Trans-Pacific View | Security

The Hacker and the State: Cyberattacks and the New Normal of Geopolitics

Insights from Ben Buchanan.

Mercy A. Kuo
The Hacker and the State: Cyberattacks and the New Normal of Geopolitics
Credit: Unsplash

Trans-Pacific View author Mercy Kuo regularly engages subject-matter experts, policy practitioners, and strategic thinkers across the globe for their diverse insights into U.S. Asia policy. This conversation with Ben Buchanan – professor at Georgetown University and author of The Cybersecurity Dilemma and recently published The Hacker and The State: Cyber Attacks and the New Normal of Geopolitics (Harvard University Press, 2020) – is the 229th in “The Trans-Pacific View Insight Series.”

How has hacking changed geopolitics?

Hacking has quickly become a favored and powerful arrow in the quiver of statecraft. Over the last 20 years, a panoply of nations has found that hacking capabilities help them shape geopolitics to their liking. The result is a competition between government hackers that is fierce and nearly continuous; this competition is not unusual, reserved only for war time or extreme circumstances, but daily — it has become a key part of intelligence and military operations. From espionage to overt cyberattacks to election interference and beyond, there is a lot that hackers can do in the service of their states.

Explain the role of state and nonstate hackers in “signaling and shaping” in geopolitics.  

For decades, a lot of the scholarship and public-facing policymaking in international relations has been about signaling. In large part, this was because nuclear weapons were so devastating and so terrible that no one actually wanted to use them, so a great deal of statecraft revolved around signaling resolve, threatening harm, and coercing an adversary to bend to one’s will without going to war. If we think of the dramatic moments of the Cold War, from the Cuban Missile Crisis to arms control negotiations at Reykjavik and beyond, they were almost always instances of signaling on the brink.

Enjoying this article? Click here to subscribe for full access. Just $5 a month.

Shaping is different. If signaling is about changing how the other side plays their hand at the poker table, shaping is about stacking the deck or stealing cards. It is the business of slowly and insidiously competing for an advantage over others. The tools hackers employ are very bad for signaling, because they often need secrecy and because their operations are hard to interpret. But they are excellent for shaping. Each chapter of my book is organized around a different way in which hackers reshape geopolitics, from tapping fiber optic cables to backdooring encryption to covert sabotage to outright attacks to blackouts to brazen theft and more.

Analyze the role and reach of Chinese hacking groups such as Unit 61398 and Advanced Persistent Threat 1 (APT1).        

China has long recognized what hackers can do for its national goals, especially when it comes to espionage. For more than two decades, its hackers have reached into nearly all aspects of its adversaries’ societies, from military capabilities to economic targets to political institutions and beyond. But probably the most famous Chinese hacking group is a unit of the People’s Liberation Army known as Unit 61398, often referred to as APT1 by American analysts. These hackers were prolific in the range and speed of their operations.

In 2013, a major American cybersecurity firm, Mandiant, published a seminal report on APT1. The report revealed a great deal about how the group operated and who they targeted, drawing on Mandiant’s wide customer base for substantial supporting evidence. For the first time, the report identified the unit of the PLA responsible for the operations. The following year, the United States Department of Justice indicted five PLA hackers, providing still further confirmation of the Chinese activity.

The case is striking not just because of the extent of the Chinese espionage operation but because it put hacking on the front pages of American newspapers, a place to which it would return with regularity in the years to come. While during the Cold War many espionage operations were hidden away by classification and other protections, in the modern age cyber operations are much more visible. There is a substantial industry of analysts with great visibility into how and why nations hack, and governments sometimes reveal the activities of their adversaries in indictments or the like; these sources can combine with others to enable people like me to find and tell fascinating spy versus spy stories.

Compare and contrast the methodology behind hacking of state secrets and trade secrets.

No matter who they are targeting, there is a lot of overlap in how hackers go about their business. Many of the same Chinese hacking groups target both government targets in an attempt to steal state secrets as well as economic targets in an attempt to steal intellectual property. The underlying motivations are of course different, but the actual nuts and bolts of carrying out hacking operations are often pretty similar.

Assess how effective the United States and intelligence-sharing entities such as the Five Eyes are countering cyber espionage from China, Iran, North Korea, and Russia. 

There’s no doubt that American targets have been the victim of cyber espionage operations of great significance from each of these countries, but most especially from China and Russia. It is sometimes said that the United States has the nicest rocks, but still lives in a very glassy house; there is only so much America’s powerful offensive capabilities can do when so many of its computer systems are relatively vulnerable to foreign hackers.

That said, I did find some fascinating stories of how American government hackers acted to protect the United States government against foreign hackers. In one instance, I found a secret operation in which American hackers figured out from which computers the Chinese were operating, targeted those computers, targeted the internet service provider the Chinese were using, and ultimately gathered intelligence on what the Chinese hackers were going to do next. With that information, they were able to prepare American defenses and block the attack. It was a sign of how blurry the lines between espionage and counterespionage are in cyberspace and how fierce the competition between hackers and their states can be.