China is the Voldemort of hacking: it that must not be named!

The most striking thing about news of the latest high-level hacking campaign isn’t just that it has been going on for at least five years. It isn’t even that among the victims of the hack attack were some of the biggest world organisations (including the United Nations), some national governments (including India), and some of the biggest companies (defence contractors and high-tech enterprises). The most striking thing about it is that, from all accounts, the hack attack was carried out by Lord Voldemort, the evil antagonist of the fictional boy wizard Harry Potter. He-Who-Must-Not-Be-Named. What else could account for the fact that the cybersecurity expert who narrated graphic details of the cyberwar to Vanity Fair magazine said he would not speculate on which country was behind the hacking operation, named (somewhat curiously) Operation Shady RAT? [caption id=“attachment_53620” align=“alignleft” width=“380” caption=“All we see is a curious walking on eggshells evidently to avoid hurting Chinese sensibilities or avoid risking companies’commercial interests.Cancan Chu/Getty Images”]  [/caption] What else could account for the fact that even some of the victims of the hack attack would not take the name of the suspected hacker – or even acknowledge that they had been hacked into and had lost a wealth of intellectual property? The fact of it is that all the circumstantial evidence in this hack attack — from the choice of targets to the modus operandi to the files that were secured — points to China as the source of the attack. And China’s own record of waging cyberwarfar (more here, here, here, here and here) lends enormous weight to that suspicion. Yet, all we see is a curious walking on eggshells evidently to avoid hurting Chinese sensibilities or avoid risking companies’commercial interests. Last year, Google sensationally went public with its experience of having had its networks violated by Chinese hackers who also stole valuable source code. It’s still paying for that and finds itself increasingly cut off from the Chinese market, whereas Microsoft’s Bing is gaining at its expense. At the time that Google went public, it pointed out that other firms were also known to have been similarly targetted by Chinese hackers. Among them were Morgan Stanley, GE and Disney but – to their eternal shame – the firms refused to speak out for fear of losing their market in China. There is, of course, a due process to be gone through when cases such as Operation Shady RAT come to light. Some scepticism is also warranted when cybersecurity firms play up cyberwar threats: they could just be drumming up business for themselves. One must also be wary of defence departments looking to exaggerate such threats in order to protect themselves from budget cuts. Yet, the conspiracy of silence when it comes to confronting China, based on its record of waging cyberwar, borders on the dangerous. If the belief is that the problem will disappear if it’s not brought up, history has compelling lessons to offer to the contrary. As this writer points out, there were a string of incidents of piracy in and around southern China in the mid-1990s, and although the well-merited suspicion was that Chinese officials were complicit in these attacks, the victims were inhibited from saying it out loud. They were overcome by the fear of invoking Voldemort’s name. Yet, it was only when shipowners and governments shed their timidity and spoke out about the active involvement of the Chinese government in the high-seas piracy that China acted to rein it in. In other words, the name-and-shame tactic worked, not the timid pussyfooting and waiting for a change of heart. Likewise today, it isn’t helpful when victims of Chinese hackers fail to speak out – or worse, end up offering China an alibi. There’s a strong case for them to overcome their fear of invoking Voldemort’s name and their wariness about protecting their commercial interests in China. They have much more to lose by biting their tongue and staying silent.