States have long valued military parades. They allow countries to flaunt their most powerful tanks, aircraft, and missiles. However, what can a country do if it wants to showcase its considerable investments in offensive cyber capabilities? The typical “cyber weapon” entirely lacks the presence of a ballistic-missile launcher or impressively ranked armored vehicles. Even when a state might show off the more prominent footprint of their large-scale data centers, these lack obvious immediate offensive application — and you still can’t put a data center on parade. In addition, disclosing offensive cyber portfolios could allow adversaries to design defenses against them, or make it harder to carry out a cyber attack anonymously. This poses a dilemma for many states, China among them, that may wish to highlight their growing cyber arsenals — to signal readiness, relative advantage in correlation of forces, and commitment — without degrading the future effectiveness of these capabilities.
The Tianfu Cup competition in Chengdu increasingly appears to be the Chinese Communist Party’s way around this dilemma, a means of pursuing these objectives in a manner that has remained largely outside of strategic discourse in recent years. As a result, the remarkable display of capability in the event (which took place this month) deserves further scrutiny, as it conveys several key messages to an international audience. The Tianfu competition demonstrated the continued ability to hold key Western systems and networks at risk, highlighted the substantial depth of China’s offensive cyber inventories, and showed off a talent base of aggressive hackers undeterred by blowback from international exposure of its activities. Taken in total, this signaling also seems to suggest a trajectory towards a surprising future in which China’s offensive cyber power surpasses that of the West.
Reaching for the Cup
On the surface, the Tianfu Cup appears to be just another bug-bounty competition where hackers find new bugs in software code and submit them in return for cash awards. Vulnerability disclosure competitions like these arose in the mid-2000s as a means of disclosing device and software flaws despite the continuing indifference, or active hostility, of major technology firms. Competitions like Pwn2Own not only provided a venue for hackers to have their work acknowledged, but also a collective weight to withstand greater pressures from tech companies to keep vulnerabilities hidden than ordinary researchers working alone. The disclosed vulnerabilities would receive more attention and therefore would be patched more quickly. Over time, this shaped the dynamics of how researchers built their reputations and drove them to cultivate skillsets specific to new targets.
Researchers from China had been participating in these contests in increasing numbers through the late 2010s, seeking to prove their own talent and incentivized in many cases by the promise of matching compensation that would be paid by their employers for having won prizes in an international venue. But such participation faced increasing scrutiny from Chinese security services, and later direct discouragement. Eventually the Chinese government outright prohibited Chinese researchers from participating in international bug-bounty competitions, seeking to better understand and control the valuable exploits that Chinese hackers were finding and effectively giving away without consideration of their value to military and intelligence services. Chinese hackers were left with few options to demonstrate their skills and monetize their research.
The Tianfu Cup — started in 2017 — grew to fill this void. It has emerged as a socially responsible alternative backed by major Chinese technology firms including Alibaba, Baidu, Huawei, and Qihoo360, and taps into key talent networks of prominent hacker ventures such as NSFocus, VenusTech, and TopSec. In doing so, it has also evolved in very different ways than previous Western competitions. International hackers came to Western events often distinctly opposed to government involvement, and with strong suspicion of the vendors whose products they were there to break. Such suspicions were often well-founded, given the longstanding history of legal threats by Silicon Valley firms against researchers who dropped new zero-days — previously unknown and unpatched vulnerabilities — on stage. In contrast, Tianfu’s implied official sanction provided participants with reassurance that their work would be valued and protected from pressure from Western tech vendors — assurances that were reportedly communicated more explicitly in private.
In return, the Chinese government almost certainly receives early access to high-value exploit portfolios through the competition. One such remote code execution exploit chain, which provided attackers the ability to compromise Apple iPhones, was developed by a researcher for the 2018 Tianfu competition. This zero-day capability would be seen in near-immediate use thereafter against Uyghur minority targets, installing malware over the next two-month period, before Apple released a security update to patch the underlying vulnerabilities. These intrusions supported the Chinese government’s ongoing espionage against ethnic and religious minority populations, part of repressive campaigns that the U.S. government has determined are crimes against humanity.
New Exploitation Successes, Continuing Consistent Performance
Tianfu Cup 2021 competitors successfully exploited multiple targets, including immediate wins against Google’s Chrome browser, disclosing a high-value capability useful against global targets. Such a portfolio would otherwise trade at a substantial premium if offered for sale to international exploit brokers, as there is a robust market for previously unknown software vulnerabilities. Similar exploits were submitted in the 2019 and 2020 competitions, including multiple remote-code execution bugs across Chrome, Firefox, Safari, and Edge browsers. The operational value of these exploit portfolios may be compared to a similar set of capabilities identified in an intrusion campaign detected in the wild by Google’s Project Zero threat intelligence between February and October 2020, reportedly used in high-value counter-terrorism operations by a Western government. These exploits were detected only through substantial collection efforts by Mountain View engineers, and undoubtedly represented a significant investment of development effort, acquisition dollars, or both by the government involved. It therefore remains somewhat shocking to see equivalent capabilities casually displayed in the Tianfu demonstration.
Additional high-value findings surfaced in the 2021 competition included new exploits targeting current Apple iOS devices and various Android phone variants from multiple manufacturers. Similar capabilities have also been consistently delivered year on year. Likewise, this year’s target list featured a number of virtualization solutions in wide use (including VMWare, Parallels, and qemu), as well as routers and other network devices. Hacking groups linked to the Chinese government have compromised such devices to enable ongoing intrusions in the past — including the China nexus intrusion set detected during the summer of 2021, tracked by industry under the cryptonym APT31/ZIRCONIUM, which compromised home and office routers for use in the attack.
Tianfu researchers also found a new bug in Microsoft Exchange’s mail server on the first day of the 2021 competition. Although full details remain embargoed, this reportedly leveraged a similar attack surface as multiple other exploit portfolios targeting Exchange protocol handler services that have been made public in recent months. However, the new capability is allegedly technically distinct and able to defeat prior Microsoft fixes that had been rushed into production since the spring.
Participants at the Tianfu Cup are justifiably proud of their wins. They are also mindful of the potential military and intelligence utility of their work. One directly compared their research to the People’s Liberation Army’s new hypersonic weapons development efforts in a quickly deleted social media post. The competition’s sponsors, which include prominent firms within the country’s defense industrial base, may encourage such comparisons. Competitors may also be more directly aware of their potential contributions to state power, given rumors of relationships between the Ministry of State Security and a number of these firms’ high-profile employees — who themselves were previously “old school” mentors, highly active within early patriotic hacking movements. Chinese hackers have long sought to emulate both the technical successes and the professional behaviors of these mentors.
Interpreting Likely Signaling
Beyond the show of strength and brandishing China’s contemporary offensive cyber capabilities, the Tianfu Cup events may have sent more subtle signals. The exploitation of Microsoft Exchange vulnerabilities in the competition comes mere months after the U.S. government sought to name and shame Chinese intrusion operators for involvement in widespread, unrestrained, and entirely irresponsible exploitation of an earlier Exchange bug starting in January 2021. This “land rush” delivered simple backdoors based on opportunistic mass scanning, leveraging a vulnerability believed to have been stolen from a Taiwanese researcher. The HAFNIUM intrusion set used it first, rapidly followed by multiple threat activity groups linked to China. These intruders made almost no efforts to secure compromised systems against further exploitation by any subsequent attacker that might abuse the easily hijacked backdoors installed by the Chinese teams. The brazenness, and unprofessionalism, of these intrusions sparked widespread denunciations in the Beltway and beyond. The prominence of new Exchange bugs on the Tianfu target list may thus be intended as a deliberate backhand in response to the U.S. establishment.
The message sent via the Exchange exploits may also be intended for another audience, beyond the U.S. government. New bugs also highlight Microsoft’s continuing failure to resolve weaknesses across the on-premises Exchange attack surface. It seems intended to play upon suspicions voiced by security industry professionals, who increasingly fear attempts by Microsoft to deprioritize support to legacy enterprise solutions, despite some customers’ continuing need for them, in order to incentivize customers to adopt cloud-first business models that provide more predictable recurring revenue. In addition to the intrinsic value of the exploit portfolio in future use against critical networks that remain reluctant to transition their mail servers to the cloud, disclosure in the competition once again highlights both Microsoft’s very public involvement in recent policy discussions around state-level intrusion behaviors, as well as the seeming disconnects with its security engineering posture.
Fragility Despite Appearances
As in any propaganda-driven event such as a parade, one must be wary of the gulf between the appearances of the exceptional and the realities of the mundane. History is replete with examples where public demonstrations have biased intelligence services towards over-estimating competitors’ offensive potential — from the bomber and missile gap debates to overly optimistic Western assessments of early Soviet computers. So too one sees in recent events indications of deeper systemic weaknesses.
Several prominent Western researchers have indicated that they were privately approached by Tianfu Cup competitors who, despite ranking well and demonstrating a high degree of talent, were not offered employment by increasingly ossified state-owned enterprises or in what are very political government positions. As a result, these hackers have sought options to emigrate to live and work in the West — even knowing the challenges of navigating bureaucracy and the risks involved after having come to the attention of the Chinese state security services.
Likewise, the concentration of winning teams supported by major Chinese technology firms (including multiple teams from giants such as Qihoo360) suggests that the support of these large ventures — and their associated internal bureaucratic politics — is a critical component of the success of the event. For these teams, competitors have also complained that prize monies must also reportedly be split not only among participating members, but also across the wider work unit and their bosses. This mutes some of the incentive to chase large award purses on difficult targets, especially where extended individual effort is required. The concentration of this much cyber talent at a few large firms also creates pockets of novel military capability that pose potential alternative power structures. This has proved to be a key area of concern for the Chinese Communist Party and has sparked multiple recent crackdowns intended to bring prominent firms to heel.
Outside of the large sponsored teams, much of the contributor talent base — including the highly ranked team Pangu — draws heavily upon the “jailbreaking” scene. This subculture is made up of hackers devoted to breaking mobile phones and associated devices free from the walled gardens of major U.S. app stores, to allow locally developed Chinese apps to be loaded outside of U.S. vendor restrictions. However, jailbreaks are a highly ephemeral area of focus, with advances frequently upended by manufacturer releases of new products or operating system versions. The scene is also reportedly heavily influenced by monetary rewards offered by competing app-store operators that seek market share for local solutions, driven by fragmented and often transient startups. The talent base that emerges from this environment is therefore less likely to provide the Chinese state with sustained advantage, despite its utility within the present ecosystem.
Competing Against the Competitors
Other states are not limited to merely holding dueling parades or tests of their own as prospective reciprocal brandishing of their own arsenals — if they could even put together a Tianfu-style event. Indeed, in the West one would almost certainly not see anything like the enthusiasm, or talent, for participating in an officially encouraged competition. In these mature markets, offensively inclined researchers can get a better return on their time and effort by selling the vulnerabilities that they find.
Yet the world is not without options to respond to increasingly provocative Chinese displays. Technologist Dave Aitel, himself a veteran exploit developer, has previously proposed an assertive signal in reply that would further serve as counterweight to the propaganda benefits China currently receives from the event. He argues that U.S. intelligence and cyber defense efforts should focus on identifying and patching Tianfu bug targets immediately before they were disclosed in competition. Engineering deliberate “bug collisions” like this would require a nontrivial clandestine collection effort tracking researcher experimentation, coupled with aggressive defensive investment to harden identified attack surfaces and kill associated bug classes that give rise to the specific vulnerabilities (by rendering non-viable entire exploitation approaches through fundamental changes to the underlying software). Substantial public-private coordination would also be needed to make this happen across operationally relevant timelines. It also presumes that impacted vendors would actually deliver effective patches upon being warned by government agencies of potential exploitation. This seems an increasingly idealistic aspiration given the delays and ineffective mitigations that have been seen in some of the year’s highest profile vulnerabilities.
Aitel’s concept of operations would also potentially call for serious tradeoffs, where bugs of potential value within U.S. and Five-Eyes arsenals — vulnerabilities that the United States and its partners might like to use against adversaries and thus don’t want to see patched just yet —would be deliberately sacrificed to the possibility that these might be independently re-discovered in competition. This also functionally takes offline some percentage of the pool of U.S. and allied offensive capabilities talent as they work towards this objective — and the Tianfu Cup seeks to demonstrate that the West does indeed have a smaller and more limited pool of cyber talent than China. However, as Silicon Valley has long understood, measuring man hours alone does not adequately represent the ultimate productive value of a developer. It may be presumed that the West’s best offensive minds may equal or exceed the so-called “10x engineer” — making potential tradeoffs a more acceptable risk.
Tianfu helps China to acquire cutting-edge cyber capabilities and spot talented hackers. Yet it is increasingly likely that the exploit options identified at such events are of less value in an landscape where offensive-capabilities developers pursue automated vulnerability discovery and exploit generation. Any zero-day exploits found through the competition may be used only within a limited time period before the vendor is able to patch the underlying vulnerability. This narrow window of early access is bought at what is likely an increasing probability of blowback as industry and global attention further focuses on this event. Against the backdrop of the supply-chain crisis and Chinese forces’ growing aggression against Taiwan and in the South China Sea, the problems highlighted by Tianfu may well be seen in a very different light. Apparent Chinese government signaling through this proxy channel becomes more prominent and, given the message conveyed, is likely to prompt a deliberate response.
Regardless of how the aftermath of this year’s Cup will play out, it is likely that Tianfu remains essentially a transient event. Burning valuable cyber capabilities through such conspicuous disclosure is an expensive demonstration, as unlike conventional weapons systems, these may not simply be parked after the event for future use, but instead are fundamentally degraded by public knowledge. The message of the Cup is not really about the problems of the present but, much like other parades in Tiananmen Square (or Red Square, or Kim Il-Sung Square, etc.), it is intended to convey the strength and depth of the arsenal that China’s leadership now commands.
The assemblage of talent, and the directed focus of the competition, speaks to more than a near-peer challenge to U.S. cyber power. China brings together these hackers, many of whom who are apparently marginalized and overlooked within their system, largely for show. In so doing, they prove that they have effectively already eclipsed relative commitments by others to earlier Western competitive disclosure events. Yet the People’s Liberation Army Strategic Support Force, Ministry of State Security, and Public Security Bureau’s development efforts remain out of public view. Increasingly, this points to future scenarios in which one cannot assure that the U.S. government and its Five Eyes allies will remain as the apex predators in the cyber realm.
Western policymakers face a very different prospective future than the one long assumed. This future is one in which the offensive cyber power available to the United States and its allies in crisis is not an overwhelming option available anytime it is needed, but whose employment should be considered only under the greatest restraint. Rather, it becomes one in which all-too-limited capabilities should be husbanded carefully, and where the United States cannot afford to sacrifice the few rare exploit options in its arsenal that were not already discovered by faster, more innovative offensive programs for mere demonstration or other signaling objectives. Should policymakers find that such scenarios impose prospective limitations on crisis management options that are uncomfortable or even unacceptable, then they may need to fundamentally rethink what they invest in and how they develop cyber capabilities. It is vital to ensure that these tools remain available as options to contest Chinese efforts to compromise U.S. critical infrastructure systems and networks, blunt malicious disruption and destruction, and prevent Beijing from escalating cyber exchanges.