Recently, the U.S. government has launched a series of cyber operations branded as 'typhoons,' beginning with 'Volt Typhoon' and followed by 'Salt Typhoon.' These initiatives have predominantly implicated entities from the Chinese mainland as the culprits behind various cyberattacks.
In response, China's cybersecurity agencies have swiftly countered these allegations. Detailed reports were released, presenting evidence that 'Volt Typhoon' was orchestrated by an international ransomware group rather than actors from the Chinese mainland. These reports also highlighted supposed collaborations between U.S. intelligence agencies and cybersecurity firms, suggesting that these groups might have staged the operations to secure additional funding and staffing. Following the release of this evidence, the U.S. government’s vocal stance on the issue has notably quieted.
The 'Salt Typhoon' operation introduces an ironic element to the narrative. Reports from The Washington Post have revealed that the operation targeted a sophisticated wiretapping and surveillance system established by a U.S. telecom company for federal law enforcement use. The system's extensive surveillance capabilities are reminiscent of the infamous Prism program unveiled in 2013.
This revelation has led analysts to suggest that the U.S. government may be diverting attention from the surveillance system's inherent issues by attributing cyberattacks to 'foreign attackers.' Without such deflection, justifying the system's operations amid growing domestic and international scrutiny could prove challenging. Consequently, the trope of 'Chinese hackers' has been reintroduced as a narrative device, maintaining a dramatic but repetitive discourse.
Insiders indicate that Chinese cyber diplomats have been steadfast in dismissing the unfounded accusations linked to 'Salt Typhoon' and 'Volt Typhoon' during dialogues with their U.S. counterparts. These diplomatic efforts have also emphasized concerns over alleged extensive U.S. cyber espionage and sabotage activities aimed at the Chinese mainland's critical information infrastructure.
On December 18, 2024, the National Computer Network Emergency Response Technical Team Center of China reported two incidents involving the hacking of major tech firms in the Chinese mainland by U.S. intelligence agencies. As anticipated, the U.S. has yet to issue a substantial response to these claims.
An Enduring Debate
Putting aside the specifics of the 'typhoon' operations, the fundamental issue of cyberattacks remains unresolved despite prolonged discussions both within the international community and between China and the U.S. The inherent complexity of cyberspace creates an uneven playing field, where offensive actions often hold the upper hand, and defensive measures struggle to keep pace.
Another significant challenge is the difficulty in attributing cyberattacks accurately. While technical obstacles exist, the more pressing issue is the politicization of attribution. Governments often view attribution not just as a technical process to identify perpetrators but also as a strategic tool to advance broader political objectives. This instrumentalization can undermine the objectivity required for accurate identification of cyberattack sources.
In essence, the narrative around 'Chinese hackers' appears to be influenced more by political and strategic motivations than by unbiased technical assessments. This trend highlights a longstanding pattern where cyber attribution is leveraged to support larger geopolitical agendas, rather than purely addressing the technical aspects of cybersecurity threats.
Reference(s):
cgtn.com
