US cybersecurity report points accusing finger at China

An annual report to Congress says China is the biggest threat to US cybersecurity, spelling out in some detail who might be doing the cyberspying.

Kyodo News/AP/File (bottom); Yuriko Nakao/REUTERS/File (top)
A congressional report released Wednesday suggests that cybertheft might have helped the Chinese military copy aspects of the Lockheed Martin F-22 stealth fighter (top) in its J-20 stealth fighter (bottom).

The sheer volume of Chinese cyberespionage directed against the United States, together with its increasing sophistication, "make China the most threatening actor in cyberspace," concludes a new government report released Wednesday.

While it is still unknown who in China, specifically, is doing the hacking, technical gains are helping trackers trace cyberespionage "campaigns" back to the country. Among the culprits, according to the annual report to Congress of the US-China Economic and Security Review Commission:

  • The People's Liberation Army.
  • Informal "cyber warfare militia" composed of workers with high-tech day jobs that focus on military communications, electronic warfare, and computer network operations.
  • Three intelligence and security service ministries.
  • Patriotic hackers conducting espionage out of nationalist fervor.
  • Criminal hackers conducting industrial espionage for private, state-owned, or government clients.
  • Big IT companies and telecommunications firms.

"China’s cyber capabilities provide Beijing with an increasingly potent tool to achieve national objectives," the congressional report states. "In a strategic framework that leans heavily on cyber espionage, a diverse set of Chinese hackers use pilfered information to advance political, economic, and security objectives."

The report cites China’s new J-20 stealth fighter jet as an example. Photos of the J-20 show similarities with the Lockheed Martin F-22. The photos revived “concerns that human, cyber, or other forms of espionage may have played a role in the J-20’s development,” the report says.

The report also notes other examples of “malicious Chinese cyber activity” in 2012, including successful attacks on NASA networks and spear phishing e-mails targeting the White House Military Office, which assists in presidential communications and travel.

Chinese hackers have long appeared less sophisticated than those in Russia. But there are signs that is changing. In January, a China-based attack targeted the "secure authentication" system of the Defense Department's Common Access Card standard, one of the Pentagon's most secure systems.

Moreover, Chinese hackers reportedly used thumb drives and compact discs to infiltrate computers belonging to India's Eastern Naval Command, which had no connection to the Internet. Infiltrating weapons systems, including missiles, aircraft, ships, and ground systems is a Chinese focus, US military officials testified this year.

Citing a study by Akamai Technologies, the congressional report suggests that 16 percent of Internet attacks worldwide originate in China – making it the world’s top offender. Another cited study, by a service provider named CloudFlare, notes that global Internet attacks declined by more than half on Oct. 1, 2011 – China’s national holiday.

Chinese embassy officials in Washington routinely deny responsibility for cyberespionage against US targets.

"China's rapid development and prosperity are attributed to its sound national development strategy and the Chinese people's hard work, as well as China's ever enhanced economic and trade cooperation with other countries that benefits all," a spokesman for the Chinese Embassy wrote in an e-mail responding to a government report last year on cyberspying. "Willfully making unwarranted accusations against China is irresponsible, and we are against such demonization efforts as firmly as our opposition to any forms of unlawful cyberspace activities."

Curiously, cybertheft could hurt China’s economic and military prospects in the long run, some suggest.

"China’s national strategy to acquire technology illicitly from Western companies handicaps its own development," James Lewis, a cybersecurity expert at the Center for Strategic and International Studies wrote in a recent issue of Foreign Affairs magazine. "Beijing’s economic plans have for decades emphasized the need to build indigenous high-tech industries and reduce dependence on foreign producers. Pilfering Western technology is a crutch that keeps China from moving up the ‘value chain’ and becoming a nation of innovators."

The US is working to develop a response to the threat it sees in China. In 2010, US Cyber Command became fully operational within the Defense Department. Beyond that, the White House reportedly issued on Wednesday a secret policy document that outlines what actions the US military can take against cyberattacks.

In a world where the line between cyberespionage and a cyberattack on a computer network can be exceedingly fine, the directive points to the dangers of an escalating cyberwar. Indeed, the congressional report says China's cyberespionage has also alienated Japan and some European countries, in part spurring them to embark on a cyberweapons race the report calls "destabilizing."           

"We're all continuing to build our military forces while at the same time making all these semi-threats to each others," says John Bumgarner, research director for the US Cyber Consequences Unit, a nonprofit security think tank that advises government and industry. "We're all economic partners, but we're all on this cyberespionage path where people are routinely breaking in to steal the latest and greatest fighter plane plans. At some point, it may cross the line and become an act of war. In the cyber world, that line is a very blurred line. It's a path we need to get off."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.