Chinese Cyberspying Debate Renewed By Security Firm Report
As a massive cyberspying operation came to light on Wednesday, revealing more than 70 targets in 14 countries, security experts pointed the finger at a familiar culprit: China.
The report by the security firm McAfee did not say who was behind the operation, but the timing of the spying and the list of targets -- which included South Korea, Japan and Taiwan, but not China -- renewed speculation that Beijing is actively engaged in cyber espionage to steal state secrets and intellectual property.
"Who else is going to spy on Taiwan?" asked James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies.
The report detailed a five-year campaign to steal closely-guarded national secrets, source code, email archives and negotiation plans from governments, companies and nonprofit agencies around the world, including the United Nations, the International Olympic Committee and a Department of Energy research laboratory. Forty-nine of the 72 identified targets were located in the United States, the report said.
In one example, hackers began spying on the computer networks of the International Olympic Committee and the Olympic committees of two unidentified Asian countries and one Western country in the months leading up to the 2008 Olympic Games in Beijing, the report found.
In another, hackers infiltrated the system of the Association of Southeast Asian Nations Secretariat for 10 months starting in October 2006, one month before the organization's annual summit in Singapore. China is not a member of ASEAN.
The attacks, when seen in the context of those geopolitical events, strongly suggest that China was involved, experts say.
"When you look at the attacks and the motivation behind them, all roads are leading to Beijing," said Harry Sverdlove, chief technology officer at the security firm Bit9.
The report was not the first to raise speculation about China's involvement in cyber espionage. More than a year ago, a string of cyber attacks nicknamed "Operation Aurora" affected more than 30 companies, including Google, which claimed that Chinese hackers stole its intellectual property and tried to break into Gmail accounts of U.S. government officials, Chinese activists and foreign journalists.
At a press conference in June, Chinese Foreign Ministry spokesman Hong Lei denied the country's role in the attacks against Google, saying Beijing "staunchly opposes" computer hacking and has been a victim of cyber attacks itself.
And other security experts caution against quickly blaming China for cyber espionage. They say attributing such operations is difficult because hackers have become increasingly adept at disguising their origin.
"We have hard evidence of some early attacks coming directly from China, but recent attacks are harder to attribute with substantive evidence," said Alan Paller, director of research at SANS institute, a training organization for cybersecurity professionals.
Two years ago, Canadian researchers discovered a widespread cyberspying operation called "GhostNet," which had attacked nearly 1,300 computers in more than 100 countries, mainly in Southeast Asia. The intruders had gained access to emails from the Dalai Lama’s organization, leading to speculation that China may have been involved.
But while most of the hackers' computers were controlled from China, the researchers did not point the finger at the Chinese government.
"Attributing all Chinese malware to deliberate or targeted intelligence gathering operations by the Chinese state is wrong and misleading," said the report by researchers at the Munk Center for International Studies at the University of Toronto. "With more creative people using computers, it's expected that China (and Chinese individuals) will account for a larger proportion of cybercrime."
Sverdlove said he was not surprised that McAfee and other security researchers have not directly blamed China. He said there is pressure, particularly on government leaders, not to point fingers at other countries for cyberspying because it leads to an uncomfortable question.
"There's pressure to not name names because the consequences of doing so are still unknown," he said. "If China is stealing state secrets, the next question is: 'What do we about that?'"