The administration also said China was behind a specific ransomware attack against a US target that a senior administration official said involved a “large ransom request” — and added that Chinese ransom demands have been in the “millions of dollars.”
Our conversation, conducted via Slack and lightly edited for flow, is below.
What Matters: How big of a deal is it that the US and its foreign allies are accusing China of widespread malfeasance in cyberspace?
BF: It’s a pretty big deal. For one thing, until now the Biden administration has been more focused on Russian hacking than on Chinese hacking, so it raises the profile of malicious Chinese cyber activity. For another, while past US administrations have been willing to call out China for hacking, it’s notable that this time the US got so many other countries and allies involved.
For example, this marks the first time that NATO has condemned Chinese cyberattacks. And there are many countries within NATO that have complicated relationships with China that they might not want to upset, so cybersecurity experts say it’s a victory for the US that it was able to present a unified front. The coordinated accusations also set the stage for future sanctions, potentially.
What Matters: An official told CNN that China’s activities include “cyber-enabled extortion, crypto-jacking and theft from victims around the world for financial gain” along with ransomware attacks. How serious are these activities?
The actors called out by the Biden administration on Monday are described as “criminal contract hackers” that do hacking on behalf of Beijing, but also for their own personal gain.
What Matters: Biden said he isn’t applying sanctions on China for its role as his team continues to determine the extent of Beijing’s actions. What goes into these investigations and why do they take so long?
BF: Because hackers can use virtual private networks, cloud-based servers and other tricks and tools to hide their true locations, it can be really difficult to trace any given cyberattack back to its source. Experts typically have to use sophisticated forensic techniques — like comparing code fragments and looking for patterns — to come up with an educated guess as to which groups might be responsible for an attack. And even then, officials usually caveat their attributions by stating how confident they are.
What Matters: What kinds of vulnerabilities have the cyberattacks against the US exposed?