Chinese-based hacking proving pervasive, presents opportunities for diplomacy
China's computer hackers have become renown for their persistence and their ability to seemingly strike anywhere. They're also respected for their skills, believed to be among the best in the world.
China’s in a rush to catch up with and surpass the United States, and evidence suggests that hacking into and stealing data from the computers of strategic U.S. companies, research labs and government departments is one of its favored tools.
Hackers in China are now considered among the world’s best, and certainly most prolific, and Washington is amping up its efforts to limit the threat.
A cramped little office, in a hastily developed area of Beijing that still feels half-rural, is home to one of China’s first self-described “patriotic computer hackers.” He talks about how it all began, in college, a couple of decades ago.
“When I took a computer class, and I found an interesting thing called a ‘computer virus.’ A computer virus is a small-size program. If I can learn how to make a computer virus, I can get a special skill,” said Wan Tao.
Wan’s now edging up to middle age, and is, these days, a cyber-security consultant to a large western company. Back then, he was a student at Beijing’s Jiaotong University, known for its computer studies programs. And for turning out some of China’s better cyber-hackers. Wan Tao found his stride as a patriotic hacker in 2001, incensed that a Chinese pilot was killed while trying to thwart a U.S. spy plane.
“Ten years ago, I was an angry young man. I thought ‘Chinese nation is a great nation and we are powerful and we need to be powerful and not so weak,’” Wan said.
So Wan assembled a group of more than 100 hackers, calling themselves the China Eagle Union. It defaced about a thousand U.S. websites, and directed denial-of-service attacks at a couple of American government websites. That was kid stuff, compared to what other Chinese hackers have been up to since.
Alan Paller, the director of research at the SANS Institute in Washington D.C., which does cyber-security training, first became aware of this new breed of cyber-attack from China in 2005, when an attack came from a server in the southern province of Guangdong. It targeted Sandia Laboratories which, among other things, designs and tests nuclear weapons.
“They came into one site,” Paller said. “They found the data that they were looking for. They tarted it up. They hid it in areas of the disk that aren’t easily found, so if they got knocked off they could come back and get it without leaving any evidence. They cleaned up the logs, so there was no record of their having been there. And they did all of that in 30 minutes with no keystroke errors. And they were doing that 24 hours, 7 days a week, from 20 workstations.”
That led Paller to conclude it was probably an attack by the Chinese military. Many subsequent attacks have been traced back to servers in China, including to the Beijing headquarters of the Public Security Bureau. Even a documentary last July on China’s state-run television, CCTV-7 had incriminating evidence.
What caught international attention was a few seconds showing a Chinese computer screen apparently in the act of launching a cyber-attack on an overseas website linked to Falun Gong, a spiritual group outlawed in China.
Still, China’s government's official reaction to accusations of hacking is one of personal affront, as in this comment last year by Foreign Ministry Spokesman Hong Lei.
“Hacking is an international problem, and China is also a victim,” Hong said. “Anyone who suggests the government supports hacking has ulterior motives.”
It is true that China is also the victim of hacking, most recently by the hacker Hardcore Charlie, who poached email from the server of China Electronics Import & Export Corporation, or CEIEC. That was embarrassing for them, not only because the group deals in defense electronics, but also because the hackers found and made public what appeared to be stolen documents detailing deliveries of supplies to U.S. military facilities in Afghanistan.
James Lewis directs the Technology & Public Policy program at the Center for Strategic and International Studies in Washington.
“I don’t burst into tears that they are doing this. There’s a point where you’ve gone sort of past what is internationally acceptable and they’re well past that point,” he said. “Some people got really indignant ‘How dare they spy on us?’ Of course they are going to spy on us. What I get indignant about is we have been so inept in responding to it.”
By “it,” he means a massive and accelerating effort by Chinese hackers — official, unofficial, and everything in-between — to steal invaluable strategic and economic data, sometimes whole industries-worth, from the United States and elsewhere.
Lewis leads a set of talks and war games with Chinese counterparts on cyber issues, called Track 1.5 Diplomacy. One goal is to prevent cyber-attacks from escalating into military hostilities, something the Chinese don’t want.
“They’re pulled in two directions. They don’t want to fight with the U.S. They like the fruits of espionage because they really get some good stuff. So I detect a really high degree of ambivalence, sort of a conflict. They like doing it. They know it’s painful. So they are not at a point where they are willing to give it up, absent some kind of external pressure,” Lewis said.
President Barack Obama has pledged to get tougher on cyber-espionage and possible cyber-attacks from China and elsewhere. Just last month, the Obama Administration simulated a cyber-attack on New York City’s power supply as a demonstration for senators, who are considering two competing cyber-security bills.
Alan Paller said while the political dickering goes on, American entities, including companies, need to defend their data. And not just the companies you’d think. He said Britain’s intelligence chief knows that.
“The head of MI5 sent a letter to the largest 300 companies in the U.K., saying, ‘if you are doing business with these guys, they are attacking you with exactly the same tools they are using to attack the military,’” Paller said. “And the reason they’re doing it is they want your playbook. He also said, ‘they’re coming after your lawyers.’ The lawyers often have the playbook for the company in an easier-to-find form than the company itself.”
If any more incentive to take preventative measures is needed, former hacker Wan gives a window into how Chinese hackers think.
”I don’t think hacker economics means crime,” he said. “’Hacker,’ to some degree, means searching for the truth. Hackers are just action people.”
Wan said, on the Internet, information wants to be free, and information in someone’s bank account, or in a company’s email account is just more information.
That said, he did initiate a code of conduct last year urging other hackers not to hack for profit. Asked whether he thinks Chinese government information wants to be free, too and whether he ever tried to hack that, Wan said no.
“The Chinese government would take that action as a computer crime.”
They certainly would consider it a crime.
But the government has been known to turn skilled cyber-hackers to work with the government. Wan said he was never interested.
A nine to five job was never his thing.
"PRI's "The World" is a one-hour, weekday radio news magazine offering a mix of news, features, interviews, and music from around the globe. "The World" is a co-production of the BBC World Service, PRI and WGBH Boston. More about The World.