China: A Source of Cyber Attacks?

06 Jun, 2013    ·   3978

Namrata Hasija deconstructs the trends and modus operandi of Chinese hacking attacks vis-a-vis the US government

Namrata Hasija
Namrata Hasija
Senior Research Officer

For the first time, a report released by the Pentagon in May has directly linked the Chinese government to cyber attacks on American diplomatic, economic and defence sectors. Also in the last week of May 2013, the Australian Broadcasting Corporation (ABC), reported that blueprints of a new domestic intelligence hub had been stolen by a server in China.

Soon after this on 28 May 2013, the Washington Post reported that the Pentagon had found that Chinese hackers had accessed classified designs of the US weapons system including advanced Patriot missile systems called PAC-3, an Army anti-missile system known as Thaad, and the Navy's Aegis ballistic-missile defence system. Subsequently, the Pentagon has warned the US government to safeguard against what it calls a 'digital Pearl Harbour.’

Why is the Chinese government under the scanner for these attacks? Can a trend be identified in these attacks? What has been and what is likely to be the reaction of Chinese government to these allegations?

China as the Source
Numerous incidents of hacking have been linked to China and even its top telecom companies’ authenticity in this regard has been questioned. A report of the US House of Representatives committee in October 2012 recommended that top Chinese telecommunication companies like Huawei and ZTE pose a national security threat to the US and they should be barred from contracts and acquisitions in the country. Indeed, the U.S. is not the only country that has voiced its concern regarding these two Chinese companies; India and Australia have also shown their concern. ‘Shadows in the Cloud’, a report submitted by the Global Affairs of the University of Toronto reported that a number of computers in Indian establishments and countries close to the Dalai Lama have been compromised.

The New York Times (NYT) faced hacking attacks after an article about Wen Jiabao’s family wealth was published in 2012. The article’s author, David Barboza and his predecessors’ computers were hacked initially but later more than fifty personal computers of the NYT’s employees were hacked. The suspicion against China was further strengthened after Mandiant, the company that was hired to investigate - released its report in February 2013. The report alleged that many cyber attacks on US since 2004 were linked to a site of a military unit in Shanghai. This unit was named as unit 61398 and according to Mandiant it has already stolen hundreds of terabytes of data from at least 141 organisations around the world. The report  states that the nature of Chinese espionage has changed from just stealing designs and company secrets to accessing key parts of US infrastructure like gas lines, power grids, waterworks and so on.

Spear Phishing and the Chinese Response
The modus operandi of these attacks is usually using spear-phishing . This means  that an email or link containing malicious code is sent to the person whose computer is intended to be hacked. When the concerned person clicks on the link or email the hackers break into the system. Mandiant found that to hide the origin of some attacks many were routed through computers in US universities. The Pentagon Report points out that the skills required to carry out such intrusions are similar to those required for computer attacks which is a matter of concern for US.

The response of the Chinese government has been one of denial and they have held the US responsible for cyber attacks in China. The government has stated that it is against cyber crime and US is stronger than China and China should be afraid of superior American IT technology. Huawei founder and chief executive, Ren Zhengfei also broke his silence regarding security allegations by US. He said that his company is not responsible for any cyber security threats that US has faced and their equipment is not being used or purchased by any US government agency. However, he was silent on its connection with the Chinese army and also their share in the ownership of the company. 

The US from its side has brought the issue of cyber security into every meeting with the Chinese. Even President Barack Obama has gone on record to state that America is presently engaged in tough talks with China over the cyber attacks. However, the issue is too complex and allegations for cyber attack cannot be proved as they are anonymous and transnational.

The larger issue is that in China there are three kinds of hackers; state, private and criminal. The military unit pointed out by Mandiant is just a spider in the huge web of Chinese hackers. James Clapper, US Director of National Defence opines that the danger of cyber attacks  has become a bigger threat than terrorism. The US is demanding three things from China as reported by the New York Times; public recognition of the urgency of the problem, a commitment to crackdown on hackers in China; and an agreement to take part in the dialogue to establish global standards.

Though this issue has been discussed between both countries many times, the June meeting of Xi Jinping and Barack Obama in California is being awaited for further serious discussion on the issue of cyber security. However, with no concrete evidence and an ongoing blame game between both sides,  ambiguity will remain.