This document discusses the relationship between governments and hackers in Russia and China. It notes that both countries employ hackers and that China, Russia, the US, and Turkey are responsible for over 60% of attacks on the World Wide Web, with China responsible for 41% of attacks. The document examines how the Russian and Chinese governments cultivate hackers and use them for their own ends, noting differences and similarities between the two countries. It provides background on the Russian and Chinese economies and cultures to help explain the development of hacking communities in each country.

1. Matthew Assarian
CBY650Z1
20 August 2015
Hackers for Hire
Almost every country in the world employs hackers. These hackers, no matter their
nationality, have certain characteristics in common: they have a computer, an internet
connection, and the know-how, plus the desire to use their skills. Their motivations vary, running
from the vicious to the virtuous, sometimes all in the same hack, but around the margins, how
they are trained and recruited, who cultivates and deploys them and why, the specifics veer
wildly.
According to the most recent data available, four countries account for over 60% of all
attack traffic on the World Wide Web (Milian 2013). In ascending order, the worst offenders are
Russia (4.3%), Turkey (4.7%), The United States (10%) and coming in at number one, being
responsible for a staggering 41% of all attacks online, is China. Each country uses their hackers
toward different ends, but this paper will seek specifically to examine the relationship between
the governments of Russia and China with their respective hacker communities. The connection
between hacker and state, while sharing some common features regardless of country, is often
highly idiosyncratic, depending heavily on an intersection of culture, politics and economics.
The result is often a hacking sector that more or less fits into what the American public perceives

2. about each countries’ make-up. Wherein Russia is a chaotic free market with some highly
effective, yet corrupt elements making money at the expense of the overall society, China is seen
as a rigid top-down, hierarchal collective working in harmony towards one goal. In reality, both
societies are run by small, elite groups, administering the country for their own gain, but
regardless, elements in these societies have developed protocols of interaction and in many ways,
the hacker-state connection reflects that.
Russia only announced the creation of its first “ministry of computer defense” in 2013.
Russian hackers have been synonymous with sophisticated computer attacks, ranging from virus
creation to high-profile hacks. This is not withstanding the tandem use of cyber and traditional
“kinetic” attacks in Georgia in 2008 and the outages and DDoS attacks experienced by Ukrainian
assets and computer systems in Crimea in 2013 (Gady 2013). According to a preponderance of
the English-language literature it is something truly unprecedented and heralded as the “future”
of warfare. What the literature rarely mentions is the relatively low strategic value of the cyber-
attacks, given that the attacks only affected some government websites and civilian
communication networks, and that the Ossetia-Abkhazia forces themselves were narrowly
dispersed geographically, allowing them to be easily isolated by the Russian troops (Gady 2013).
The United States has had “electronic” measures at its disposal at least since the late
Carter administration, when White House officials considered paralyzing Iran’s communication
networks in response to the student revolutionaries overrunning the American embassy in 1979.
In all likelihood, communication and infrastructure disruptions took place in Baghdad in 2003
during the US invasion. To use a more recent example, when Seal Team 6 assassinated Bin
Laden, the region surrounding the Abbottabad neighbor where his compound was located lost
electricity for several hours before and after the event. Although it wasn’t accomplished by

3. computer, the effect on infrastructure was much more like what American authorities consider
immediate “dangers” coming from terrorist groups. The Russian attack on Georgia and Crimea
were more closely akin to cyber vandalism, or what one commentator called a “cyber-riot” rather
than a cyber-attack. Reinforcing the paper’s thesis, it is more than likely the attackers weren’t
dedicated Russian military units, but rather freelancers organized by the FSB (the successor to
the KGB).
At the moment, states are more likely to engage in such cyber-vandalism attacks and tit-
for-tat retaliation after diplomatic disputes. Every day, the news is filled with stories about
companies like health-insurance provider Anthem being breached by hackers or the New York
Times discovering that Chinese hackers had been snooping around its network for months before
they were detected (Harris 2014). Both incidents were linked by commentators to international
events; the Anthem hackers were assumed to be Russian because of the sophistication of the
hack and the timing of the breach, which roughly coincided with sanctions levied against
Moscow by Washington; and the New York Times hack was deemed to be related to the paper
running an expose on corruption among prominent families in the Chinese Communist party.
Suffice it to say, that has been the extent of the activity thus far. Although it is beyond the
scope of this paper, it is likely that the real danger of cyber attacks is as a catalyst for an actual
war, along the lines of something like the sinking of the Lusitania in 1914 or the bombing of
Pearl Harbor. Should full-scale war breakout between the US, China, Russia, etc, any attacks on
government websites might be taken as a precursor to mass invasion. At that point, it is more
likely than not that nuclear weapons may be used; if not, at the very least panic will be
widespread, undercutting possibilities for diplomacy.

4. At the moment, such traditional espionage, industrial espionage and hacks against
government resources are the preponderance of network breaches. Who exactly is responsible for
the hacks and their connections, if any, to the state are difficult to untangle but certain trends
have begun to emerge. China has recently revealed the existence of dozens of “cyber brigades”,
something that had been suspected but was mere speculation among international observers. The
only prior evidence pointing to such an extensive network of cyber elements was a 2011
announcement by the People’s Liberation Army (PLA) of the “Blue Brigade”, which was a
grouping of about thirty so-called cyber-warriors who, according to the PLA, are capable of
repelling a cyber assault more than four times the size of brigade itself (Lewis 2011). When
investigators began tracing the identities of the hackers who had been roaming the New York
Times network, they were led to a non-descript structure in a small suburb of Beijing, long
rumored to be a headquarters for PLA elements engaged in cyber attacks. It has now been
revealed officially that the 12-story building houses PLA unit # 61398, solely dedicated to
hacking high-profile targets (Hvistendahl 2009).
That is merely the tip of the iceberg. There are multiple PLA units and that is only one of
three tiers of cyber units. There is the aforementioned PLA units; Ministry of Information units,
something akin to the American CIA and FBI, and a contingent “army” of civilian hackers at the
government’s disposal. The Russian government has nothing comparable to the Chinese
configuration, but “Russians” have been executing hacks for years, but who exactly they may be
and their exact relationship to the state remains murky. In order to better understand the
evolution of Russian hacking, it’s important to understand a little bit about the Russian economy,
especially after the collapse of the Soviet Union.

5. A popular Russian comedy Жмурки (Zhmoorki) or Blind Man’s Bluff, says a lot about
the attitude of the average Russian toward the economy. In the movie, two hit men, after killing
their way through the movie, decide to rip off their boss and make their way to Moscow. By
film’s end, the former criminals are now successful stock brokers, business moguls and on their
way to the Duma (Russian parliament). The joke is that the only way to be successful in Russia
is to be a criminal with access to capital and established networks; nobody else had much of a
chance. When the Soviet Union collapsed there was a notoriously educated population with no
means of employment. The average Russian was smart, curious and with access to relatively
cheap technology like computers learned to do amazing things, but had very few outlets for that
capacity. Break the rules or risk starving; the choices were stark.
There is also a notion among the Russian populace as a whole that they are too clever for
the rules and the law in particular. Speaking with Time Out Russia, director Pyotr Mikhalkov
summed up the Russian attitude when talking about his remake of “Twelve Angry Men”;
Russian people are incapable of following the law because it bores them. Russians are too
cerebral, too advanced for the kind of robotic behavior. He says for Russians, rules are made to
be broken and that’s a good thing; it’s a sign of creativity and intelligence. Breaking the law
takes responsibility. In a way, it is seen as a repudiation of authority. Russian juries have been
acquitting the accused since Alexander II, mostly because the state was seen as coercing
witnesses; the state is somehow illegitimate (Levine 2007). Embracing the new Capitalism,
criminals make the rules and that makes them rich, the pinnacle for any post-Soviet person.
Where that comes apart is when there is an outside threat. Then there is, for both Russians and
the Chinese, something called “patriotic” hacking. When talking earlier about the tit-for-tat
attacks, that’s often where the patriotic hacker comes in.

6. Xen Weibo, a notorious Chinese hacker, would openly talk about “hackathons” Beijing
would sponsor at state universities. The government would openly search for and cultivate talent.
In the words of a government official, often times, that talent would prove “extremely
unimpressive” (Mirkin 2014) but according to American analyst Damon Walters, the reason
Chinese hackers are so brazen, often not covering their tracks, is that there are “so many of
them.” That may seem vaguely stereotypical until another unnamed Chinese government official
remarks in the same article that that’s the reason the Chinese are so good at hacking and so good
at ping pong: because of their numbers, there’s bound to be some good ones in there (Mirkin
2014). More often than not, the reason the Chinese have so many people willing to hack for the
state is deep vein of patriotism or nationalism. In spirit, the Russians are much the same.
The New York Times recently ran an expo on Russia’s “troll army”, a government
operation that works out of a single building in St. Petersburg. These “trolls” are basically paid to
troll the internet and make pro-Kremlin comments on message boards and forums (Kumar 2014).
Turnover is high, but they tend to show up in situations where there has been an affront to
national dignity. For example, when Tallinn removed a Soviet-era statue from a town square,
Russian trolls were quick to register their “disgust” and vandalized Estonia government websites.
The Chinese have an equivalent effort called the 50-cent army, named for the amount each
member gets per post (Sterbenz 2014). In concept both troll armies are the same, but the
execution says a lot about each country. The Russian trolls have to have classes regularly in
order to receive training on what position to take on which topics. The Chinese trolls don’t
require any such instruction because indoctrination is so ingrained thanks to extreme social
cohesion; they automatically know what to say and when to say it.

7. China doesn’t stop there. When patriotic hacking requires a more sophisticated touch,
what is mostly a loose confederation of hacking groups coalesces into what is colloquially
known as the “Red Hacker Army”. It is unclear how closely affiliated with the state the Red
Hacker Army is, but according to analyst Walters, in China, the difference between the state and
civil society is difficult to parse and in fact, the Red Hacker Army may be the aforementioned
third tier of the PLA’s cyber units. Asking where one ends and where one begins may be missing
the point; it’s not either or, it’s a continuum. Again, such hacking isn’t unique to the Chinese,
but, compared to the Russians, it is done on a scale so unprecedented as to transcend the
traditional patriotic hacker paradigm.

8. References
Gady, Franz-Stefan “Russia Tops China as Principal Cyber Threat to US” 3 March 2015.
The Diplomat. http://thediplomat.com/2015/03/russia-tops-china-as-principal-cyber-threat-to-us/
Gady, Franz-Stefan “Why The PLA Revealed Its Secret Plan for Cyber War” 24 March
2015. The Diplomat. http://thediplomat.com/2015/03/why-the-pla-revealed-its-secret-plans-for-
cyber-war/.
Harris, Shane “It’s Not Beijing’s Hackers You Should Worry About, It’s Moscow’s” 22
April 2014. Foreign Policy. http://foreignpolicy.com/2014/04/22/its-not-beijings-hackers-you-
should-be-worried-about-its-moscows/
Hvistendahl, Mara “Hackers: The China Syndrome” 23 April 2009. Popular Science.
http://www.popsci.com/scitech/article/2009-04/hackers-china-syndrome
Lewis, Leo “China’s Blue Army” 27 May 2011. The Australian.
http://www.theaustralian.com.au/business/technology/chinas-blue-army-could-conduct-cyber-
warfare-on-foreign-powers/story-e6frgakx-1226064132826
Kumar, Mohit “China Finally Admits It Has Army of Hackers” 19 March 2015. The
Hackers News. http://thehackernews.com/2015/03/china-cyber-army.html

9. Mirkin, Nigel “Masters of the Cyber-Universe” 6 April 2013. The Economist.
http://www.economist.com/news/special-report/21574636-chinas-state-sponsored-hackers-are-
ubiquitousand-totally-unabashed-masters
Sterbenz, Christina “China Banned the Term ‘50-Cent Army’ To Stop Discussion of an
Orwellian Propaganda Program” 17 October 2014. Business Insider.
http://www.businessinsider.com/chinas-50-cent-party-2014-10