It was 2001 and I was preparing to leave for a war zone. Most summers I spend working with teacher training colleagues at China’s normal universities. But barely two months into the George W. Bush presidency, a mid-air collision between a Chinese Navy J-811 interceptor jet and our U.S. Navy spyplane flying 70 miles off the coast of China’s Hainan Island caused an international dispute.
Our President’s failure to issue an immediate apology (the China pilot lost his life, none of our crew were hurt) and his further threat to withdraw diplomats and cancel a visit to Beijing escalated tensions between our two governments.
This happened April 1, 2001 and it was no joke.
I contacted my university colleagues in China to see if I should call off my visit. They assured me that this was a government-to-government dust up and regular citizens were not caught up in any nationalistic fervor. And indeed, I had another friendly and productive summer.
So where was the "war"?
It was online.
On April 3, Chinese self-styled "cyber-patriots" attacked American websites including that of the U.S. Navy. I would never have known this cyberwarfare was underway if not for an April 24, 2001 report in Allgemaine Zeitung. Reporter Zhou Derong in Frankfort, Germany detailed the extensive online battles.
Was this a Chinese government-sponsored offense? Not at all. These were citizen hackers which Zhou described as "...spoiled only children, successful yuppies in China’s New Economy."
And was China the world center for this civilian warfare? Again, no. Zhou discovered that the blueprint for early hacking was laid down by internet hackers mostly from Taiwan. He traced authorship of the major guide to hacking to a Taiwan hacker named "Coolfire."
With China’s internet use expanding dramatically in the decade since this event, Taiwan has lost its preeminence in citizen cyberwarfare. Now everyone is doing it.
That includes Americans. Even in 2001, when the Chinese citizen hackers "Green Brigade" attacked the American sites, an immediate counter-attack came from American citizen hackers led by "Poisonbox." Zhou was able to document this battle because a German site kept track of the online warfare. None of these were government-led efforts.
It should be no surprise to most of us that the vast bulk of hacking comes from non-government entities. At home and at work, we encounter are under daily attack from hackers trying to steal passwords or freeze our systems. Malware in its many forms is primarily civilian-generated. And the constant virus-antivirus one-upmanship is primarily a civilian battleground.
So why are we today considering any hacking into our vital institutions, from government and military to our power grid, to be primarily the actions of foreign governments? Why does Richard Clarke define cyberwarfare as "actions by a nation-state to penetrate another nation's computers or networks for the purposes of causing damage or disruption" in his book Cyber War? Is it not cyberwarfare when done by civilians? Most cyberwarriors do not wear uniforms.
The Pentagon established a new U.S. Cyber Command in 2010 with both defensive and offensive capabilities. Yes, you have to develop hacking techniques to defend against those techniques. But that also compromises our squeeky-clean position and puts us in the questionable ethnocentric position where our spyplane is good but their plane is bad.
I am no cybersecurity expert. I am a teacher. I know students and have dealt with hacking since I taught in British Hong Kong. Most hackers are male. Although they use many of the same techniques as the internet scammers, they love gaming. And when that grows old, there is no greater challenge than the ultimate game: hacking into real, supposedly "secure" government and military systems. The more challenging, the more thrilling the game.
International disputes serve as rationale to cloak their destructive actions with patriotism. But for us, whether they are really patriotic or just using it as an excuse does not matter.
When some vital national system gets hacked, if we immediately knee-jerk and blame the Chinese or Russian government, we are ignoring the reality that the vast majority of hacking is civilian. And if the kid can get us to take military action because of their spoofed attack—wow, what a high!