Gazing into the future today appears to be possible with the new Chinese efforts to use quantum computing to carry out cyber-attacks. This may still be in the initial stages of development, but awareness of the work being conducted in this sphere is important for the US if it is to defend itself, writes Dr Rakesh Kumar Sharma
The Chinese cyber threat to the US is increasing in intensity and could well pose a threat to the conduct of the Presidential elections scheduled to be held on 5 November 2024. The realisation of this threat is what has led US Representative John Moolenaar and Congressman Raja Krishnamoorthi to call for a briefing from telecom giants Verizon, AT & T, and LumenTechno soon after reports of a Communist Party of China (CPC)-sponsored cyber-attack against these firms. This follows a 5 October 2024 report by the Wall Street Journal (WSJ) which indicates that the attack penetrated the networks of several US broadband providers, potentially compromising systems used for court-authorized wiretapping requests. The WSJ report claims that hackers may have had prolonged access to critical network infrastructure, raising significant national security concerns.
While the Select Committee’s efforts to highlight and suggest counter measures to CPC sponsored cyber-attacks is to be highlighted, a new threat has emerged to the US and its allies, in form of Chinese researchers using a D-Wave quantum computer, having reportedly executed what they are claiming to be the first successful quantum attack on widely used encryption algorithms. The South China Morning Post (SCMP) states that this poses a “real and substantial threat” to sectors like banking and the military. Prior to analysing this new threat, it is worth dwelling on the current findings of the Select Committee.
The Select Committee on the CPC in a post on X stated that Chairman Rep Moolenaar and Ranking Member Congressman Raja had requested that Verizon, ATT, & LumenTechco brief the committee following reports of a CPC-sponsored cyber-attack against the companies. Further, a senior US intelligence official quoted in The Washington Post stated that such attacks would enable the CPC to understand exactly who the US government is interested in. This could assist China in either, undermining the US government’s intelligence collection efforts or feed the US disinformation. Both these mechanisms have the potential, to directly or indirectly, create dissonance during the upcoming Presidential election.
US intelligence sources claim that the group behind the latest hacking is probably ‘Salt Typhoon’, which is closely associated with China’s Ministry of State Security. Earlier this year, the US Select Committee had drawn attention to similar threats posed by another Chinese hacking unit, ‘Volt Typhoon’, which successfully compromised US critical infrastructure. This type of targeting is globally common these days and can have ramifications in a number of sectors of economic importance. Pertinently, the Select Committee on the CPC was specifically established to address the challenges posed by China to the US and its allies and to undertake investigation into the activities of the CPC relating to espionage, trade, technology theft, and human rights abuses. The Committee also oversees US government policies to ensure that they are aligned with national security interests. The Committee promotes transparency regarding the CPC’s influence across various sectors and recommends legislation to counter this influence. Taking note of recent developments, the Committee has called for urgent enhancement to the cybersecurity strategies of the US to counter these unprecedented threats.
If the current level of cyber threat to the US is very high, the purported success of an attack using a quantum computer, by Chinese scientists raises the bar even higher. The SCMP has reported Chinese scientists have successfully mounted the world’s first effective attack on widely used encryption methods. This attack is probably a test run and existing limitations could hamper at least immediately, a full-on quantum hack. But this no reason for complacency, as the threat is live, and time taken to straighten the kinks may not be too long. The ‘D-Wave Advantage’, initially designed for non-cryptographic applications, has reportedly been used to breach SPN-structured algorithms, but has not yet been applied to crack specific passcodes.
Evidence of this latest achievement by China, comes in an article (30 September) in the Chinese Journal of Computers. The research led by Wang Chao of Shanghai University, shows that the latest development poses a “real and substantial threat” to security mechanisms used in banking and military sectors. The academic journal mentioned above is run by the China Computer Federation. Despite general-purpose quantum computing still being in early stages, scientists are increasingly exploring potential uses of specialized quantum computers to search for vulnerabilities, especially in cybersecurity. Wang’s team reportedly utilized a quantum computer from Canada’s D-Wave Systems to breach cryptographic algorithms, marking a important milestone in such efforts and thus require monitoring.
Wang’s team wrote, “This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today”. While the study notes that the quantum computer has not yet revealed the specific passcodes used in the algorithms that were tested, it is closer to doing so than previously achieved. As the technology advances, further advances could yield more robust quantum attacks, indicates the Wang paper. The SCMP reports that the ongoing evolution in quantum computing could pave the way to identifying potential new vulnerabilities in existing cryptographic systems.
The significance of the latest development can be adduced from the fact that the Chinese research team used the D-Wave Advantage quantum computer to target the ‘Present’, ‘Gift-64’, and ‘Rectangle algorithms.’ They are known as the key representatives of the Substitution-Permutation Network (SPN) structure and is the foundation for Advanced Encryption Standards (AES), a system widely deployed in military and financial encryption protocols, according to the newspaper. While AES-256 is usually labelled as military-grade and considered to be the most secure encryption standard available, the latest Chinese study suggests that quantum computers may soon threaten such security.
Gazing into the future today appears to be possible with the new Chinese efforts to use quantum computing to carry out cyber-attacks. This may still be in the initial stages of development, but awareness of the work being conducted in this sphere is important for the US if it is to defend itself. The US Select Committee would do well to take cognisance of the new and emerging threat. The responsibility of the US legislature in the current political environment has only increased given the Presidential election around the corner. Whatever the outcome, the ever-growing threat from China in the cyber domain and its persistence will find a looming presence before the US and its allies.