Critical Infrastructure Security, Threat Management, Vulnerability Management

Security report finds Chinese cyberspying threat growing

A new report prepared for the U.S.-China Economic and Security Review Commission has concluded that the Asian nation is likely using his sophisticated IT systems to spy on America.

The report, released Thursday, analyzed China's information warfare strategy and offered up a case study in which an unnamed U.S. company was infiltrated by hackers to collect research-and-development information. Prepared by defense contractor Northrop Grumman, the report cited evidence that suggested the Chinese government endorsed that mission.

"China is likely using its maturing computer network exploitation capability to support intelligence collection against the U.S. government and industry by conducting a long-term, sophisticated, computer network exploitation campaign," the report said. "The problem is characterized by disciplined, standardized operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks and an ability to sustain activities inside targeted networks, sometimes over a period of months."

The report, citing U.S. Air Force statistics, said a campaign ongoing since 2007 to steal sensitive information from U.S. government and defense contractor networks has amounted to 10 to 20 terabytes of data loss. Much of that appears to be at the hands of the Chinese, the report said.

However, the report did not definitively connect Chinese cyberspionage with sponsorship from the government or military.

"Little evidence exists in open sources to establish firm ties between the PLA (People's Liberation Army) and China's hacker community; however, research did uncover limited cases of apparent collaboration between more elite individual hackers and the (People's Republic of China) PRC's civilian security services," the report said. "The caveat to this is that amplifying details are extremely limited and these relationships are difficult to corroborate."

Still, considering "the depth of resources" needed to perpetrate such attacks, and considering the hackers appear to be after intellectual property and not financial information for a quick monetary gain, the activity is likely state-sponsored, the report said.

James Lewis, senior fellow and program director at the Center for Strategic and International Studies, said he was not surprised by the report's conclusions. For one, he said the commission -- a bipartisan body formed by Congress in 2000 to investigate the security threat of China given America's growing trade with the country -- often reaches a biased outcome.

"Their motto is, 'If your dog is sick, blame China,'" Lewis told on Thursday. "I've testified in front of them a couple of times and I've given up. They don't want to hear balanced stuff."

Other countries, including Russia, also are to blame, he said. And the United States itself conducts similar cyberespionage missions.

Alan Paller, director of research at the SANS Institute, said China typically is the nation most associated with digital spying because of its tendency to throw large numbers of individuals at U.S. government networks.

"They're the most visible," he said. "Their technique is more open than the others. It is that they have more people. Their methods are more focused on grabbing everything and let the people sort out what's important, whereas other nations are more focused on finding the specific elements they want. China is just louder."

Lewis said whether Chinese government is sponsoring the intrusions is not the issue. Rather, the federal government must push for better international cyberspace rules and enhanced law enforcement.

He noted that China and Japan are not part of the Council of Europe Convention on Cybercrime, an international treaty consisting of some 45 signatories and 15 parties that is designed to standardize laws.

"We're ineffective in dealing with the problem," Lewis said. "We've been the target of espionage for more than two decades, and we haven't been able to formulate a good response for it."

Paller, meanwhile, said federal agencies must implement significantly better technologies to "finding [an attack] when it happens and cleaning it out fast."

A spokesman for the Chinese Embassy in Washington called the report a "product of Cold War mentality" and said the report's accusations were "unfounded and unwarranted," according to a report Thursday in the Wall Street Journal.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.