Website defacement played a large part of the standoff between China and the Philippines over the Scarborough Shoal/Huangyan Island. From April 20 until May 18 hackers on both sides traded blows, posting messages claiming sovereignty over the disputed islands and taunting the other side. Chinese hackers attacked the websites of the Department of Budget and Management and the University of Philippines, and posted the Chinese flag on the Philippines News Agency site; Filipino hackers responded with attacks on government sites and the message: “You may continue bullying our country’s waters but we will not tolerate you from intimidating our own cyber shores.” After three Chinese surveillance ships cut the exploration cables belonging to a Vietnamese ship on May 26, Chinese and Vietnamese hackers defaced and brought down thousands of websites.
China’s most recent territorial flare up with Japan over the Diaoyutai/Senkaku Islands has involved confrontations at sea, heated rhetoric, and amphibious landings by nationalist activists, but notably missing is widespread website defacement, with only the website of the National Nara Museum attacked. Chinese hackers have talked about possible targets, listing IP addresses and email addresses, but there has been no reported follow up. Given what happened with the Philippines and Vietnam, one would have expected a great deal more activity. So what’s happening?
Two possible explanations. Perhaps Japanese and Chinese hackers have reached a point where they view website defacement as ineffective against the other side and are relying on more sophisticated attacks to cause real damage. Though I am not too convinced of the strength of this argument, in September of 2010 members of the hacking group the Chinese Honkers Union argued against “pointless attacks” and instead suggested that hackers concentrate on real attacks that “fatally damage the enemy’s network or gain access to its sensitive information,” adding that “any attack will be executed silently.”
Second, widespread website defacement/political hacking may be more likely when there is a serious power differential between the two sides. With a big gap, the more powerful state is fairly confident that it dictates outcomes at any level of conflict and assumes that the weaker state will not escalate. Taking websites down is low risk. For the weaker side, cyber is an asymmetric weapon that has the added benefit of plausible deniability. It is also relatively confident that the other side does not escalate since it will look like it is overreacting.
With China and Japan, the two sides are near competitors in conventional military strength and the stakes are higher. Neither side can be confident that it controls the escalation ladder or that it can manage signaling. As with the case of the citizen who tore off the flag from the car of the ambassador, website defacement can pour fuel on the fire when the two sides would like to start reeling the conflict back in. Moreover, as Evan Osnos points out, outbreaks of nationalism are a qualitatively different phenomena now that China has over 500 million Internet users.
To strengthen the second argument, it would be nice to see some evidence of the Chinese or Japanese governments coordinating attacks, and eventually signaling to hackers that attacks should not happen or should stop. The role and position of patriotic hackers remains unclear, and the argument could quickly become ad hoc. Hacking between Japan and Korea may be an exception to the power differential rule, one grounded in the fact that there is very little chance of military conflict between two important U.S. security partners.
Cyber conflict is new so there are relatively few cases to study. This is changing, but if analysis is going to truly progress it will have to include this instance between China and Japan, an instance of non-conflict.