China and the World, Talking Point

Hacked off

Beijing furiously denies hacking claims. Is a cyber cold war beginning?

Hacked off

Clicks and mortars: US firm Mandiant says hackers work for Chinese military. Beijing says the report is wrong

The world’s most famous computer hacker was born either on March 11, 1962 (according to his criminal record), or September 3, 1971 (according to his passport).

In spite of the shadowy nature of his occupation, we know a lot about Thomas Anderson. He started his career at the software firm Meta Cortex but found the work monotonous and frustrating. He was frequently late for work, disliked his boss and his evaluations said he had a problem with authority. Unmotivated by his day job, Anderson was much more excited by his nocturnal activities: hacking into computer networks to steal information for his clients. To the online world he was known as Neo.

Anderson’s career reached a turning point, according to Wikipedia, when his activities got the attention of the authorities. He was warned to stop hacking but this only fuelled his spirit of rebellion.

Of course, Neo is a fictional character – played by Keanu Reeves in the 1999 blockbuster The Matrix. But if recent news is anything to go by, Neo’s real life equivalent today is far more likely to be Chinese. That, perhaps, is where the parallels between fact and fiction end. Neo is portrayed as the good guy, who learns how to dodge bullets in his quest to save humanity. In contrast the characterisation of China’s hackers has been anything but positive. They became a hot topic last week after an American firm published a report alleging that Chinese hackers known as the Comment Crew had stolen technology from more than 100 Western companies. Even more sensationally, it was alleged that the group was an elite unit of the People’s Liberation Army.

The ensuing controversy has received heavily skewed media coverage: American and European newspapers have warned of a new ‘cyber cold war’, while Beijing’s state-owned media has poured scorn on the claims, citing it as yet another example of China-bashing.

What’s the background?

Over the past few months a number of Western media organisations have gone public with complaints about being hacked. The New York Times and the Wall Street Journal are two of the most prominent institutions to cry foul. The owner of the Journal, Rupert Murdoch even tweeted last month: “Chinese still hacking us, or were over the weekend.”

Media interest mushroomed after the publication of excerpts of Eric Schmidt’s forthcoming book. In it, the executive chairman of Google reportedly brands China as “the most sophisticated and prolific” hacker of foreign companies. But it was the release last week of a report by Mandiant, a US cyber security firm, that pushed Chinese hacking back to the top of the news cycle, prompting a furious response from Beijing. After a six year investigation Mandiant had documented the hackers’ methods, as well as the types of malware being used to infiltrate networks. It also claimed that almost 1,000 computer servers – used by expert hackers – could be traced back to Shanghai. These all routed to an area of the city housing a military body known as Unit 61398.

The Economist pointed out the report demanded attention, owing to Mandiant’s “sound pedigree” and the manner in which the findings had been “meticulously documented”. The assessment, it said, was a “bombshell”, seeming to prove “this gang is actually an elite unit of the People’s Liberation Army”.

“Nobody knows how many billions of dollars cybercrime costs businesses,” the magazine concluded. “But pretty much everyone has come to believe that China is the most egregious offender.”

The news story fast became political, especially in the United States. On the ABC News programme This Week on Sunday, Mike Rogers, the chairman of the House Intelligence Committee, was asked whether he believed that the Chinese military and civilian government were behind the economic espionage. “Beyond a shadow of a doubt,” the Republican congressman replied.

Not that anxiety about Chinese hacking activity is new. Last year General Keith Alexander, head of the US Cyber Command, said China had stolen a “great deal” of American military technology through hacking, reports TIME.

But it’s getting more worrying?

The Mandiant report seems to indicate an escalation in activity, with TIME suggesting “the rise of China’s hackers points to a troubling new front in global conflict”. FBI Director Robert Mueller has even predicted that cybercrime by the Chinese and others will soon replace terrorism as America’s biggest threat.

The scale of activity is also becoming better known. The Washington Post writes: “Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.”

It continues: “The list of those hacked in recent years includes law firms, think tanks, news organisations, human rights groups, contractors, congressional offices, embassies and federal agencies.”

The New York Times reckons Chinese hackers have also gained access to the systems of an American defence contractor, as well as a company that helps US utilities manage their pipelines. It was another of the media organisations to use the term “cyber cold war” to describe the increasing threat from state-backed Chinese hacking.

The scale of the hacking – which uses malware software to gain access to computer networks – is reckoned to be motivated by two goals: to steal valuable intellectual property from Western firms and to compromise national security, particularly that of the US.

But is it government orchestrated?

It’s certainly well organised. McAfee, an IT security firm, initiated a separate investigation when one of its clients reported suspicious activity. It found that the attacks began at 9am Beijing time and ended at 5pm on the dot. They were also conducted only on weekdays – even cyber spies insist on their weekends off, it seems.

Jon Stewart of Dell SecureWorks is another expert who has been investigating Chinese cyber activities. According to Bloomberg Businessweek, Stewart says Chinese spies have rented or hacked about 24,000 internet domains “for the purpose of espionage”. Activity is on the increase too. Stewart claims to be tracking at least 10 teams, who have deployed more than 300 malware programmes recently – double his count from a year ago.

“There is a tremendous amount of manpower being thrown at this from their side,” Stewart told Bloomberg.

The implication? With its vast pool of engineering graduates – and a bigger PC market than the US – China is now in a position to field the world’s largest cyber army.

“China has so many more people who are able to hack than any other country,” Murray Jennex, a cybersecurity expert at San Diego University told TIME. “This could get real serious, real fast.”

The Chinese response?

The response in Beijing to the Mandiant report was flat denial. The Defence Ministry said the document lacked “technical proof” either that the hacking derived from China or was linked to the military.

And while much of China’s press will have been under orders to avoid comment, the state media still put out some spirited editorials.

The Global Times said the notion of a Chinese military unit being behind cyber attacks on the US was “an absurd allegation”. It turned its fire on America’s own cyber army. “Hackers first appeared in the US and have helped the government a great deal,” it insisted. “The country has the largest number of top hackers, and the very best of them work in the Pentagon.”

So what was behind the recent media furore and the “insane accusations”? The Global Times suspected a cunning ploy by the US to retain military hegemony: “We strongly suspect that the US’ exaggerations of the threat posed by Chinese hackers are aimed at creating an environment to accelerate its capability to carry out a cyber war. It may be building up excuses for future public cyber attacks.”

The newspaper was disdainful of such efforts, warning that Sino-American relations had been damaged. “China has no obligation to foster ties when some Americans spit on it,” was its conclusion.

The China Daily said the allegations were on “shaky ground” and “irresponsible”. It also highlighted that China faced serious cyber attacks itself and “a considerable number of these attacks could be traced back to IP addresses in the United States.”

It also said that other agendas were being pursued: “This round of US accusations against China is nothing new as the country has been regularly targeted as the home of hackers in recent years. But with the so-called China cyber sabotage and espionage continuing to make headlines in the US media this week, one cannot help but ask the real purpose of such a hullabaloo.

“With the US economic recovery dragging its feet, it is reasonable to think that some in Washington may want to make China a scapegoat so that the public’s attention is diverted away from the country’s domestic woes.”

Xinhua weighed in too, deriding Mandiant’s “false accusations” and castigating the report as a “commercial stunt” designed to help the security firm sell more of its services.

Will cyber tensions heighten?

The Obama administration looks to be avoiding a war of words. “American officials said privately that they had no problems with Mandiant’s conclusions, but they did not want to say so on the record,” reports The New York Times.

The newspaper added that a similar approach was at work when the Obama administration gave internet providers a lengthy list of computer addresses linked to a hacking group, but carefully left out one crucial fact: “Nearly every one of the digital addresses could be traced to the neighbourhood in Shanghai that is headquarters to the Chinese military’s cyber command.”

This “deliberate omission” reflected “heightened sensitivities” over confronting China’s new and “untested” leadership on the hacking issue.

Of course, the danger of repeated references to ‘cyber war’ is that the public in both countries becomes increasingly conditioned to view each other as a military threat or ‘enemy’.

But as the New York Times points out “defining enemies” is getting more complicated – in fact America’s relationship with China is perhaps the hardest to define of all.

The newspaper observes: “China is not an outright foe of the United States, the way the Soviet Union once was; rather, China is both an economic competitor and a crucial supplier and customer. The two countries traded $425 billion in goods last year, and China remains, despite many diplomatic tensions, a critical financier of American debt.”

So for the moment, more a propaganda war?

The Chinese government is clearly frustrated by the hacker charges and returned to the offensive this week. According to the Shanghai Daily, the defence ministry sought yet again to shift the onus for hacking and cyber warfare back to the Americans.

At a news briefing it announced that two Chinese military websites were hacked from overseas a total of 144,000 times a month in 2012. Ministry spokesman Geng Yansheng noted that 62% of the attacks came from the US.

The Wall Street Journal said Geng’s briefing was significant, since it was “the most specific statement to date from the Chinese government” since Mandiant released its investigative report. By detailing the percentage of attacks from American servers, it also cast itself more as victim than predator.

The US newspaper acknowledges that this issue is not going to be resolved fast. “The Chinese allegations illustrate how online attacks are becoming a major irritant to US-China relations,” comments the Journal.

© ChinTell Ltd. All rights reserved.

Sponsored by HSBC.

The Week in China website and the weekly magazine publications are owned and maintained by ChinTell Limited, Hong Kong. Neither HSBC nor any member of the HSBC group of companies ("HSBC") endorses the contents and/or is involved in selecting, creating or editing the contents of the Week in China website or the Week in China magazine. The views expressed in these publications are solely the views of ChinTell Limited and do not necessarily reflect the views or investment ideas of HSBC. No responsibility will therefore be assumed by HSBC for the contents of these publications or for the errors or omissions therein.