Illustration: Luo Xuan/GT

Qihoo 360, one of China's biggest cyber security firms, on Tuesday published a document detailing how the US Central Intelligence Agency's (CIA's) hacking group APT-C-39 has attacked a wide range of areas of China including aviation, scientific research institutions, the petroleum industry, internet companies and government agencies. The company identified the person in charge, former CIA employee Joshua Adam Schulte; the cyber weapon that was deployed, Vault 7; and listed five relevant pieces of evidence. The attacks were carried out over a period of 11 years, the firm said.

Although there have plenty of credible reports about the US engaging in cyber espionage against not just China but many other countries, including its close allies, the revelations in the Qihoo 360 document are still profoundly startling and deeply concerning. The findings, if confirmed, lay bare the US' astonishing hypocrisy in accusing China of cyber attacks against its institutions and even imposing sanctions on Chinese entities and individuals, despite itself attacking China for years. 

But much more critically, the findings sounded a timely alarm about how vulnerable China's critical sectors are to the US' powerful cyber weapons, and how China sorely needs to take all necessary actions to protect its citizens, institutions and national security. 

First, the Qihoo 360 document should be taken seriously and investigated thoroughly. If the revelations are confirmed, swift action must be taken against the involved US institutions, including the CIA, its hacking group and personnel involved in the cyber attacks. 

Legal and all other possible channels should be considered to remedy the damages the US attacks have caused Chinese institutions and the public. This is not only imperative to protect China's interests but also appropriate given the US' actions against China and relevant international rules and norms.

Second, given the wide-ranging sectors and information targeted by the US cyber attacks, a thorough investigation should be conducted to assess the damage and potential risks. For example, in attacks against aviation institutions, the CIA specifically targeted developers responsible for developing systems that handle air traffic controls, cargo information, payments and passengers. It cannot be overstated what a grave danger this poses to potentially millions of Chinese air travelers and aviation workers. Necessary measures should be taken to close potential loopholes in these areas to minimize the damage.

While stopping the bleed should be the top priority, long-term plans should also be discussed to beef up the nation's cyber security system. China is among the most digitized countries in the world, and entities in almost all sectors handle massive volumes of the citizen data. Although businesses and institutions may have established their own cyber security systems, they cannot measure against attacks from the world's largest intelligence agency with some of the most powerful cyber weapons at its disposal. Therefore, efforts to enhance cyber security should be a society-wide goal. More resources should be directed to the research and development of cyber security technologies.

Finally, cyber security is a global challenge that requires collaboration among all countries. Even prior to the Qihoo 360 report, leaked documents from the US revealed the US' massive global surveillance programs and cyber attack capabilities. In an apparent bid to hide its vicious attacks, Washington has waged a relentless global campaign to accuse China and other countries of cyber attacks without proof. The world cannot be fooled by the US; countries will not turn against one another to help the US crack down on Chinese tech companies. Nations should join hands in addressing global cyber security issues. 

The author is a reporter with the Global Times. bizopinion@globaltimes.com.cn