CCIA releases report 'US Threats and Sabotage to the Security and Development of Global Cyberspace'

The internet is a shared home for mankind. In order to maintain its global hegemony, the United States has abused its information technology and resource advantages, engaging in wiretapping and espionage, creating public opinion, manipulating public sentiment, undermining rules, decoupling supply chains. These actions run counter to the global digitization process and have made the US the world's largest perpetrator of cyberattacks, producer of cyber weapons, and disruptor of cyberspace order.

To expose the hegemony and bullying behavior of the United States in cyberspace, the China Cybersecurity Industry Alliance (CCIA) has organized the compilation of the report "US Threats and Sabotage to the Security and Development of Global Cyberspace" (both Chinese and English versions) (hereinafter referred to as the "Report").

The Report, from the perspective of cybersecurity expertise, employs empirical analysis to closely track the specific actions of the United States that threaten and undermine global cyberspace security and development.

Drawing on reports and articles published by government departments, global cybersecurity companies, research institutions, and news media in recent years, it integrates various analytical processes and research results to systematically analyze the serious threats and damages caused by the United States to global cyberspace security and development, as well as to world peace and stability, and the civilization and progress of human society.

The Report is divided into six sections based on behaviors and timeline, mainly covering the US infiltrates and subverts foreign governments via the Internet, performs indiscriminate cyber surveillance and espionage, attacks and deters against other countries in the cyberspace, triggers a cyber arms race, abuses political measures to disrupt the global industry and supply chain, and sabotages cyberspace rules and order.

The following is the full text of the Report:

US Threats and Sabotage to the Security and Development of Global Cyberspace

Preface

Cyberspace is the home of mankind. But to maintain hegemony, the US abuses its IT and resource advantages and extended hegemony to the cyberspace. It conducts cyber espionage and theft, shapes and manipulates public opinion, breaks rules and seeks decoupling and disrupts supply chains. It has been the biggest cyber attacker, cyber weapon maker, and cyber order breaker in the world. It is seriously threatening the development and security of the global cyberspace, the peace and stability of the world, and the civilization and progress of human society.

1.Infiltrating and subverting foreign governments via the Internet

The US uses the Internet as a subversion instrument. Against the target countries, it performs ideological infiltration and control, spreads fake news, smears their governments, incites the people, misleads public opinion, interferes with their internal affairs and subverts their state power via the Internet.

Since 2003, many abnormal regime changes have happened in the Eurasian region. As shown in Georgia's "Rose Revolution", Ukraine's "Orange Revolution" and Kyrgyzstan's "Tulip Revolution", protests and riots happened in elections and evolved into overall political crises. Dubbed as the "second CIA", the National Endowment for Democracy (NED) is long funded by Congress and the White House. On March 29, 2022, Damon Wilson, president and CEO of NED, acknowledged the US had planned "color revolutions" in the region via the Internet.

In 2011, the so-called "Arab Spring" originated from Tunisia, overwhelmed West Asia and North Africa, and caused social turmoil, tens of thousands of casualties and a loss of one trillion dollars. Based on Twitter, Facebook and other social media, the US shaped public opinion, incited people, and advocated Western values. It incited people to take to the streets to trigger social turmoil and regime changes. On February 25, 2022, the former US Secretary of State Hillary Clinton acknowledged that "We did some of that in the Arab Spring" in an interview with MSNBC when talking about interfering with other countries via the Internet.

In August, 2022, Stanford Internet Observatory and the research company Graphika jointly published a report Unheard Voice: Evaluating five years of pro-Western covert influence operations. The report showed popular social media outlets like Twitter, Meta and Instagram had a number of interconnected sham accounts funded by the US government. The accounts used deceptive tactics to cover covert campaigns for almost five years to support the US and its allies and oppose countries including Russia, China and Iran.

2. Performing indiscriminate cyber surveillance and espionage

The US takes "national interests" as an excuse, and abuses its IT and industrial advantages to spy on the world in cyberspace massively, systemically and indiscriminately. From civilians to national leaders, politicians to international organizations, diplomatic missions to firms, no one can be exempt from the US intelligence agencies even including the US allies. The US data theft has breached global Internet users' privacy, trampled on human rights and infringed upon the sovereignty of other countries.

In 2007, the National Security Agency(NSA) started a top-secret surveillance program PRISM to monitor global communication, including that of the US citizens, from the servers of nine such Internet giants as Google, Facebook and AOL. In June, 2013, the former defense employee and subcontractor Edward Snowden disclosed to The Guardian and The Washington Post secret files of PRISM. The files showed the US government had been tracking real time data including emails, live chats, videos, audios, files and photos and monitoring everything about the targets. On June 7, 2013, the then US President Obama acknowledged the program. The Washington Post later noted that the NSA's surveillance was covert and might be illegal.

In 2015, WikiLeaks published that the US spied on 35 Japanese targets including Japanese cabinet members and Mitsubishi. In February, 2020, The Washington Post, ZDF and SRF published a joint investigation report and revealed the CIA and the German Federal Intelligence Service used a Swiss communications encryption firm Crypto AG to spy on governments and firms by covertly controlling Crypto's encryption products sold to 120 countries.
In May, 2021, DR reported the NSA and the Danish Intelligence Service wiretapped leaders of EU countries including then German Chancellor Angela Merkel. On May 31, 2021, President Macron and Chancellor Merkel attended a virtual Franco-German Council of Ministers meeting and requested the US and Denmark to explain. "This is unacceptable among allies", said President Macron.

In early April, 2023, The Washington Post and many media outlets reported a leak of many US military intelligence documents on the Ukraine crisis. The leaked documents showed the US eavesdropped on the UN Secretary-General Guterres and leaders of other countries such as the Republic of Korea and Israel. On April 18, UN spokesman Stephane Dujarric said the UN had officially expressed to the US its concern on the above mentioned media reports.

3. Attacking and deterring other countries in the cyberspace

Based on its cyber advantages, the US uses cyber deterrence as a major instrument of its hegemony. Cyber deterrence is increasingly becoming its preference in international relations. The US frequently attacks other countries in cyberspace, uses cyberspace as a main battlefield of a new Cold War, and adopts a "defend forward" tactic based on all its state power including politics, economy, diplomacy and the military. In particular, the US takes civilian critical infrastructure cyber attacks as a new method to maintain hegemony and achieve political, economic and military objectives. This greatly harms the security, development and social stability of other countries.

In December 2010, the Stuxnet virus was used to attacked the Iranian Natanz Nuclear Power Plant. It destroyed a number of centrifuges and delayed related nuclear projects. On June 1, 2012, New York Times reported Stuxnet originated from a program "Olympic Games" of the US government around 2006. This was the first cyber weapon attack in the real world. The US was so excited to find the cyber warfare cost much lower than the traditional warfare that it soon established cyber forces. It has been the initiator and source of global cyber warfare.

"Equation Group" is a cyberattack group with notorious track records. But the US supports it in cyber attacks globally. On August 13, 2016, a famous hacking group "The Shadow Brokers" revealed in social media that the leaked data showed the "Equation Group" had hit over 45 countries in over ten years. The attack manual and string of malware program were exactly the same with those of PRISM. The evidence indicated the link between the "Equation Group" and the US NSA.

In 2018, the US published the DoD Cyber Strategy, which initiated the "hunt forward" principle of cyber warfare, and extended its cyber defense line to other countries. In the mid of October, 2022, the US Cyber Command (CYBERCOM) published policy documents on cyber warfare. Based on the documents, the objective of the US cyber operations was to "own the domain"; the US cyber forces put critical infrastructure as legitimate targets during times of cyber conflicts; and pursued preemptive strike as an offensive strategy. This showed the US militaristic ambition to seek hegemony in cyberspace. Since 2018, CYBERCOM has conducted over 40 operations in over 20 countries including Estonia, Lithuania and Ukraine. It used the so-called "situational awareness" and the "defend forward" methods to uncover, locate and expose adversaries' cyber operations to conduct cyber deterrence and strikes. In December, 2022, French COMCYBER commander Aymeric Bonnemaison told the parliament that the US CYBERCOM's hunt forward operations in Europe were "quite aggressive". Hunt forward operations were only excuses of the US cyber espionage and attacks and had made its European allies very uneasy.

On June 1, 2022, Sky News reported that Paul Nakasone, Commander of US CYBERCOM and Director of National Security Agency, acknowledged in an interview that in December, 2021, the US sent a cyber force to Ukraine and stayed there for about three months. In the Ukraine crisis, the US also "conducted a series of operations across the full spectrum; offensive, defensive,(and) information operations." This was the first time that a senior US official confirmed the US cyber attacks against another country.

On September 5, 2022, China's National Computer Virus Emergency Response Center and Qihoo 360 Technology Co Ltd published a Report on the Cyber Attacks of NSA on China's Northwester Polytechnical University (NPU). The report showed NPU's network had been repeatedly attacked by overseas hackers attributed to Office of Tailored Access Operation(TAO) under NSA for years. TAO infiltrated and controlled NPU's critical information infrastructure with over 41 dedicated cyber weapons to steal key network equipment configuration, network management data, and operation and maintenance data.

On July, 26, 2023, Wuhan Municipal Emergency Management Bureau published a statement that CVERC and Qihoo 360 detected a cyber attack from overseas organization on its earthquake monitoring center. Some front-end station collection points of earthquake reporting data had been implanted with backdoor programs. The media later reported that the recent investigation found very complex backdoor malware that fit the characteristics of US intelligence agencies. This was the latest example of the US cyber attack on China's critical Chinese infrastructure with a clear military reconnaissance purpose.

4. Triggering a cyber arms race

The US is the culprit of cyber arms race. It viewed cyberspace as a new battlefield, introduced new combat concepts, and conspired to dominate this new battlefield. Early in 2009, the US founded the first cyber command in the world and continued to strengthen cyber forces. It had built dozens of large intelligence-gathering systems and developed a huge armory of cyber weapons. Instigated by the US, its allies soon followed suit and the cyber arms race is getting white-hot globally.

By 2015, the US had developed over 2,000 cyber weapons including worms, Trojans, logic bombs and trapdoors. EternalBlue was a tool accidentally leaked from the NSA's cyber armory. It was later changed into the WannaCry virus. On May 12, 2017, the WannaCry ransomware attack erupted, hit about 300,000 computers in over 150 countries, and caused a loss of up to 8 billion dollars.

On August 18, 2017, CYBERCOM was elevated to the US 10th combatant command as equal to the US Central Command. Until September, 2018, the US Cyber Mission Force(CMF) had had 133 cyber teams, including 13 Cyber National Mission Teams, 68 Cyber Protection Teams, 27 Cyber Combat Mission Teams and 25 Combat Support Teams.

5. Abusing political measures to disrupt the global industry and supply chain

The US government uses political security and ideology as an excuse, overstretches the "national security" concept and hypes up the "China threat narrative". It ignores China's adherence to the independent foreign policy of peace over the decades, smears China's great contribution to the global cyberspace and voice of justice, and forces its allies to take sides. It ignores the international order after WW2, the basic principles of cyberspace, and the UN consensus on "developing and implementing globally interoperable common rules and standards for supply-chain security". It abuses its export control measures, oppresses foreign firms or entities with political, economic and financial measures, and creates "exclusive small cliques". It has disrupted global trade, violated market laws, undermined market rules and trade order, and destabilized global industry and supply chain.

The US Department of Commerce has put a number of firms and entities on the "Entity List" of export control and caused chaos in the global supply chain. Taking China as an example, more than 1400 Chinese entities were on the list spanning industries including telecommunication, finance, and transportation before September, 2023. The list included technology firms like Huawei and SMIC, and research and education entities like Harbin Institute of Technology and the Institute of Computing Technology of Chinese Academy of Sciences.

In May, 2019, the US gathered 32 countries for the "Prague 5G Security Conference" in Czech Republic, jointly published the "Prague Proposals", and conspired to ban China's 5G products from the policy, security, technological and economic aspects. The US also pressed European, Asian and African countries to ban Huawei's 5G products. Globally, many media and industrial experts argued that banning Chinese companies from 5G was an embarrassing request against global digitalization and its future development.

In September, 2021, the US used "increasing supply chain transparency" as an excuse and forced hundreds of major firms throughout the semiconductor supply chain including Apple, Microsoft, Intel, TSMC and Samsung to submit their confidential information including customer information, sales data, chip inventories and expansion plans. The request put their confidential corporate information at the risk of leakage, cut their advantages in price negotiations with the US firms, eroded the trust and confidence of global customers and undermined the semiconductor supply chain in the world.

In August, 2022, US President Biden signed the CHIPS and Science Act and forced international firms to side with the US. Based on the Act, the US government requested foreign firms like TSMC and Samsung who would benefit from the American chip industry subsidies to set up chip plants in the US. In this way, the US could dominate the industry chain of high-end chips and harass the chip industry of other countries.

In April, 2024, US President Biden signed a package of "Foreign aid bills", which included forcing ByteDance to divest its TikTok US business within nine months, or it would banned in United States. This regulation fully reflects the United States' double standard to maintain its cyber hegemony of controlling and manipulating international public opinion platforms. On one hand, it advocates freedom and democracy internationally while selling social media platforms it controls to nearly all countries worldwide. On the other hand, it broadens the notion of national security, exploiting legal measures for coercive and predatory actions.

6. Sabotaging cyberspace rules and order

The US deems itself the "leader" of cyberspace and makes most of the defects of cyberspace like unsound regulations and imbalanced development to strengthen its "superpower hegemony". It puts its own interests over the interests of the world and puts the global cyberspace into a "security dilemma", "promise-breaking deadlock" and "trust-breaching panic".

On September 23, 2019, the US and another 27 countries published a Joint Statement on Advancing Responsible State Behavior in Cyberspace. This statement distorted and tampered with the framework of responsible state behavior and deviated from the consensus the US and its cohorts had agreed with. This fully illustrated the US all-time principle of applying international law in a selective and utilitarian way. The US deliberately ignored the aspiration of the international society to build a "peaceful cyberspace" and divided the cyberspace into "peacetime" and non-peacetime. Its intention was to legalize its offensive military operations in cyberspace and make the cyberspace a new battlefield. Such behavior maliciously aggravated cyber conflict risks among countries and was detrimental to cyberspace peace and security.

On April 28, 2022, the US gathered over 50 countries and jointly published a Declaration for the Future of the Internet. It openly affirmed "to promote and sustain an Internet that is global and interoperable". In reality, it discarded multilateral platforms like the UN, created "small cliques" based on ideology, and undermined the international order and rules with "gang rules" of blocs. The so-called declaration was a latest example of US intention to divide the cyberspace and trigger cyber confrontation.

Conclusion

Cyberspace is a shared space of mankind. Every country has shared interest and future in cyberspace, and aspires to a peaceful, secure, open, cooperative and orderly cyberspace. But the US recklessly maintains its cyber hegemony, pursues "absolute security" of itself at the cost of other countries, and even pursues a way of undermining and splitting the cyberspace. The US vicious deeds impede global digitalization, run against the history, and must be denounced by the world. For the interest of mankind, governments of conscience, firms, social organizations, scholars and netizens aspiring to fairness, justice and freedom should strengthen dialogues and cooperation, promote development, maintain security, pursue joint governance and shared benefits, build a community with a shared future in cyberspace, and work for a brighter future for mankind.