This week, a collective of democratic nations came right out and said it: China is hacking its way around the globe.
And the most recent example was the Microsoft Exchange hack that impacted thousands of organizations.
In the U.S., leaders from the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and FBI claimed China is talking out of both sides of its mouth.
One side of that mouth says it supports norms in commerce and in cyberspace; the other side is sucking up hacked and stolen data like a Hoover vacuum picks up dirt.
Also this week, the U.S. unsealed criminal indictments against four Chinese nation-state hackers who allegedly created a global trail of cyber destruction.
China is reacting to the charges and this week's unusually candid accusations by the West—and it singled out the United States.
How did China respond? It told the U.S. to look in the mirror.
The U.S. and world vs. China: war of words around hacking
Let's look at what started this week's war of words between the U.S. and China. We'll begin with some snippets from extremely direct statements about Chinese actions in cyberspace, and then we'll go over the Chinese response.
Here is part of what U.S. Secretary of State Antony Blinken said. For now, diplomacy has been replaced with directness.
"The United States and countries around the world are holding the People's Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.
The PRC's Ministry of State Security (MSS) has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain. In addition, the United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber-espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims."
[RELATED: Chinese Nation-State Hackers Stole Ebola Virus Data]
And government agencies around the globe, including the U.S., made their own statements blaming China for doing whatever it wants in cyberspace.
"The National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) assess that People's Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets.
Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property, and personally identifiable information (PII).
Some target sectors include managed service providers, semiconductor companies, the Defense Industrial Base (DIB), universities, and medical institutions. These cyber operations support China's long-term economic and military development objectives."
The U.S. and world vs. China on hacking: China's response
In the war of words, responses from China arrived from multiple directions and hit on several different angles.
The first step was denying the accusations.
Zhao Lijian, a spokesperson for the Chinese foreign ministry:
"'Stop pouring dirty water.' He told reporters the allegations are 'borne out of nothing' and 'solely serve the political purpose of smearing and suppressing' China."
And Liu Pengyu, who is the spokesperson for the Chinese embassy in Washington D.C., tweeted out a number of responses. One of his angles was also denial:
"The US has repeatedly made groundless attacks and malicious smear against China on cybersecurity." And he wrote about the accusations by the U.S. and its allies, "just another old trick, with nothing new in it."
And he followed that up by telling the United States to essentially look in the mirror:
"It's known to all that who is indeed the world's largest source of cyber attacks. This 'hacking empire' spies on both competitors & allies. SEARCH: PRISM, APT-C-39, Crypto AG - and the list goes on and on."
And that tweet linked to statements by other Chinese officials about how the U.S. is the world leader in nation-state based hacking.
And in yet another tweet, he shared these sentiments:
"The internet never forgets. From the Snowden incident a decade ago to the recent revelation of the US tapping senior officials of its allies using undersea cables, a huge pile of facts serve to prove that the US is the 'empire of hackers' and the master of theft of secrets."
That tweet included a clever cartoon depicting the U.S. as the actual "bad actor" but telling the rest of the world China was bad. Check it out:
Nation-state expert on how Chinese respond to accusations
Colonel Cedric Leighton is a CNN Military Analyst and cyber thought leader who keynoted a recent SecureWorld virtual conference.
He says both Russia and China strategically downplay, deflect, or deny hacking and cyberattacks. In some cases, they blame criminal hackers. In other cases, they point fingers at accusers.
However, he says, both nation-states use cyber as a way to level the playing field and achieve their goals.
"China does similar things to what Russia does, but there's a different flavor to them. There's a different way of doing business when it comes to the Chinese and their hacking capabilities.
One of the great things that they do from a data science perspective is that they are absolute masters at data mining. Data mining is what undergirds a lot of what the Chinese are doing from a cyber-attack perspective.
They also engage in phishing attacks, distributed denial of service attacks, and to a great extent also ransomware. There are several different motives. One of them, of course, is espionage. That includes doing things like going after weapons systems, the designs of both military weapon systems, as well as commercial or industrial products."
These are all things that the U.S. and Western nations are now saying more directly than ever about China.
Is this the way Western nations are warning China to stop its activities in cyberspace? Will that matter? We'll see.
