May 08, 2019
As any fan of martial arts knows, one of the best moves is to take an attacker's weapon and turn it back on them. In 2016, that's just what Beijing did – in cyberspace: after American operatives used a particular bit of code to attack Chinese computer systems, Chinese hackers took it, repurposed it, and used it to attack a bunch of US allies, according to The New York Times.
The technical details of the story are fascinating, but it also raises some big political questions:
If countries can't control their cyber arsenals, can they at least establish some ground rules for how they are used? Avoiding a destructive free-for-all in cyberspace may depend on it. But hacking tools aren't like conventional or nuclear arms, where countries have agreed to enforceable limits on capabilities and behavior. They're invisible, with no real way to count them or verify they've been destroyed, and prone to being stolen.
And despite an ongoing attempt by the US and its allies to deter bad behavior by indicting hackers, imposing sanctions, and even threatening military force in response to malicious cyber-attacks, there's nothing in cyberspace comparable to the doctrine of mutually assured destruction that has helped deter and prevent conflicts between nuclear-armed powers.
Why is that so difficult? For one thing, it's relatively easy to hide your identityor get hired guns to do your bidding in cyberspace – making it hard for the victims of cyber-attacks to be 100 percent confident in targeting their response.
There's also a lot of mischief that state-backed hackers can get up to that is short of outright war, but can still hurt an adversary (think: swiping personal data that can help identify spies or stealing trade secrets). Governments don't want to give those capabilities up. This helps explain why attempts to establish widely agreed, enforceable "cyber norms" have made limited progress, despite 15 years of wrestling with the issue at the UN.
The upshot: We already knew the US was struggling to secure its cyber arsenal. Now we know that just using a cyber weapon means there's a risk it'll be stolen and used by someone else. As more countries gain access to these tools, reaching a basic agreement on rules of behavior will become even more important.More For You
Most Popular
Think you know what's going on around the world? Here's your chance to prove it.
QatarEnergy's liquefied natural gas production facilities, amid the US-Israeli conflict with Iran, in Ras Laffan Industrial City, Qatar, on March 2, 2026.
REUTERS/Stringer
The US-Israeli war with Iran has badly damaged oil & gas producers in the Gulf and consumers in the Indo-Pacific. But not all countries within those regions will feel the pain equally.
A Russian LNG tanker, Arctic Metagaz, damaged earlier this month and currently adrift without crew, floats in international waters in the Mediterranean Sea between Malta and the Italian islands of Lampedusa and Linosa, in this handout picture released on March 13, 2026.
Marina Militare/Handout via REUTERS
700: The tons of fuel and liquefied natural gas aboard a Russian tanker that is currently floating around the Mediterranean Sea unmanned, after a drone attack earlier this month prompted the crew to abandon ship.
© 2025 GZERO Media. All Rights Reserved | A Eurasia Group media company.