Hacker Depictions

The Internet of Death

Conor Healy

Hackers! Communists! Should we panic?

Stereotypes and hysteria have so often spurred US government hacker narratives that one can be forgiven for scoffing when FBI Director Christopher Wray’s declares that “China’s hackers are positioning on American infrastructure in preparation to wreak havoc” as just the latest cyberspace nothing burger.

Then again, it’s not only the FBI that’s worried. Director Wray’s testimony coincided with the publication of a 45-page joint report by agencies from Australia, Canada, New Zealand, and the UK that meticulously details the activities of Volt Typhoon, a hacker group within the Chinese People’s Liberation Army (PLA). It was only the first of several reports released in 2024.

Chinese hacks are an old story, but groups like Volt Typhoon are something new. They reportedly aim not for data theft, but capacity to cause destruction. Agencies credit them with hacking and hiding within a full range critical infrastructure systems, including those that could bring transportation to a halt, or—as if in tribute to Stanley Kubrick—poison public drinking water.

Volt Typhoon hid undetected “within some victim IT environments for at least five years,” waiting in anticipation, it is assumed, of an invasion of Taiwan. By preparing “to incite chaos and panic,” they could weaken America’s ability to come to the island’s aid or its resolve to face China. According to Director Wray, “low blows against civilians are part of China’s plan.”

A brief technical aside. Volt Typhoon and similar groups employ Living Off the Land (LOTL) techniques. Instead of introducing new, malicious programs, LOTL leverages already-trusted software within target systems. It’s akin to copying someone’s keys instead of kicking down their door; LOTL minimizes the chance of detection, helping Volt Typhoon lurk for years in some environments. Per the report, “This strategy, blending in-depth pre-compromise reconnaissance with meticulous post-exploitation intelligence collection, underscores their sophisticated and strategic approach to cyber operations.” (Page 7) (CISA 2024, 7)

The state-sponsored hacker is a recent but not altogether new breed. Anthropologist Christopher Kelty observed in Every Era Gets the Internet it Deserves (or, the Phases of Hacking) that the post-2016 internet—he calls it “The Internet of Shit”—is characterized by “the increasingly formalized hacking of state military and security services.” The internet is “a different problem of governance—not only medium, but vital infrastructure and political battlefield” and “‘Cyberwar’ is once again on the lips of every defense contractor, state department employee, and diplomat.”

It also brought a different, new kind of hacker with an important role behind Director Wray’s concerns: the one “who explores, exploits, and warns […] the information security researcher.”

In the past, the FBI could, if they wanted to, get away with unsubstantiated claims. A vast community of researchers now exists, one that enjoys not just hacking, but picking apart the vulnerabilities claimed by others. Add this to the various private organizations affected by Volt Typhoon, and the level of agreement needed for five countries, albeit allied ones, to arrive at joint conclusions, and it becomes extremely unlikely that Director Wray is just spinning a tall tale here.

It may be that we are still in the Internet of Shit era, and that Volt Typhoon will be remembered as an outcrop of the trends Kelty describes. Or it may be that Volt Typhoon and similar phenomena presage a new phase.

Nobody can truly understand cyber warfare because, in some respects, it has never happened. At least, not in the unmitigated, destructive form that haunts Washington, DC. Some hackers have long engaged in disruptive mischief, but are not known for inflicting harm on the general public—not as an explicit objective, at least. But military organizations may not care for the hacker ethic. In a total war between superpowers, we can only speculate on the cyber front and its trenches. But it’s a condition many Americans can scarcely conceptualize: one in which electricity, safe running water, trains that move, trucks that deliver, and 911 calls that get answered, are not guaranteed.

Political scientist Graham Allison believes the United States and China are caught in the Thucydides Trap, the conditions that made a Peloponnesian War inevitable as Athens’ power grew in a system dominated by Sparta. Although many disagree with his framework, most agree that the overall direction of relations with China is perilous, and confrontations become worse with each passing year.

If these trends continue, the next phase of the internet might earn a more somber moniker. Perhaps something like: “The Internet of Death.”

It raises the question: In war, what part would Western hackers play? Would they rise to the defense of the public? Will an Oppenheimer emerge from the hacker community? Anti-government sentiment being so common among some hackers, war could create some strange bedfellows. It could also divide online communities like never before.

Conor Healy is a researcher at IPVM who works with Prof. Gabriella Coleman. He focuses on surveillance technology.

CBS News. “FBI Director Wray Says China Targeting U.S. Civilian Infrastructure, Economic Security.” YouTube video, January 31, 2024. https://youtu.be/RIrqsJGkLmU.

Back to Hacker Depictions

Decoding the Cultures of Hacking