US: Hacking attacks are constant topic of talks with China
By ANITA KUMAR AND TOM LASSETER | McClatchy Newspapers | Published: February 19, 2013
WASHINGTON — Obama administration officials acknowledged Tuesday that China’s involvement in cyberattacks on sensitive U.S. companies is a near-constant subject of conversation between the nations’ officials but that there have been few signs that China is willing to stop the attacks.
“We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so,” White House spokesman Jay Carney said.
Carney’s statement came on the day that an Alexandria, Va., Internet security firm released one of the most detailed reports to date asserting that hacking is officially condoned in China. In the report, Mandiant Corp. said it had tracked online attacks on at least 141 companies and organizations since 2006 to a People’s Liberation Army organization known as Unit 61398. Of those 141 targets, 115 were in the United States, according to Mandiant’s 74-page report.
“Our research and observations indicate that the Communist Party of China … is tasking the Chinese People’s Liberation Army … to commit systematic cyber espionage and data theft against organizations around the world,” the report said.
The accusations will further strain tensions between the United States and China, a nation of growing economic and military influence.
“China is a rising power. It’s using everything at its disposal to be competitive,” said Harold Brown, a former defense secretary who led a U.S. commission to investigate China’s cyber, military and economic capabilities. “It’s weak in some ways, so it looks to gain advantages in other ways.”
In a regularly scheduled news briefing Tuesday, the Chinese government denied official involvement in online hacking and pointed out that China itself is regularly subjected to such attacks.
“Groundless criticism is irresponsible and unprofessional, and it will not help to solve the problem,” Foreign Ministry Spokesman Hong Lei said.
White House officials declined to comment on specific allegations in the report but called cybersecurity a “major challenge.”
“The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information,” Carney said. “That’s why the United States government is taking an active approach in addressing the issue of cybertheft.”
State Department spokeswoman Victoria Nuland said hacking came up at virtually every meeting of Chinese and U.S. officials.
“What we have been involved with is making clear that we consider this kind of activity a threat, not only to our national security but also to our economic interests,” Nuland said.
Administration officials say they’ve strengthened government networks, released technical information to private companies and engaged every agency and department in fighting cyberthreats through diplomatic, military and economic means.
Last week, President Barack Obama signed an executive order aimed at improving the security of the computer networks that direct the nation’s crucial infrastructure systems, such as electricity, finance and transportation. The order, which doesn’t need congressional approval, directed federal agencies to share more information and companies to voluntarily comply with a government-led framework to combat online threats.
“Our enemies are … seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems,” Obama said in his State of the Union address last week. “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
Democrats on Capitol Hill quickly praised Obama’s effort, but cybersecurity experts say the executive order doesn’t go far enough, in part because the president is limited in his actions.
Melanie Teplinsky, an American University law professor who has written and spoken extensively on cyberlaw issues, said the federal government needed to take a tougher stance on hacking, imposing trade sanctions and civil penalties on those suspected of involvement.
“All of these things (the government is doing) are focused on building a stronger fortress,” she said. “But while we’re building bigger walls, they are building bigger ladders. … We need to change our approach.”
Congress has debated, but failed to pass, legislation to combat hacking. Last week, Rep. Mike Rogers, R-Mich., the chairman of the House of Representatives Intelligence Committee, reintroduced a bill that would help businesses protect their networks and trade secrets from cyberattacks, mostly through information sharing.
“American businesses are under siege,” Rogers said. “We need to provide American companies the information they need to better protect their networks from these dangerous cyberthreats.”
Sen. Dianne Feinstein, D-Calif., the chairwoman of the Senate Intelligence Committee, said the Mandiant report showed a need for a binding international agreement among nations to prohibit cybercrimes.
“There are already international agreements in place to govern criminal activity and war,” she said. “Cyberattacks are both, but there is nothing currently in place to govern this emerging and increasingly dangerous national and economic security threat.”
Mandiant, which contracts with corporations to help protect their computer systems from hackers, said it had analyzed the intrusions through painstaking examination of electronic clues left behind after attacks. While not naming specific cases, Mandiant said its investigators had sifted for digital “fingerprints” such as Internet protocol addresses and information gleaned from the email addresses used to launch “spear phishing,” emails that carry attachments that, when clicked, allow access to a user’s computer. Those attachments contain dense code that may carry language identifying them as the work of a particular programmer or group.
The report identified one of the buildings from which Unit 61398 works in Shanghai and provided Google Earth images of the white, 12-floor structure.
Mandiant also distributed a copy of what it said was a China Telecom memorandum saying the state-owned company provided Unit 61398 with special fiber-optic lines, and identified Unit 61398’s place within the Chinese military’s command structure: the second bureau of the general staff’s third department, which has a focus including signals intelligence and cybersurveillance.
The study, which was first reported by The New York Times, included a video showing what Mandiant said was screen footage of a member of the group setting up anonymous email accounts used to launch the attacks. Another video recorded a member of the unit allegedly breaking into computer systems online and stealing files.
The industries targeted by Unit 61398, the report said, are consistent with those that China has marked as being strategically important to its growth. Mandiant didn’t identify the companies affected, but it said they were from a broad range of sectors including aerospace, energy, telecommunications and scientific research. All but two of the attacks took place in English-speaking countries, the report said.
Among the types of information stolen, the report said, were system designs, manufacturing procedures, contract negotiation positions and business plans.
Staff writer Hannah Allam contributed to this report.