For Washington, the implication of China’s growing capability is clear: in a future conflict, China could put US communications, power and infrastructure at risk.
China’s biggest hacking campaigns had been “strategic operations” intended to intimidate and deter rivals, said Nigel Inkster, a senior adviser for cybersecurity and China at the International Institute for Strategic Studies in London.
“If they succeed in remaining on these networks undiscovered, that potentially gives them a significant advantage in the event of a crisis,” said Inkster, formerly director of operations and intelligence in the British Secret Intelligence Service, MI6. “If their presence is – as it has been – discovered, it still exercises a very significant deterrent effect; as in, ‘Look what we could do to you if we wanted’.”
The rise of the MSS
China’s cyber advances reflect decades of investment to try to match, and eventually rival, the US National Security Agency and Britain’s Government Communications Headquarters, or GCHQ.
Loading
China’s leaders founded the Ministry of State Security in 1983, mainly to track dissidents and perceived foes of Communist Party rule. The ministry engaged in online espionage but was long overshadowed by the Chinese military, which ran extensive cyberspying operations.
After taking power as China’s top leader in 2012, Xi Jinping moved quickly to reshape the MSS. He seemed unsettled by the threat of US surveillance to China’s security, and in a 2013 speech pointed to the revelations of former US intelligence contractor Edward Snowden.
Xi purged the ministry of senior officials accused of corruption and disloyalty. He reined in the hacking role of the Chinese military, elevating the ministry as the country’s primary cyberespionage agency. He put national security at the core of his agenda with new laws and by establishing a new commission.
“At this same time, the intelligence requirements imposed on the security apparatus start to multiply, because Xi wanted to do more things abroad and at home,” said Matthew Brazil, a senior analyst at BluePath Labs who has co-written a history of China’s espionage services.
Since around 2015, the MSS had moved to bring its far-flung provincial offices under tighter central control, said experts. Chen Yixin, the current minister, has demanded that local state security offices follow Beijing’s orders without delay. Security officials, he said on a recent inspection of the north-east, must be both “red and expert” – absolutely loyal to the party while also adept in technology.
After taking power as China’s top leader in 2012, Xi Jinping moved quickly to reshape the MSS.Credit: Getty Images
“It all essentially means that the Ministry of State Security now sits atop a system in which it can move its pieces all around the chessboard,” said Edward Schwarck, a researcher at the University of Oxford who is writing a dissertation on China’s state security.
Chen was the official who met with Burns in May 2023. He gave nothing away when confronted with the details of the cyber campaign, telling Burns he would let his superiors know about the US concerns, the former officials said.
The architect of China’s cyberpower
The Ministry of State Security operates largely in the shadows, its officials rarely seen or named in public. There was one exception: Wu Shizhong, who was a senior official in Bureau 13, the “technical reconnaissance” arm of the ministry.
Loading
Wu was unusually visible, turning up at meetings and conferences in his other role as director of the China Information Technology Security Evaluation Centre. Officially, the centre vets digital software and hardware for security vulnerabilities before it can be used in China. Unofficially, foreign officials and experts say, the centre comes under the control of the MSS and provided a direct pipeline of information about vulnerabilities and hacking talent.
Wu has not publicly said he served in the security ministry, but a Chinese university website in 2005 described him as a state security bureau head in a notice about a meeting, and investigations by Crowd Strike and other cybersecurity firms have also described his state security role.
“Wu Shizhong is widely recognised as a leading figure in the creation of MSS cyber capabilities,” Joske said.
In 2013, Wu pointed to two lessons for China: Snowden’s disclosures about American surveillance and the use by the United States of a virus to sabotage Iran’s nuclear facilities. “The core of cyber offence and defence capabilities is technical prowess,” he said, stressing the need to control technologies and exploit their weaknesses. China, he added, should create “a national cyber offence and defence apparatus”.
China’s commercial tech sector boomed in the years that followed, and state security officials learned how to put domestic companies and contractors to work, spotting and exploiting flaws and weak spots in computer systems, several cybersecurity experts said. The US National Security Agency has also hoarded knowledge of software flaws for its own use. But China has an added advantage: it can tap its own tech companies to feed information to the state.
“MSS was successful at improving the talent pipeline and the volume of good offensive hackers they could contract to,” said Dakota Cary, a researcher who focuses on China’s efforts to develop its hacking capabilities at SentinelOne. “This gives them a significant pipeline for offensive tools.”
The Chinese government also imposed rules requiring that any newly found software vulnerabilities be reported first to a database that analysts say is operated by the MSS, giving security officials early access. Other policies reward tech firms with payments if they meet monthly quotas of finding flaws in computer systems and submitting them to the state security-controlled database.
“It’s a prestige thing and it’s good for a company’s reputation,” Mei Danowski, the co-founder of Natto Thoughts, a company that advises clients on cyber threats, said of the arrangement. “These business people don’t feel like they are doing something wrong. They feel like they are doing something for their country.”
This article originally appeared in The New York Times.
Get a note directly from our foreign correspondents on what’s making headlines around the world. Sign up for our weekly What in the World newsletter.
