China’s campaign of cyber attacks has reached epidemic proportions. Can anything be done to stop it?
- By Adam Segal<p> Adam Segal, the Ira A. Lipman Senior Fellow at the Council on Foreign Relations, writes for the Asia Unbound blog. Follow him on Twitter @adschina. </p>
In an extraordinary story that has become depressingly ordinary, the New York Times reports that Chinese hackers "persistently" attacked the newspaper, "infiltrating its computer systems and getting passwords for its reporters and other employees." The attacks began around the time journalists were preparing a story on the massive wealth the family of China’s Prime Minister Wen Jiabao has allegedly accumulated, but the methods, identification, and apparent objectives of the hackers have been seen before in previous attacks on defense contractors, technology companies, journalists, academics, think tanks, and NGOs. Bloomberg, which published a story on the wealth of the family of Xi Jinping, China’s top leader, has also been reportedly attacked. While just one case in a sweeping cyber espionage campaign that appears endemic, the attack on the Times does highlight both the willingness of Beijing lean out and shape the narrative about China as well as the vulnerability the top leadership feels about how they are portrayed.
As with many cases of cyber espionage, the break-in is assumed to have started with a spear-phishing email, a socially engineered message containing malware attachments or links to hostile websites. In the case of the attack on the security firm RSA in 2011, for example, an email with the subject line "2011 Recruitment Plan" was sent with an attached Excel file. Opening the file downloaded software that allowed attackers to gain control of the user’s computers. They then gradually expanded their access and moved into different computers and networks.
Once in, the hackers are pervasive and fairly intractable. The hackers involved in the attacks on the British defense contractor BAE Systems, for example, were reportedly on its networks for 18 months before they were discovered; during that time they monitored online meetings and technical discussions through the use of web cameras and computer microphones. According to Jill Abramson, executive editor of the Times, there was no evidence that sensitive information related to the reporting on Wen’s family was stolen, but in previous cases hackers encrypted data so that investigators had a difficult time seeing what was actually taken.
Evidence that the hackers are China-based in all of these cases is suggestive, but not conclusive. Some of the code used in the attacks was developed by Chinese hacker groups and the command and control nodes have been traced back to Chinese IP addresses. Hackers are said to clock in in the morning Beijing time, clock out in the afternoon, and often take vacation on Chinese New Year and other national holidays. But attacks can be routed through many computers, malware is bought and sold on the black market, groups share techniques, and one of the cherished clichés of hackers is that they work weird hours.
Perhaps the most compelling evidence has been the type of information targeted. The emails and documents of the office of the Dalai Lama and Tibetan activists, defense industries, foreign embassies, journalists, and think tanks are not easily monetized and so would apparently have little attraction to criminal hackers. The information contained in them would be of much greater interest to the Chinese government.
Beijing is pushing its Internet power outside of China into the rest of the world. At home, it controls the flow of information on the Web domestically through censoring and filtering technologies as well as attempts to steer conversations or drown out opposition on social media sites by government-paid commentators, known in China as the 50 Cent Party for the going rate per posting. What the New York Times and other hacks demonstrate is the desire to shape international political narratives as well as gather information from those who might influence the debates on topic of importance to Beijing. The Times‘ worry that the hackers might take the paper offline on election night also reveals an attempt at intimidation as well as influence.
What will also be dispiritingly familiar in the aftermath of the attacks is the discussion about what can be done. Over the last several years, U.S. government officials have mounted an increasingly public campaign of naming and shaming China. But this has had little effect, and the Chinese response has been one of denial, calling the accusations "irresponsible," noting that hacking is illegal under Chinese law, and pointing out that China is also a victim of cyber crime, most of it coming from IP addresses in Japan, South Korea, and the United States.
So what can be done? Private security experts and U.S government officials say they are getting better at attributing attacks to groups and individuals. If that is the case, then the United States may begin to think about targeted financial sanctions or visa restrictions on identified hackers. What might cause the most difficulty for Beijing, however, are private and government efforts to ensure that reporting of the caliber of New York Times and Bloomberg is made widely available within China through translation and efforts to circumvent the Great Firewall of China. U.S. diplomatic cables posted online by WikiLeaks suggested that the hack on Google in January 2010 was ordered by a member of the Politburo who "typed his own name into the global version of the search engine and found articles criticizing him personally." Wen Jiabao and Xi Jinping might have had the same reaction.
John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.| The Complex |
Josh Rogin covers national security and foreign policy and writes the daily Web column The Cable. His column appears bi-weekly in the print edition of The Washington Post. He can be reached for comments or tips at firstname.lastname@example.org.
Previously, Josh covered defense and foreign policy as a staff writer for Congressional Quarterly, writing extensively on Iraq, Afghanistan, Guantánamo Bay, U.S.-Asia relations, defense budgeting and appropriations, and the defense lobbying and contracting industries. Prior to that, he covered military modernization, cyber warfare, space, and missile defense for Federal Computer Week Magazine. He has also served as Pentagon Staff Reporter for the Asahi Shimbun, Japan's leading daily newspaper, in its Washington, D.C., bureau, where he reported on U.S.-Japan relations, Chinese military modernization, the North Korean nuclear crisis, and more.
A graduate of George Washington University's Elliott School of International Affairs, Josh lived in Yokohama, Japan, and studied at Tokyo's Sophia University. He speaks conversational Japanese and has reported from the region. He has also worked at the House International Relations Committee, the Embassy of Japan, and the Brookings Institution.
Josh's reporting has been featured on CNN, MSNBC, C-Span, CBS, ABC, NPR, WTOP, and several other outlets. He was a 2008-2009 National Press Foundation's Paul Miller Washington Reporting Fellow, 2009 military reporting fellow with the Knight Center for Specialized Journalism and the 2011 recipient of the InterAction Award for Excellence in International Reporting. He hails from Philadelphia and lives in Washington, D.C.| The Cable |