This story is over 5 years old.


The 'Deep Panda' Hackers Are Deeply Confused

"Deep Panda" hackers may be as confused as most everyone regarding US think tanks.
Photo by Karen Neoh

On Monday, a US-based cybersecurity firm put out a blog post in which it claimed a particular group of Chinese hackers — the firm had previously dubbed the group “Deep Panda” — had recently stopped hacking national security think tanks to figure out what they thought about the security situation in Asia.

Instead, Deep Panda was now hacking think tanks to figure out what think tank thinkers thought about the situation in Iraq and the Middle East. This shift in priorities happened sometime in mid-June, when the Islamic State of Iraq and Syria (ISIS) and Iraq got locked in a fierce battle for control of Iraq’s largest oil refinery at Baiji.


On one hand, this makes a certain amount of sense. China has the same general interest in the fighting in Iraq that most developed countries do (oil, morbid curiosity, and more oil), so monitoring the think tanks isn't totally crazy. While writing for the Diplomat, Ankit Panda — no relation — explains some of the reasons China might want to take a look think tank email.

If we look a little deeper at what they’re trying to accomplish with their hacking, it turns out that Deep Panda might just be deeply wrong in how it thinks about what think tanks in the US actually do.

To be fair to Deep Panda, a bit of confusion is natural. It’s awfully hard to explain what think tanks are and do. I know — I’ve worked in and around them for years, and while the daily activity is pretty straightforward, their overall role is anything but.

At the most basic level, a US think tank is a non-profit that hosts research on public policy issues. But beyond that, every think tank is a bit different in mission, emphasis, and operation. Some are more academic, some stress advocacy, and some are purely ideological. Mostly they’re just full of people who are trying to figure out what the hell is going on in the world and what to do about it, but who don’t typically get involved in the messiness of actually doing much of anything about it.

Chinese cyber attacks trigger US midlife crisis: Read more here.

They’re just another one of the peculiar inside-the-beltway institutions — like lobbyists, political action groups, and industry associations — that aren’t part of the federal government, but are part of the process of government. And like lobbying outfits, special interest groups, and PR firms, think tanks are about as poorly understood as they are widely known. Because of the vagueness of their job description and the fact that very few people do or have worked with one, think tanks attract a lot of attention predicated on the mistaken belief that they are a bunch of world-dominating, conspiracy-generating, shadowy-cabal sorts who are running the world.


Chinese think tanks are actually easier to understand than US think tanks. To begin, the vast majority of Chinese think tanks are funded by the government, directly or indirectly; most of the time a Chinese think tank is involved in something, it's because the government wants to officially do something on an unofficial basis. Or vice versa.

At fairly senior levels in China, a person may simultaneously hold many, many different jobs, with different titles, in different organizations, all with differing levels of seniority — kind of like a musician who is simultaneously involved in several projects and collaborations at the same time. And so a Chinese think tank is a just a different project for high-level types.

Let’s say a bunch of Chinese government representatives show up at a big international conference. That means the government is officially attending the event and will be represented there. But if the same people show up instead on behalf of a think tank with which they're affiliated, they get to go and meet with people without making their attendance an official matter.

Likewise, a think tank can be a way for the government to say something official or release information without having to put their name directly on it and turn it into an official government statement. In the US and many European countries, this is usually done by kind-of-intentionally leaking information to the press. So in China, think tanks can be a way to state a formal, official position without making it official policy.


America's 'us vs them' hypocrisy in China cyber charges: Read more here.

The many different ways that people can represent themselves, along with the role of think tanks as officially unofficial outlets, and the complex webs and networks of influence that dominate Chinese politics mean that being a fly on the wall in a conversation can yield immensely valuable information. It would be like being invited to sit down to dinner with a bunch of mafia dons – you could learn a ton.

The US, however, isn’t nearly so interesting. Think tanks are sometimes a place where people go between rounds of working in government. There are a whole lot of people who, when the White House changes hands from one party to the other, find themselves out of a job, but with a dire need to stay connected and keep in the loop. A lot of those people end up in think tanks as as one of the possible options for people moving through Washington’s revolving door.

Meanwhile, all the people that were just on the outside looking in now find that they have to keep those newly employed people relatively happy and quiet, so there’s a lot of ego grooming behavior. This article from a blog hosted by Brookings Institution, one of the biggest and most influential think tanks in Washington, is an excellent (if self-deprecating) description of one of the think tank’s particular roles in Washington.

The big take away from the Brooking’s piece though, is that think tanks are populated by people in Washington who are in the loop and therefore are kind of important, but not actually the people in power who are running things. In fact, they’re often the people who are very specifically out of power. So reading their emails might be helpful in figuring out personal relationships and the informal networks of DC, but would be unlikely to provide any Snowden-like earth-shattering revelations. Meanwhile, in China the people in think tanks are sometimes a lot more connected with actual sources of power, not just the influence peddlers. What they say in emails can matter a whole lot more.

Hopefully though, Deep Panda didn’t fully succumb to one of the oldest analytical mistakes in the book and assume their opponents operate and think the same way they do. If they don’t read too much into what they’re finding and treat it as part of a holistic effort to figure out what the average wonk feels these days, they can learn a lot. But if they believe they’re getting an inside look at the actual machinery of power talking to itself, then they could be making a dangerous mistake.

Follow Ryan Faith on Twitter: @Operation_Ryan

Image via Flickr