Cybersecurity & Tech

U.S. Leads Coalition Accusing China of Hacking

Abby Lemert, Eleanor Runde
Thursday, July 29, 2021, 10:32 AM

Lawfare’s biweekly roundup of U.S.-China technology policy and national security news.

Microsoft logo. (Esparta Palma,; CC BY-NC 2.0,

Published by The Lawfare Institute
in Cooperation With

On July 19, the United States, joined by the European Union, NATO, the other “Five Eyes” member nations (Britain, Canada, Australia and New Zealand), and Japan condemned the hacking of Microsoft Exchange email server software, which became public in March and is believed to be the work of hackers tied to the Chinese Ministry of State Security (MSS).

The intensity of the condemnations varied. Secretary of State Antony Blinken accused the MSS of sponsoring an “ecosystem of criminal contract hackers.” The statement from NATO—its first criticism of Chinese hacking—called on China to “uphold their international commitments…including in cyberspace.” Still, coordinated criticism benefits the Biden administration by sending a clear message of America’s desire for “a set of guardrails” in international cyberspace, and by laying the groundwork for future cooperation against Chinese hacking among its allies.

Despite the condemnations, there have not been any sanctions against China for its role in the breach.

Some political figures and cybersecurity experts have criticized President Biden’s response as weak and “not proportionate to the severity of the breach.” According to one top cybersecurity expert, the Microsoft hack was the most reckless operation yet by Chinese actors and, while the administration contends that “further action” is still on the table, there is no reason to delay. Others wondered why it took months for the administration to acknowledge China’s role in the breach; officials pointed to “the scope of the intrusions, the desire to fully understand China's role and the need to recruit allies for a joint announcement.” A week before the coordinated statement, Jack Goldsmith laid out the Biden administration’s pattern of warnings and threats on cyber retaliation, and lamented the stagnation of American cyber policy—which, he argues, has not changed strategically since the Russian interference in the U.S. election of 2016.

Part of the problem is that escalatory retaliation carries special risks to a highly digitized society like the United States. Accordingly, some commentators assess that Biden’s response is properly calibrated to the risks.

Despite the delay and caution of this response, the developments of the past few months suggest a new focus on shoring up American cybersecurity with additional government intervention and guidance in the private sector. In the wake of the Microsoft attack, the FBI requested and received a court order authorizing removal of backdoors from private email servers—the first time the bureau has exercised that type of direct remediation authority. The U.S. Department of Justice has been pursuing two unrelated investigations into Chinese hacking that appear to focus on naval military technology: On July 19, three Chinese state agents and one contractor were indicted for allegedly conspiring to steal warfare plans from the U.S. Navy, as well as “sensitive technologies” for submersibles and autonomous vehicles. The four are associated with APT40, one of China’s most well-known hacking units. A Chinese national was sentenced on July 16 in a separate case for helping to smuggle small military boats—and their specialty U.S.-manufactured multifuel engines—to China. On July 19, the U.S. Cybersecurity and Infrastructure Security Agency released a report detailing the observed tactics and techniques of Chinese state-sponsored cyber operations, including the most frequently exploited vulnerabilities.

In 2015, Chinese President Xi Jinping and President Obama pledged not to sponsor hacks of private companies and theft of trade secrets for commercial advantage. Within a month of that agreement, it appeared that it had been broken. The United States officially accused China of violating the pledge in 2018. Since then, China has become a more sophisticated digital threat, as it transitioned the leadership of cyber operations from the People’s Liberation Army to the MSS.

China’s foreign ministry spokespeople have said that the accusations of Chinese involvement in the attacks are a “smear” and “fabricated.”

U.S. Drops China Initiative Charges But Indicts Chinese “Fox Hunt” Operatives

This week, the U.S. Department of Justice dropped charges against five Chinese academics working in the United States who had been accused of failing to disclose ties to the Chinese military in their visa applications. The department had filed charges against the researchers as part of its China Initiative, a program started by the Trump administration in 2018 to combat Chinese intellectual property theft and other practices of concern. The dropped charges may signal the Biden administration’s intention to combat perceptions of Justice Department overreach under the China Initiative ahead of July 25-26 talks between U.S. and Chinese diplomats.

The five exonerated Chinese researchers were all working in the United States and included biomedical and cancer researchers and a doctoral candidate in artificial intelligence. The main charge brought against the researchers was visa fraud for purportedly lying on their visa applications about ties to the Chinese military. The trial of Tang Juan had been set to begin on July 26. But the department dropped its charges after the defense introduced an FBI report questioning whether the visa application question about “military service” was clear enough for medical scientists who had worked at foreign military hospitals.

The defense has also argued that the researchers are simply victims in the U.S.-China technological rivalry. The department indicated it was dropping the cases in “the interest of justice” but did not elaborate further. The Biden administration has faced criticism for continuing the China Initiative, which some commentators see as plagued by anti-Asian racial profiling rather than an effective strategy to combat Chinese intellectual property theft or economic espionage.

Others, however, believe the counterintelligence risk from China is still very real. That side of the debate was bolstered this week as federal prosecutors in New York brought charges against nine individuals accused of assisting China’s “Operation Fox Hunt,” a global harassment campaign to repatriate Chinese expats facing charges in China. The nine Chinese agents indicted by the Justice Department include several U.S. residents, while others are based in China. One defendant, Tu Lan, is a prosecutor for the Hunyang People’s Procuratorate. Another, Michael McMahon, is a private investigator and former New York City Police Department officer who was hired by the Chinese officials to surveil the U.S. resident targeted by this Operation Fox Hunt mission.

That U.S. resident was not named in the indictment but was described as a former municipal government official in China who came to the United States more than 10 years ago with his family. He faces charges of embezzlement and acceptance of bribes, which carry a possible death penalty in China. According to the complaint, Chinese agents attempted to break into the man’s New Jersey residence and left a note threatening his wife and daughter. They also forcibly flew the man’s elderly father from China to the United States to implore the target to return to China lest his family be harmed.

Jacquelyn Kasulis, the acting U.S. Attorney for the Eastern District of New York where the indictment was filed, said, “Unregistered, roving agents of a foreign power are not permitted to engage in secret surveillance of U.S. residents on American soil, and their illegal conduct will be met with the full force of U.S. law.” In response, Chinese Foreign Ministry spokesperson Zhao Lijian said, “The U.S. ignores basic facts and smears Chinese efforts to repatriate corrupt fugitives and recover illegal proceeds. China firmly opposes this.”

According to the Justice Department, three of the defendants will be arraigned at a later date, while others are not in custody.

Other News

U.S. Deputy Secretary of State Sherman Visits China

U.S. Deputy Secretary of State Wendy Sherman visited Tianjin on July 25 and 26 for high-level meetings with Chinese officials. The goal of her visit, according to administration spokespeople, was not to negotiate but to keep channels of communication open.

The trip makes Sherman the highest-ranking official to visit China since the start of the Biden administration. Ahead of Sherman’s visit, the State Department indicated that the deputy secretary would stress the need for “guardrails”—presumably in areas ranging from cyberspace to trade. Topics for the talks were also set to include human rights in Hong Kong and nuclear weapons in Iran.

In their meeting on July 25, Chinese Vice Foreign Minister Xie Feng told Sherman that relations were in a “stalemate” and that the Chinese saw occasional amiability from the United States as a mere “expediency.” Ahead of his meeting with Sherman, Chinese Foreign Minister Wang Yi promised the United States a “good tutorial” on equal treatment of other countries. Wang and Sherman discussed “responsible management of the U.S.-China relationship;” U.S. concerns over China’s human rights abuses, actions in cyberspace, and aggressions toward Taiwan; and China’s dissatisfaction with American interference in China’s internal affairs.

Immediately after the meeting, Xie announced the publication of two lists detailing Chinese grievances with American actions. One list concerns general “wrongdoings”: U.S. visa restrictions and sanctions on Chinese leaders; suppression of Chinese enterprises; and harassment of Chinese students, researchers, and institutions in the United States. The first list specifically mentions attacks on Confucius Institutes and the demand for extradition of Meng Wanzhou, the chief financial officer of Huawei, who is challenging her extradition from Canada to the United States. The other list concerns individual cases of mistreatment of Chinese individuals and entities in the United States, including the rejection of Chinese student visa applications.

These talks seemed less cordial and less practical than the discussions between U.S. Trade Representative Katherine Tai and Chinese Vice Premier Liu He. Some commentators see echoes of the tense discussions in Alaska in March between Secretary of State Blinken and National Security Adviser Jake Sullivan and their Chinese counterparts. Neither side has proposed a meeting between President Biden and President Xi. The United States suggests that the extension of such an invitation will have to come from China.

Sherman’s visit comes as Secretary of State Blinken visits India and Kuwait, and Secretary of Defense Lloyd Austin visits Singapore, the Philippines and Vietnam. Blinken’s visit to New Delhi will focus on the coronavirus response, stabilization of Afghanistan as U.S. forces withdraw, and responses to Chinese assertiveness. Austin’s visit will center on “revitalizing” alliances and partnerships in the region.

Crowd-Sourced Tech Helps Flooding Relief Efforts in China

Henan province in western China faced record flooding this week, resulting in dozens of casualties as subway and road tunnels filled with water. More than 200 cars were trapped in a highway tunnel in Zhengzhou, the capital of Henan province, as eight inches of rain fell in a single hour. Two months before, the Henan government had touted its “smart tunnel” investments, which used artificial intelligence to monitor traffic, analyze problems and suggest solutions.

The recent disasters indicate how difficult it is for city planners to design for extreme weather events, as Henan received nearly its average annual rainfall amount within a single day. The flooding in China comes weeks after catastrophic flooding in Germany and western Europe killed several hundred, and wildfire smoke from the west coast of the United States blanketed most of the country. Scientists believe the extreme weather globally is attributable to climate change.

Crowd-sourced technologies have come to play a major role in recovery efforts. A spreadsheet circulated on Tencent Docs provided a lifeline for individuals stranded in Zhengzhou after the catastrophic flooding. A college student created the sheet to allow stranded individuals to report their names and identities. Volunteers have entered more than 1,000 data points, and Tencent reports that the document has been viewed more than 2.5 million times. Meanwhile, local officials and the public have used hashtags on Weibo to share information on rescue efforts. WeChat has launched a platform for affected individuals to share their location and contact information.

When Minhe, a town in Henan province, lost cell service for several hours during the peak of the flooding, China Mobile notified users that service would be temporarily restored by a drone. A Pterodactyl 2H drone was used for its capability to restore mobile cellular networks within a 50 square kilometer radius and to enable audio and video communication within 15,000 square kilometers. An hour and a half after the drone was deployed, more than 2,500 mobile phone users in Minhe had connected to the network through the drone. The drone’s manufacturer, the Aviation Industry Corporation of China, was one of the Chinese technology companies blacklisted to U.S. investors by the Biden administration in June.

China has continued to clamp down on critical reporting of the floods, warning domestic media outlets not to “take an exaggeratedly sorrowful tone” or “stir up international public sentiment.” Meanwhile, foreign journalists reporting on the flooding in China have faced threats and harassment from the Chinese public for “smearing China.”

Biden Issues Big Tech Antitrust Executive Order

On July 9, President Biden issued a sweeping executive order on antitrust reform and enforcement that carries major implications for Big Tech. While antitrust experts have heralded the order as a revolution in antitrust policy, it will impact U.S. national security policies as well.

The U.S. foreign policy community has debated whether the size and power of dominant technology firms is a strength or a weakness in U.S.-China competition. The executive order explicitly reaffirms the Biden administration’s commitment to one side of that debate: The U.S. will promote “competition, not … concentration.” The order asserts that “the answer to the rising power of foreign monopolies and cartels is not the tolerance of domestic monopolization, but rather the promotion of competition and innovation by firms small and large, at home and worldwide.”

The implications of the order for U.S.-China competition were spelled out in a speech by U.S. National Security Adviser Jake Sullivan at the National Security Commission on Artificial Intelligence. Sullivan made the case for promoting competition and innovation rather than U.S. “national champions” as the best route for national security, saying the U.S. needs “greater scrutiny of mergers, rules on surveillance and accumulation of data, and a fair shake for America’s small businesses.” Another Biden administration and antitrust expert, Tim Wu, has raised the examples of Japan and Europe, which took the opposite tack in the 1970s and saw their domestic champions lose out to U.S. innovation from Silicon Valley.

Big Tech has countered these arguments in the past, with Facebook executive Sheryl Sandberg saying that breaking up Facebook would allow Chinese firms to dominate. Biden has tussled with tech giants in the days since the order was issued, saying to reporters that Facebook’s health misinformation failures were “killing people.” Just weeks before, Biden appointed Lina Khan as chairwoman of the Federal Trade Commission. Khan is a well-known critic of Big Tech who has called for application of antitrust laws to Amazon and other digital monopolists. He also named Jonathan Kanter, who led a previous antitrust suit against Google, to head the Justice Department’s Antitrust Division.

The U.S. turn toward an anti-monopoly attitude comes in conjunction with China’s crackdown on its own national champions using antitrust law and regulation. Just this week, China continued its ongoing crackdown by forcing Tencent to give up its exclusive music licensing rights. After an acquisition of China Music in 2016, the company had exclusive rights to license approximately 80 percent of music library resources in China. Meanwhile, ByteDance, another Chinese tech giant, reportedly scrapped its plans for a global initial public offering after regulators told the company to focus on domestic data security risks.

United States Issues Warning Against Investment in Hong Kong

On July 16, the Biden administration advised U.S. businesses in Hong Kong to reassess risks to their activities in light of the National Security Law passed in 2020.

The administration’s warning highlighted the law’s potential to threaten the rule of law on the peninsula, including legal protections for foreign nationals. The statement suggested that businesses operating in Hong Kong risked electronic surveillance, as well as Beijing’s unfettered access to employee data. The administration also warned of the consequences of interacting—even unintentionally—with sanctioned entities. Alongside the warning came new sanctions on seven individual Chinese officials responsible for the imposition and implementation of the National Security Law.

China responded with retaliatory sanctions on seven U.S. individuals, including Wilbur Ross, former secretary of commerce.

The warning appears to be part of a broader U.S. policy of gradual pressure on the private sector to divest from China, at least in areas where Beijing’s most controversial policies are being carried out. The strategy is in more advanced stages in Xinjiang, where U.S. companies are now facing regulatory blocks on goods and products imported from the region, as reports suggest that some industries there are run on forced labor. This month, the Biden administration added Chinese firms operating in Xinjiang to its commercial blacklist and expanded its business advisory against doing business in the region, with a new focus on financial institutions. And mandated U.S. divestment from sanctioned Chinese entities has been in progress since the imposition of sanctions last year.


In the Made in China Journal, Lawrence Deane considers the possibilities for civil society organizing in China under the Xi regime.

Jessica Chen Weiss argues in the Washington Post that the Cold War is a poor analogy for current U.S.-China tensions.

André Leslie posits for the Lowy Institute that China has just as much riding on the success of the 2020 Tokyo Olympic Games as Japan, including the global credibility of Chinese coronavirus vaccines.

Minxin Pei argues for the Australian Strategic Policy Initiative that China is killing its own tech golden goose through its increasing antitrust and regulatory crackdowns.

For Sixth Tone, Huang Huizhao and Han Wei explore the costs and difficulties of managing large public school systems to serve children in rural China, highlighting China’s 10-year campaign to improve rural education. Also this week, China has made much of the for-profit private education sector illegal in a bid to shift resources to its public school systems and incentivize higher birth rates.

Chang Che investigates Convenience Bee for SupChina, exploring whether the first large chain of fully automated stores in China can succeed as a financial venture.

Eleanor Albert writes for the Diplomat on the launch of China’s carbon market.

Paul Haenle, Rosa Balfour and Cui Hongjian discuss the EU’s navigation of U.S.-China tensions on the China in the World podcast.

In Foreign Affairs, Jude Blanchette and Richard McGregor ponder Chinese leadership succession in the post-Xi era.

Nury Turkel and Beth van Schaack, writing for Foreign Affairs, propose a plan for American intervention in the genocide in Xinjiang.

Bill Bishop’s newsletter, Sinocism, excerpts Rush Doshi’s new book: “The Long Game: China’s Grand Strategy to Displace American Order.”

Foreign Policy examines the role of semiconductors in the U.S.-China “innovation race.”

Abby Lemert is a J.D. Candidate at Yale Law School, Class of 2023. She researches digital authoritarianism, surveillance technology, and international human rights and has worked for the U.S. State Department, the NSA’s Civil Liberties & Privacy Office, and Privacy International. She holds an M.Sc. in Informatics from the University of Edinburgh and an M.A. in Public Diplomacy & Global Communication from UCL, where she studied as a Marshall Scholar. She received her B.S.E. in Engineering and International Relations from Purdue University.
Eleanor Runde is a first-year student at Yale Law School and a member of the National Committee on U.S.-China Relations. Before law school, she worked on foreign policy and political history research for Kissinger Associates, Inc. She holds a bachelor's degree in Ethics, Politics & Economics from Yale College, where she focused on Chinese language studies and American political rhetoric.

Subscribe to Lawfare