operation GOLD (U.S.) Operation STOPWATCH (U.K.)) or as explosive as the French infiltration and eventual destruction of the Greenpeace Rainbow Warrior in New Zealand, but in today's electronic society cyber espionage is a necessary tool.

Personally, I think you'd struggle to find a country or government anywhere around the world that hasn't invested resources in building out their cyber espionage capabilities in recent years. It's a tool of modern statecraft and policing.

While the media tends to focus upon the term "cyber warfare" and its many faceted security and safety ramifications, I think that we often fail to divorce a governments need (or even expectation) to conduct espionage and what would logically be covered by the articles (and declaration) of war. Granted it all gets a bit fuzzy — just look at the history of the "Cold War". Perhaps a more appropriate name for the current situation and tensions would be "Cyber Realpolitik”.

China is often depicted as the bogeyman — rightly or wrongly — when it comes to cyber espionage. We increasingly find ourselves drawn into a debate of whether attacks which are instigated or traced back to the country are state-sponsored, state-endorsed, socially acceptable, or merely the patriotic duty of appropriately skilled citizens. The fact of the matter though is that there's a disproportionate volume of cyber-attacks and infiltration attempts coming from China, targeting North American and European commercial institutions. You may argue that this is an artifact of China's population but, if that was the case, wouldn't India feature more highly then? India is more populous and arguably has a better developed education system in the field of information technology and software development — and yet they are rarely seen on the totem pole of threat instigators.

Michael Hayden alludes that China (and other countries) is not opposed to using cyber espionage for commercial advancement and profit, and based upon past observations, I would tend to agree with that conclusion. That said though, I don't think that any country is immune to the temptation. Given the hoopla of the recent U.S. congressional insider trading fiasco and French presidential corruption, I'm not sure that "self limit" approaches work in all cases.

Cyber Realpolitik is the world we find ourselves living in and cyber espionage is arguably the latest tool in a government's clandestine toolkit. We could consume a lot of time debating the ethics and outcomes of modern espionage campaigns but, at the end of the day, it's a facet of international politics and governmental needs that have existed for millennium. For those commercial entities being subjected to the cyber campaigns directed at them by foreign governments, I don't believe this threat will be going away anytime in the foreseeable future. Perhaps the noise surrounding the attacks may disappear, but that may just reflect an increase in stealthiness.

By Gunter Ollmann, CTO at NCC Group Domain Services. More blog posts from Gunter Ollmann can also be read here.

Related topics: Cyberattack, Cybercrime, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

Verisign iDefense 2015 Cyber-Threats and Trends

What's in Your Attack Surface?

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

3 Questions to Ask Your DNS Host About DDoS

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Introducing the Verisign Quarterly DDoS Trends Report

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Sponsored Topics


DNS Security

Sponsored by
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines


Sponsored by


Sponsored by