Kevin Egan, a former prosecutor here who has represented people fighting extradition to the United States, said that Mr. Snowden’s latest disclosures would make it harder for him to fight an expected request by the United States for him to be turned over to American law enforcement. “He’s digging his own grave with a very large spade,” he said.

But a person with longstanding ties to mainland Chinese military and intelligence agencies said that Mr. Snowden’s latest disclosures showed that he and his accumulated documents could be valuable to China, particularly if Mr. Snowden chooses to cooperate with mainland authorities.

“The idea is very tempting, but how do you do that, unless he defects,” said the person, who spoke anonymously because of the diplomatic delicacy of the case. “It all depends on his attitude.”

The person declined to comment on whether Chinese intelligence agencies would obtain copies of all of Mr. Snowden’s computer files anyway if he were arrested by the Hong Kong police pursuant to a warrant from the United States, where the Justice Department has already been reviewing possible charges against him.[Source]

Xinhua reporter Xu Peixi welcomes Snowden to China and hails him as a brilliant idealist for shedding light on hypocrisy within the U.S. government:

We can see, therefore, that when American politicians and businessmen make accusatory remarks, their eyes are firmly fixed on foreign countries and they turn a blind eye to their own misdeeds. This clearly calls into question the integrity of these rich, powerful and influential figures and gives the definite impression that the U.S. bases its own legitimacy not on good domestic governance but on stigmatizing foreign practices.[Source]

Despite complications shrouding the Snowden case, SCMP reports that the Chinese government has nothing to lose:

“This is a win-win for China,” said David Zweig, director of the Center on China’s Transnational Relations at Hong Kong University of Science and Technology. “I don’t see them losing at this point, the fact that he’s here, running away from the United States with all this information … whether he goes back or whether he goes free. I don’t see this as bad for China.”

Ideally for officials in Beijing, Zweig said, “if they don’t have to get involved and Hong Kong arrests him, and they get the computer, they win.”

Law Yuk-kai, director of Hong Kong Human Rights Monitor, said the Chinese government would be happy to see the case drag on and embarrass the U.S.

“It is a setback for people who want the U.S. to restrain China in its abuse of Internet freedom,” he said.[Source]

The Chinese government appears to be weighing its various options while deciding how to handle the case, the Los Angeles Times reports:

So far, officials in Beijing look to be playing it cool by doing nothing — and that, several experts said Friday, is perhaps the savviest thing they could do.

With some U.S. lawmakers calling Snowden, 29, a traitor and raising questions about whether he has a relationship with a foreign government, any moves by Beijing to contact Snowden could inflame tension with Washington just days after a summit between President Obama and Chinese leader Xi Jinping.

Given that it’s unclear whether Snowden has information that would be particularly valuable to the Chinese — and whether he’d be willing to share it if he did — it’s a risk Beijing may not yet be ready to take.

At the same time, any immediate effort by Beijing to grant Snowden permanent haven or urge him to depart for another locale could raise hackles in Hong Kong. [Source]

The New Yorker’s Evan Osnos, however, foresees bleaker prospects for Snowden.

© nornell for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: cyberattacks, cybersecurity, Edward Snowden, hacking, Hong Kong, Internet surveillance, online spying, U.S. relations
Download Tools to Circumvent the Great Firewall

Li Haidong, a researcher of American studies at China Foreign Affairs University, said the United States is now stuck in the awkward position of having to explain itself to its citizens and the world following the exposure of Washington’s vast Internet snooping program.

“For months, Washington has been accusing China of cyberespionage, but it turns out that the biggest threat to the pursuit of individual freedom and privacy in the US is the unbridled power of the government,”Li said. [Source]

While the NSA story had received coverage in the Chinese press until today, Foreign Policy’s Isaac Stone Fish notes that it had taken a backseat to other stories such as Tuesday’s launch of the Shenzhou X spacecraft. But Snowden’s latest revelations have sparked sharp reaction in China, both in state-run media and on social media platforms. The South China Morning Post reported that Snowden’s latest claims “triggered scathing criticism from Sina Weibo users on Thursday:”

On Weibo, Snowden’s exclusive interview with the Post was promptly translated into Chinese by Sina News, reposted by influential opinion leaders, and commented thousands of times.

“Isn’t this a slap-in-the-face for Obama?” a microblogger wrote. “What a hypocrite US turns out to be despite its endless talks of freedom and democracy.”

“This is exactly a case of a thief yelling ‘thief’,” commented another blogger, referring to recent allegations the US made about cyberattacks from China. [Source]

The Guardian’s Warren Murray reported that a U.S. State Department spokesperson challenged the notion that such allegations, if true, would represent a double standard amid recent U.S. criticism of Chinese cyber attacks. And as China reacted, The New York Times’ Didi Kirsten Tatlow questioned whether U.S. allegations of Chinese cyber espionage are similar to the NSA’s surveillance program:

A U.S. intelligence employee, speaking on condition of anonymity because of the sensitivity of the issue, said the two situations — China’s stealing of trade and military secrets and N.S.A. surveillance to track possible terrorist attacks — are not comparable, calling them “apples and oranges.”

“I can tell you with absolute certainty the U.S. government does not pass on technological secrets obtained through (strictly speaking, as a byproduct of) espionage to U.S. firms, both as a matter of principle and because there is no fair way to do it,” he wrote in answer to an emailed question.

“I recall some senior bureaucrat proposing this some two decades ago — and he got nowhere,” the person wrote, “none of the agencies wanted anything to do with it.”

“China, by contrast, deliberately targets foreign technology for military and commercial purposes,” he wrote, “so this is apples and oranges. But in the propaganda war, that fact won’t matter.” [Source]

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: cyberattacks, cybersecurity, Edward Snowden, hacking, Hong Kong, Internet surveillance, U.S. relations
Download Tools to Circumvent the Great Firewall

Snowden said that according to unverified documents seen by the Post, the NSA had been hacking computers in Hong Kong and on the mainland since 2009. None of the documents revealed any information about Chinese military systems, he said.

One of the targets in the SAR, according to Snowden, was Chinese University and public officials, businesses and students in the city. The documents also point to hacking activity by the NSA against mainland targets.

Snowden believed there had been more than 61,000 NSA hacking operations globally, with hundreds of targets in Hong Kong and on the mainland.

“We hack network backbones – like huge internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” he said.

“Last week the American government happily operated in the shadows with no respect for the consent of the governed, but no longer. Every level of society is demanding accountability and oversight.” [Source]

The Morning Post has published a series of articles based on their correspondence with Snowden, focusing on his claims that the U.S. is “bullying” Hong Kong into his extradition, his desire to let the people of Hong Kong decide his fate, and his fear to contact his loved ones.

In his initial revelatory interview with The Guardian, Snowden answered a question regarding the Obama administration’s protests against Chinese hacking by drawing a parallel: ”we [the U.S.] hack everyone everywhere.” While prominent Chinese dissident Ai Weiwei feels that Snowden’s leak shows that the U.S. that is becoming more like China, The Washington Post asks the question “are Chinese and American hacking really as equivalent as Snowden suggests?”:

[...] It’s both possible and even plausible that the U.S. could be conducting cyber espionage within China that meets or even exceeds China’s efforts. The Obama administration’s joint program with Israel to sabotage Iran’s nuclear program with a virus called Stuxnet might just be the tip of the iceberg. But Snowden’s leaks do not seem to demonstrate that American cyber espionage is near on par with China’s when it comes to hacking into civilian and government systems in foreign countries. [Source]

Click through to see the Post’s comparison of known U.S. and China based cyber campaigns.

An expert voice has weighed in on the question of Snowden’s uncertain future in Hong Kong. Human Right’s Watch’s emergencies director looks at a recent case of Hong Kong cooperating with the U.S. on extradition to express his opinion that Snowden may have unwisely chosen his destination. From The Guardian:

“There’s little doubt [reason] to believe that the Hong Kong authorities would not co-operate with the CIA in this case,” said Peter Bouckaert, who after the fall of Muammar Gaddafi found faxes in Tripoli indicating that the Hong Kong authorities had co-operated with the CIA in rendering an anti-Gaddafi Islamist to Libya.

Snowden said he had chosen Hong Kong as the place from which to reveal his identity as the source of the Guardian’s series of stories about US surveillance because “they have a spirited commitment to free speech and the right of political dissent“, and because he believed that it was one of the few places in the world that could and would resist the dictates of the US government.

Bouckaert, however, said Snowden was mistaken on both points.

[...] On Tuesday, a spokesman for Vladimir Putin said that if Snowden applied for asylum in Russia, the request would be considered.

“If such an appeal is given, it will be considered. We’ll act according to facts,” said Dmitry Peskov. [Source]

Snowden told SCMP, however, that “people who think I made a mistake in picking HK as a location misunderstand my intentions,” and raised eyebrows by saying of Russia that “I am glad there are governments that refuse to be intimidated by great power.”

Update (10:50 pm PST June 12): The Chinese government has offered the first quasi-official response through an article in the China Daily, which said the revelations about NSA surveillance will, “test developing Sino-US ties”:

Li Haidong, a researcher of American studies at China Foreign Affairs University, said the United States is now stuck in the awkward position of having to explain itself to its citizens and the world following the exposure of Washington’s vast Internet snooping program.

“For months, Washington has been accusing China of cyberespionage, but it turns out that the biggest threat to the pursuit of individual freedom and privacy in the US is the unbridled power of the government,”Li said.

Zhang Tuosheng, a researcher at the China Foundation for International and Strategic Studies, said that despite controversies, cybersecurity is still proving to be a new realm for cooperation between China and the US, especially in the wake of this surveillance controversy.

“Beijing and Washington, instead of criticizing each other while hiding their own problems, should work together to facilitate a series of well-observed regulations,”Zhang said. [Source]

© josh rudolph for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: cyberattacks, cybersecurity, Edward Snowden, hacking, Hong Kong, Internet surveillance
Download Tools to Circumvent the Great Firewall

An intelligence source with extensive knowledge of the National Security Agency’s systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.

Provided anonymity to speak critically about classified practices, the source said: “We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world.”

The US likes to haul China before the international court of public opinion for “doing what we do every day”, the source added. [Source]

(Though Snowden was not named in the original article, an identical quote appears in an interview with him published after his identity was revealed on Sunday.)

At Foreign Policy, intelligence historian Matthew M. Aid describes the group within the NSA responsible for much of this intrusion, following one official’s claim last week that China has gathered “mountains of data” on U.S. attacks:

It turns out that the Chinese government’s allegations are essentially correct. According to a number of confidential sources, a highly secretive unit of the National Security Agency (NSA), the U.S. government’s huge electronic eavesdropping organization, called the Office of Tailored Access Operations, or TAO, has successfully penetrated Chinese computer and telecommunications systems for almost 15 years, generating some of the best and most reliable intelligence information about what is going on inside the People’s Republic of China.

[…] The problem is that TAO has become so large and produces so much valuable intelligence information that it has become virtually impossible to hide it anymore. The Chinese government is certainly aware of TAO’s activities. The “mountains of data” statement by China’s top Internet official, Huang Chengqing, is clearly an implied threat by Beijing to release this data. Thus it is unlikely that President Obama pressed President Xi too hard at the Sunnydale summit on the question of China’s cyber-espionage activities. As any high-stakes poker player knows, you can only press your luck so far when the guy on the other side of the table knows what cards you have in your hand. [Source]

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: cyberattacks, cybersecurity, Edward Snowden, hacking, information leak, leaked documents, U.S. relations, United States
Download Tools to Circumvent the Great Firewall

The reaction to Snowden’s leaks and unmasking in China has been muted, however. From Adam Minter at Bloomberg View:

To start with, for Chinese social-media users, surveillance of communications, electronic and otherwise, is a given. What might sound like a horrifying transgression of basic civil rights to an American comes off as a comparatively benign state of affairs to a young Chinese Internet user. Prism hasn’t trended on Chinese social media or search engines.

This is not unknown to the Communist Party-owned media, and it’s probably a reason they’ve avoided Prism over the last several days. Why hype a story that serves to remind Chinese Internet users that the surveillance to which they’ve become accustomed is so much worse than what Americans experience? Indeed, Chinese media — and the Communist Party that controls it — is unusually sensitive to unfavorable comparisons with other people and places, and none so much as Hong Kong

[…] For Chinese newspaper editors, the choice is thus whether to downplay a good spy story happening just across the border or risk highlighting how Hong Kong citizens enjoy a freer political environment. Then again, the Snowden story has been widely available on China’s Internet since early Monday morning, and Internet users — with some exceptions — still don’t seem to care very much. This is really a story about a martyr for rights enjoyed by Americans, not Chinese. [Source]

China Real Time’s Josh Chin found that some netizens did praise Snowden and his actions.

While Mr. Snowden is being celebrated in China, however, his revelations have provoked debate about the integrity of the U.S. government, with many expressing disappointment that it would engage in activities more typically associated with the Communist regime in Beijing.

[…] Not all Chinese Internet users were ready to equate the NSA programs and aggressive pursuit of leakers with China’s own spying and information-control efforts. As bad as the scandal might seem, some argued, the fact that Mr. Snowden managed to push the information out through the media and was able to talk about it days later was evidence that the freedoms enjoyed by U.S. citizens were still something to envy.

“What I want to know is what would have happened if this guy had tried to do this in the Celestial Kingdom,” wrote one microblogger, using a slang term for China. “I’m guessing he would have been killed in a car accident, or died of carbon monoxide poisoning, or something along those lines.”

“Every country [spies on its citizens],” wrote another. “It’s just that we’re already numb to it.” [Source]

As for the Chinese and American governments, Gillian Wong reported that while recent revelations might strengthen China’s hand, both sides share an interest in limiting the fallout. From the Associated Press:

The leaks about Washington’s own domestic surveillance program could end up hurting U.S. efforts to pressure China on cybersecurity, said Zhu Feng, an expert on China-U.S. relations at Peking University in Beijing.

“This case will hurt the U.S. bargaining power and dishonor its own credibility in charging China for cyberattacks. This is truth-telling,” Zhu said. “China will likely tell the U.S., ‘don’t be too high profile, and don’t take the moral high ground.’”

[… Hong Kong University of Science and Technology's David] Zweig said both sides were likely to try to play down the affair, saying they would not want to waste the effort made over the weekend in California.

[…] “The ‘shirt sleeves’ summit looked nice and they looked like they really were trying to kick back, put up their feet and talk about where they saw the countries going,” Zweig said. “I can’t imagine that after all this effort, they’re going to let this one thing make a mess of it.” [Source]

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: 2013 california summit, Barack Obama, cyberattacks, cybersecurity, Edward Snowden, news media, state media, surveillance, U.S. relations, United States, Xi Jinping
Download Tools to Circumvent the Great Firewall

XI JINPING’S first meeting with President Obama as head of state on June 7th is also the first such summit to feature prominently the issue of alleged Chinese cyber-attacks on American companies and interests. It has taken a long time for the issue to take centre stage in diplomatic relations between the two countries. After years of ineffectual and perhaps overly discreet grumbling about Chinese hacking, American officials are finally forcing the issue.

[...]Chinese officials have at least agreed to talk about the issue. John Kerry, the American secretary of state, said in Beijing in April that the two sides would establish a working group on cyber-security. But it will be hard for Americans to discuss hacking productively with their counterparts. China goes by what three American authors in a new book, “Chinese Industrial Espionage”, call a philosophy of “admit nothing and deny everything”.

Hacking has in the past six months moved to “the top of the list” for business executives’ meetings with Chinese officials, says James McGregor of APCO Worldwide, a consultancy. And also, it appears, for Mr Obama’s meeting with Mr Xi. Putting the issue at the top of Mr Xi’s list will apparently take more doing. [Source]

NBC News reports that campaign officials have recently acknowledged Chinese state-sponsored hacking against the 2008 presidential campaigns of Barack Obama and John McCain. The editors at Bloomberg compiled a list of issues where they view diplomatic progress as crucial to dispel what the Brookings Institute has labeled “strategic distrust.” Cybersecurity is included, as well as:

North Korea: Xi has criticized Kim Jong Un’s nuclear antics, with China showing new willingness to enforce sanctions. Yet the U.S. and China see the future of the Korean peninsula very differently. What the two sides need is a sustained high-level dialogue about how they would respond to a humanitarian emergency, sudden collapse or other contingencies.

Regional tensions: China has become embroiled in territorial spats with many of its maritime neighbors. Without weighing in on individual claims, Obama needs to convey that the U.S. will stand by its treaty commitments to its allies. China, for its part, would be wise to focus on agreements to develop resources and settle disputes instead of lectures about sovereignty. The U.S. could help promote the success of that approach by — dare we repeat it — ratifying the Law of the Sea Convention, which provides a framework for resolving such disputes.

Economic relations: With China slowing and the U.S. growing, tensions are at a relative ebb. The yuan has appreciated by 10 percent since Obama took office, and the trade deficit with China has fallen. That could change if the U.S. economy’s demand for imports grows. Obama needs to avoid fanning protectionist flames. As recent U.S. solar tariffs on China show, such strategies are of dubious benefit. He also needs to stress to Xi that Chinese failure to live up to economic agreements will create a poor climate for more high-profile investments such as the $4.7 billion purchase of Smithfield Foods Inc. Xi, meanwhile, would benefit by prioritizing planned structural reforms that also improve market access for U.S. and other foreign companies. [Source]

Another article from the Economist looks at the many reasons for mutual anxiety in U.S.-China relations, and the need for cooperation to begin characterizing the “century’s most important bilateral relationship”:

There are plenty of good reasons for America to be nervous about the rise of a new economic giant and to be angry about cyber-attacks, obstructionism over Syria or the regime’s brutality towards its own citizens. There are also plenty of reasons for China to be annoyed with America: Americans have been too willing to demonise successful Chinese companies such as Huawei or CNOOC. But the lesson of history is that everybody loses if the world allows legitimate worries to get out of hand. More than 2,000 years ago Greece was torn apart by Sparta’s failure to manage the rise of Athens. A hundred years ago Europe was torn apart by its failure to manage the rise of Germany. If the 21st century is to be more peaceful than the 20th, America and China must learn to co-operate better. [Source]

In a New Yorker blogpost, John Cassidy further examines the 20th-century Germany/21st-century China analogy:

The analogy between twentieth-century Germany and twenty-first-century China isn’t perfect, of course, and neither is the comparison of the British Empire to Pax Americana. But the likenesses are close enough to be discomforting, especially as President Obama and Chinese President Xi Jinping meet for a two-day summit in Southern California that begins on Friday. (Evan Osnos has more on the summit.) Like Wilhemine Germany, China combines a vibrant economy with an authoritarian political system. Its culture has nationalistic elements, and, partly through the vigorous pursuit of economic relationships, it is expanding its influence around the world. [Source]

Accusations of financial fraud have long been hurled at Chinese firms listed on U.S. exchanges, and an unwillingness on the part of China’s financial regulators to assist the U.S. with probes seemed to have recently been breached with the signing of a memorandum last month. But, a U.S. senator isn’t convinced that the new memo goes far enough, and is pressing the Obama administration to raise the issue in California. From the Wall Street Journal:

Sen. Charles Schumer (D., N.Y.) in a letter sent Thursday to Treasury Secretary Jacob Lew urged the administration to “ensure this issue receives serious consideration” during an upcoming U.S.-China summit, slated to begin Friday.

In the letter, which was reviewed by The Wall Street Journal, Sen. Schumer said China should allow U.S. inspectors to examine Chinese auditing firms that audit companies trading on U.S. markets and should grant U.S. regulators access to audit information of China-based companies suspected of fraud.

Those moves are needed to protect U.S. investors, Mr. Schumer said. “It is in the interests of both U.S. financial markets and Chinese companies seeking to raise money here that investors know they can trust the financial statements of those companies,” he said in the letter. [Source]

Other U.S. lawmakers and activists are putting pressure on President Obama to bring up human rights issues at Sunnylands. Reuters reports:

U.S. lawmakers and 30 human rights groups on Thursday urged President Barack Obama to use a weekend summit with Chinese President Xi Jinping to press for the freedom of 16 prominent political and religious prisoners.

The “China 16″ include imprisoned Nobel Peace laureate Liu Xiaobo, rights lawyer Gao Zhisheng and political prisoners from the Tibetan and Uighur ethnic minorities, Christians and followers of the banned Falun Gong spiritual movement.

[...]The 30 rights groups include Amnesty International, Jubilee Campaign and the International Campaign for Tibet and are backed by Democratic and Republican lawmakers. They called on Obama to restore human rights as a central issue in U.S.-China relations – as it had been in the first two decades after diplomatic ties were established in 1979. [Source]

In what has been described as an “apparent goodwill gesture by Beijing,” China issued passports to relatives of Chinese activist Chen Guangcheng in the immediate lead-up to the summit.

While Isaac Stone Fish warns not to expect too much from the upcoming summit in a piece for Foreign Policy, the Global Times is expecting the meeting to be a “milestone” in Sino-U.S. ties. As we wait to see what transpires in the California desert, ChinaFile asked seasoned China-watching journalists and ambassadors to craft the joint Xi-Obama statement that would close out their ideal of this weekend’s summit (click through to read the four entries and vote on your favorite).

For prior posts and to see how the Sunnylands meeting unfolds, stay tuned to CDT’s coverage of the 2013 California Summit.

© josh rudolph for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: 2013 california summit, Barack Obama, cyberattacks, cyberespionage, cybersecurity, diplomacy, financial fraud, human rights conditions, U.S. relations, Xi Jinping
Download Tools to Circumvent the Great Firewall

The New York Times reports on just how pervasive hacking is in Chinese society, and on the many free-agents who contract their hacking skills for corporate, official, and illicit projects (and often, all of the above). While joint operations between military and academic institutions are covered to describe China’s “complex universe of hacking and cybersecurity,” the Times also quotes a former hacker, who explains that western assertions of state-sponsored hacking may be misinformed:

The culture of hacking in China is not confined to top-secret military compounds where hackers carry out orders to pilfer data from foreign governments and corporations. Hacking thrives across official, corporate and criminal worlds. Whether it is used to break into private networks, track online dissent back to its source or steal trade secrets, hacking is openly discussed and even promoted at trade shows, inside university classrooms and on Internet forums.

[...]Corporations employ freelance hackers to spy on competitors. In an interview, a former hacker confirmed recent official news reports that one of China’s largest makers of construction equipment had committed cyberespionage against a rival.

[...]Another former hacker said the monolithic notion of insidious, state-sponsored hacking now discussed in the West was absurd. The presence of the state throughout the economy means hackers often end up doing work for the government at some point, even if it is through something as small-scale as a contract with a local government office.

“I don’t think the West understands,” he said. “China’s government is so big. It’s almost impossible to not have any crossover with the government.”

[...]“In China, everyone is struggling to feed themselves, so why should they consider values and those kinds of luxuries?” the former hacker said. “They work for one thing, and that’s for money.” [Source]

At his Washington Post blog, Max Fisher also reports on the legions of freelance Chinese hackers, focusing on the damage they are wreaking upon China’s economy:

A year of stunning revelations has made many Americans aware that Chinese hackers, some of them believed to be associated with the country’s military, have infiltrated just about every powerful institution in the District, from federal agencies to think tanks to, yes, media organizations. But less well-known are the freelance and industrial hackers operating within China, where they’re estimated to have caused $873 million in damage to Chinese economy in 2011 alone. [Source]

For more on cyber espionage, hacking, and China’s “patriotic geeks,” see prior CDT coverage.

© josh rudolph for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: cyberattacks, cyberespionage, cybersecurity, hackers, hacking, People's Liberation Army, PLA
Download Tools to Circumvent the Great Firewall

While some recent estimates have more than 90 percent of cyberespionage in the United States originating in China, the accusations relayed in the Pentagon’s annual report to Congress on Chinese military capabilities were remarkable in their directness. Until now the administration avoided directly accusing both the Chinese government and the People’s Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.

“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the nearly 100-page report said.

The report, released Monday, described China’s primary goal as stealing industrial technology, but said many intrusions also seemed aimed at obtaining insights into American policy makers’ thinking. It warned that the same information-gathering could easily be used for “building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”

It was unclear why the administration chose the Pentagon report to make assertions that it has long declined to make at the White House. A White House official declined to say at what level the report was cleared. A senior defense official said “this was a thoroughly coordinated report,” but did not elaborate.

In a blog post for Council on Foreign Relations, Adam Segal lists three interesting points from the report, all relating to the cyberattack accusations. In his final point, he is not optimistic about prospects for reconciliation between China and the U.S. on this issue:

[..D]espite the announcement of a U.S.-China working group on cybersecurity during Secretary of State John Kerry’s visit to China, and General Fang Fenghui’s declaration that China was willing to set up a cyberserurity “mechanism” during a meeting with chairman of the Joint Chiefs of Staff, General Martin E. Dempsey, the report does not give much reason for optimism that the two sides will find common ground on the rules of the road. For the first time, the report calls China out for playing a “disruptive role in multilateral efforts to establish transparency and confidence building measures in international fora such as the Organization for Security and Cooperation in Europe, Association of Southeast Asian Nations Regional Forum, and the United Nations Group of Governmental Experts.”

Indeed, for its part, the Chinese government reacted angrily to the report, calling the accusations “groundless.” From the Los Angeles Times:

Responding to the Pentagon’s annual report on China’s military, released a day earlier, a Foreign Ministry spokeswoman insisted that Beijing was “strongly against any form of hacking activities,” and said China was willing to start a “rational and constructive dialog” with the United States on Internet security issues.

“This kind of baseless accusations and endless finger-pointing would only hurt the efforts and environment for such a dialog,” said the spokeswoman, Hua Chunying.

Beijing’s stiff reaction was expected as it has repeatedly denied charges of cyber-espionage, which has become a growing concern in Washington. U.S. officials have recently stepped up complaints about Chinese cyber-warfare as more large-scale hacking attacks have been traced to China.

Yet some observers warned that by focusing all attention in the cyberbattle on China, the U.S. government may risk missing other important developments. And while the cyber accusations got the lion’s share of press attention, the Wall Street Journal points out that a number of other interesting revelations came to light in the report:

Perhaps the DoD report’s single greatest advancement of public knowledge concerns China’s nuclear submarine programs. It states that China’s three already-operational Type 094 Jin-class nuclear-powered ballistic missile submarines (SSBNs) may be joined by “as many as two more in various stages of construction.” The Type 094, the report says, “will give the PLA Navy its first credible sea-based nuclear deterrent” once its JL-2 – a submarine-launched ballistic missile with a range in excess of 7,400 km – is deployed effectively. “After a round of successful testing in 2012, the JL-2 appears ready to reach initial operational capability in 2013,” DoD asserts. “JIN-class SSBNs based at Hainan Island in the South China Sea would then be able to conduct nuclear deterrence patrols.”

Meanwhile, China’s two already-deployed Type 093 Shang-class nuclear-powered attack submarines will be joined by four improved variants under construction, according to the report. Within 10 years, the DoD projects, “China will likely construct the Type 095 guided-missile attack submarine, which may enable a submarine-based land-attack capability.” The Type 095 will “likely incorporat[e] better quieting technologies” and “fulfill traditional anti-ship roles with the incorporation of torpedoes and anti-ship cruise missiles.” As for conventional attack submarines, DoD states that the Yuan-class (Type 039A), of which China may build as many as twenty, “includes an air-independent power system.”

© Sophie Beach for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: cyberattacks, cyberespionage, hacking, Mandiant, pentagon, People's Liberation Army, U.S. relations
Download Tools to Circumvent the Great Firewall

With the Internet so difficult to control, the U.S. and China must boost coordination to shore up cybersecurity, Fang Fenghui, chairman of the People’s Liberation Army General Staff, said with Martin Dempsey yesterday. The U.S. is committed to a “better, deeper, more enduring relationship” with China, Dempsey said.

Ties between the U.S. and China have been strained by allegations by U.S. security company Mandiant Corp. that China’s army may be behind cyberattacks on companies worldwide. Dempsey is on a visit to China to seek closer dialogue with China’s military, discuss North Korea’s nuclear program and ease Chinese concerns over the Obama administration’s strategic pivot to the Asia-Pacific.

“If Internet security cannot be controlled, it’s not an exaggeration to say the effects could be no less than a nuclear bomb,” Fang said at the briefing with Dempsey.“The Internet is open to everyone and attacks can be launched from anywhere.”

The meeting marked the highest-level military talks between China and the U.S. in two years, reports Jane Perlez of The New York Times, and comes as The White House has made more direct statements about cyber security in recent weeks. The U.S. has demanded that China crack down on hacking and start negotiating rules for proper behavior in cyberspace, and new secretary of state John Kerry’s brought up cyber security during his recent visit to China. The Wall Street Journal reported yesterday that the Obama administration is weighing several options, including trade sanctions and even the indictment of Chinese nationals in U.S. courts, to more aggressively confront China over the issue. But China has denied the allegations by Mandiant and accused America of perpetrating cyber attacks as well.

Last week, Foreign Policy’s Jason Healey wrote that “there is a nugget of truth” in China’s claims that it has been the subject of U.S.-based hacking:

The Chinese press has reported that the websites of 85 public institutions and companies were “hacked” between September 2012 and March 2013, with 39 of those attacks traced back to the United States. During a similar period, Chinese authorities noted that there had been some 5,800 hacking attempts from U.S. IP addresses and that U.S.-based servers had hosted 73 percent of the phishing attacks against Chinese customers. Of the 6,747 computers controlling nearly 2 million botnets in China — the ones the Chinese spokesman told FT about — 2,194 were in the United States, “making it the largest point of origin of cyber attacks against China,” according to Xinhua.

Perhaps oddly for Chinese statistics, these actually stand up to scrutiny: American cyberspace is one of the least secure online realms. The United States does indeed top the list of botnet controllers with 40 percent of the total tracked by cybersecurity giant McAfee; Russia accounted for 8 percent and China 3 percent. Other measurements show these nations grouped closer together, but the United States is clearly a leading source of attacks. For example, Akamai, one of the world’s largest content-delivery networks, has observed that 13 percent of global attack traffic originated from the United States, though 33 percent came from China. Russia has the most malicious severs, with the United States ranking sixth; China doesn’t make the top 10, according to HostExploit’s latest quarterly report. After years of stories about U.S. military and intelligence cyber-capabilities, international audiences might see these statistics and agree with China that it is the Americans who are the troublemakers — after all, they were the ones behind Stuxnet.

…

Yet U.S. cyber-operations are extremely different from their Chinese equivalents and cannot be compared in the way the Chinese suggest. When the U.S. military or intelligence community conducts cyber-operations, they are quiet, coordinated, exceptionally well targeted, and under the strict control of senior officers and government executives. Lawyers review every stage. Even Stuxnet, though it was a breathtakingly sophisticated and brazen attack, was so tightly controlled that, when it escaped its target network, it caused no disruption. The White House keeps a close hold on cyber-operations through senior executives, generals, and political appointees throughout the bureaucracy.

Chinese espionage, by comparison, is under no such control. As in other areas of Chinese society, the People’s Liberation Army and state-owned enterprises are subject to little oversight and feel little need to coordinate their actions. Recently, one colleague that works for a specialized incident-response firm reported finding as many as seven different Chinese espionage groups operating in the same network, all sending information back to different masters. Few, if any, senior party officials care to rein in activities helping domestic companies (and probably lining their own pockets) by stealing foreign intellectual property.

The Diplomat’s Trefor Moss worries that “cyberspace may become the venue for a new Cold War for the Internet generation” as China, the United States and others continue to test the undefined boundaries of the Internet:

Cyberspace matters. We know this because governments and militaries around the world are scrambling to control the digital space even as they slash defense spending in other areas, rapidly building up cyber forces with which to defend their own virtual territories and attack those of their rivals.

But we do not yet know how much cyberspace matters, at least in security terms. Is it merely warfare’s new periphery, the theatre for a 21^st century Cold War that will be waged unseen, and with practically no real-world consequences? Or is it emerging as the most important battle-space of the information age, the critical domain in which future wars will be won and lost?

For the time being, some states appear quite content to err on the side of boldness when it comes to cyber. This brazen approach to cyber operations – repeated attacks followed by often flimsy denials – almost suggests a view of cyberspace as a parallel universe in which actions do not carry real-world consequences. This would be a risky assumption. The victims of cyber attacks are becoming increasingly sensitive about what they perceive as acts of aggression, and are growing more inclined to retaliate, either legally, virtually, or perhaps even kinetically.

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: Barack Obama, Cold War, cyberattacks, cyberespionage, cybersecurity, john kerry, Mandiant, netizens, sanctions, U.S. relations
Download Tools to Circumvent the Great Firewall

“The national security of the United States is critical, but it must not be used as a means of protectionism,” John Frisbie, the group’s president, said in a letter urging leaders in the Senate and the House of Representatives to block similar measures in the future.

“Product security is a function of how a product is made, used, and maintained, rather than by whom or where it is made. Imposing a country-specific risk assessment creates a false sense of security if the goal is to improve our nation’s cybersecurity,” Frisbie said.

…

The measure requires the NASA space agency, the Justice and Commerce departments and the National Science Foundation to get approval from law enforcement officials when buying new information technology systems, with a particular focus on whether the systems are “produced, manufactured or assembled by one or more entities that are owned, directed or subsidized” by China.

The letter comes after the U.S. Chamber of Commerce and a number of technology trade groups wrote Congress asking that future spending legislation not include a similar measure, which was aimed at preventing cyber attacks. A February report by security firm Mandiant identified a unit of the People’s Liberation Army (PLA) that had allegedly stolen large quantities of sensitive data from U.S. companies and government organizations since 2006, but the Chinese government has responded by accusing America of perpetrating cyber attacks against China as well. Faculty members at Shanghai Jiaotong University have also been linked to the PLA’s hacking unit via several co-authored papers.

Last month, the White House demanded that China crack down on hacking and start negotiating rules for proper behavior in cyberspace. And at the China Internet Industry Forum in Beijing on Tuesday, which was also attended by Chinese government representatives, senior U.S. officials continued to urge China to cease its cyber attacks and curb Internet censorship. From William Wan of The Washington Post:

Chinese officials stuck mostly to previous boilerplate responses to such accusations: China is in the early stages of its development; far from perpetrating cyberattacks, China is among the most frequent targets; andChina opposes the actions of rogue hackers.

One Chinese official, however, went on the offensive.

“Recently some people have cooked up this theory of a Chinese cybersecurity threat,” said Qian Xiaoqian, vice minister of China’s State Council Information Office. “It is a variation on the popular theory of a rising China threat.”

China has long opposed hacking, he said, and thinks “we shouldn’t militarize the cyberspace and attack other countries in violation of laws and regulations and also in violation of moral standards.”

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: Beijing, cyberattacks, cyberespionage, cybersecurity, U.S. relations
Download Tools to Circumvent the Great Firewall

While the publicity given to China’s alleged hacking of U.S. companies has put the spotlight on the issue, Mr. Cohen said in an interview, it’s now time for private negotiations between the U.S. and China. “If you continue to simply shout in public, we’re likely to get a negative reaction” from Beijing, he said

At issue, he added, is drafting “rules of the road and rules of engagement” concerning cyber activity, particularly what “threshold” of cyber activity should prompt a home government to crack down on perpetrators. “What level of activity can be tolerated by any country?” Mr. Cohen asked.

[…] The former defense secretary, who now runs a consulting firm [with some dealings in China], said multilateral negotiations on cybersecurity could play a role, but could take years to yield results. The U.S. needs to figure out before then “how to take measures to suppress activity that threatens our industry and critical infrastructure,” he said.

“My hope,” he added, “is that we can undertake this process in a fashion that prevents megaphone diplomacy from taking root and the adverse consequences that can flow from it.”

Such consequences might ultimately include self-fulfilling prophecies of cyberconflict. From Kim Zetter at Wired:

Referring to [the] announcement by the U.S. director of national intelligence that cyberattacks were the biggest threat the nation faced, Martin Libicki, senior management scientist at the RAND Corporation, told the House Homeland Security Committee that making strong statements about cyberattacks “tends to compel the United States to respond vigorously should any such cyberattack occur, or even merely when the possible precursors to a potential cyberattack have been identified. Having created a demand among the public to do something, the government is then committed to doing something even when doing little or nothing is called for.”

Put in perspective, cyber attacks might disrupt life, but they cannot be used to occupy another nation’s capital or force regime change. No one has yet died from a cyberattack either, he noted. Therefore, a cyberattack in and of itself, “does not demand an immediate response to safeguard national security,” Libicki said during a hearing on cyberthreats against critical infrastructure from China, Russia and Iran.

[…] “[W]e are right to be worried about a ’9/11 in cyberspace,’ but we also ought to worry about what a ’9/12 in cyberspace’ would look like,” he said.

Security guru Bruce Schneier has also struck a note of caution about the tone of rhetoric on cybersecurity:

Our nationalist worries have recently been fueled by a media frenzy surrounding attacks from China. These attacks aren’t new-cyber-security experts have been writing about them for at least a decade, and the popular media reported about similar attacks in 2009 and again in 2010-and the current allegations aren’t even very different than what came before. This isn’t to say that the Chinese attacks aren’t serious. The country’s espionage campaign is sophisticated, and ongoing. And because they’re in the news, people are understandably worried about them.

[…] Unfortunately, both the reality and the rhetoric play right into the hands of the military and corporate interests that are behind the cyberwar arms race in the first place. There is an enormous amount of power at stake here: not only power within governments and militaries, but power and profit amongst the corporations that supply the tools and infrastructure for cyber-attack and cyber-defense. The more we believe we are “at war” and believe the jingoistic rhetoric, the more willing we are to give up our privacy, freedoms, and control over how the Internet is run.

Nationalism is rife on the Internet, and it’s getting worse. We need to damp down the rhetoric and-more importantly-stop believing the propaganda from those who profit from this Internet nationalism. Those who are beating the drums of cyberwar don’t have the best interests of society, or the Internet, at heart.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | 2 comments | Add to del.icio.us
Post tags: cyberattacks, cybersecurity, cyberwar, diplomacy, hackers, hacking, United States
Download Tools to Circumvent the Great Firewall

Original post: South Korean authorities have revealed that malware used in a major cyberattack against Korean banks and broadcasters has been traced to an IP address in China. (For a detailed description of the attack, see Sean Gallagher’s account at Ars Technica.) The attack came amid North Korean threats of “catastrophic” retaliation if the U.S. persisted in flying B-52 bombers over the peninsula, however, and Pyongyang is widely regarded as the chief suspect. From Choe Sang-hun at The New York Times:

The Korea Communications Commission said Thursday that the disruption originated at an Internet provider address in China but that it was still not known who was responsible.

Many analysts in Seoul suspect that North Korean hackers honed their skills in China and were operating there. At a hacking conference here last year, Michael Sutton, the head of threat research at Zscaler, a security company, said a handful of hackers from China “were clearly very skilled, knowledgeable and were in touch with their counterparts and familiar with the scene in North Korea.”

But there has never been any evidence to back up some analysts’ speculation that they were collaborating with their Chinese counterparts. “I’ve never seen any real evidence that points to any exchanges between China and North Korea, ” said Adam Segal, a senior fellow who specializes in China and cyberconflict at the Council on Foreign Relations.

From Bloomberg News:

“Discovering that the code was from China makes it more likely that the attack was from North Korea, because a lot of North Korean hackers operate there,” said Ryou Jae Cheol, a professor of computer engineering and securities at Chungnam National University. “Who else would be making this kind of attack at this scale and timing other than North Korea?”

[…] “It’s highly probable that North Korea used Chinese IPs for the attacks,” said Lim Jong In, dean of Korea University’s Graduate School of Information Security. “These are sentimental attacks, aimed at spreading confusion to the whole society by paralyzing media and financial institutions. But it will take some time to exactly track who’s behind this as China is unlikely to actively cooperate.”

At Reuters, Ju-min Park described the difficulty of assessing North Korea’s cyberwarfare capabilities:

Jang Se-yul, a former North Korean soldier who went to a military college in Pyongyang to groom hackers and who defected to the South in 2008, estimates the North has some 3,000 troops including 600 professional hackers in its cyber unit.

[…] The North’s professional “cyber-warriors” enjoy perks such as luxury apartments for their role in what Pyongyang has defined as a new front in its “war” against the South, Jang told Reuters.

[…] “North Korea can’t invest in fighter jets or warships, but they have put all their resources into raising hackers. Qualified talent matters to cyber warfare, not technology,” said Lee Dong-hoon, an information security expert at Korea University in Seoul.

© Samuel Wade for China Digital Times (CDT), 2013. | Permalink | 3 comments | Add to del.icio.us
Post tags: cyberattacks, cyberwar, hackers, hacking, North Korea, south korea, United States
Download Tools to Circumvent the Great Firewall

The White House, Mr. Donilon said, is seeking three things from Beijing: public recognition of the urgency of the problem; a commitment to crack down on hackers in China; and an agreement to take part in a dialogue to establish global standards.

“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,” Mr. Donilon said in a wide-ranging address to the Asia Society in New York.

“The international community,” he added, “cannot tolerate such activity from any country.”

Cyber security analysts in the U.S. claimed in 2011 that they sourced a bulk of China-based cyber attacks against America to about a dozen groups backed or directed by the Chinese government, and a report last month by security firm Mandiant identified a unit of the People’s Liberation Army that had allegedly stolen large quantities of sensitive data from U.S. companies and government organizations since 2006. And while Chinese netizens have called out evidence from the web to support Mandiant’s claims, the Chinese government has responded by accusing America of perpetrating cyber attacks against China as well.

The issue could become more sensitive for the Obama administration, according to Geoff Dyer and Shannon Bond at the Financial Times, as it wants to prove it can act tough against China but doesn’t want cyber security to dominate Sino-U.S. relations. The Wall Street Journal had more on Donilon’s comments:

White House spokeswoman Caitlin Hayden said Mr. Donilon raised the cybersecurity issue in his remarks to highlight the priority it has taken in talks with the Chinese government. He sought to provide “a constructive way forward,” Ms. Hayden said, adding, “given the increased media attention, our growing concerns, and the fact that cyber has become a priority topic in our discussions with the Chinese, it made sense to include it in a speech that is intended to highlight our priorities.”

The White House criticism of China Monday followed a highly orchestrated administration rollout recently of a cybersecurity campaign, which included an executive order to bolster the protections for computer networks running critical infrastructure like the electric grid.

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: Barack Obama, cyberattacks, cyberespionage, cybersecurity, Mandiant, netizens, Tom Donilon, U.S. relations, Yang Jiechi
Download Tools to Circumvent the Great Firewall

“The Defense Ministry and China Military Online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years,” said ministry spokesman Geng Yansheng.

“According to the IP addresses, the Defense Ministry and China Military Online websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the U.S. accounted for 62.9 percent,” he said.

The comments were made at a monthly news conference, which foreign reporters are not allowed to attend, and posted on the ministry’s website.

Geng said he had noted reports that the United States planned to expand its cyber-warfare capability but that they were unhelpful to increasing international cooperation towards fighting hacking.

“We hope that the U.S. side can explain and clarify this.”

Geng also criticized the Mandiant Report, calling it “unprofessional and not in accordance with the facts,” though cyber security professionals interviewed by the Associated Press praised it for painting a detailed picture of China’s state-sponsored cyber espionage program. He denied that China engaged in cyber warfare, according to Xinhua News, claiming that the Chinese military conducts drills to safeguard against cyber attacks rather than conduct their own.

The Financial Times had more on China’s accusations:

CNCERT, a cyber-security institution under China’s Ministry for Industry and Information Technology, said more than 14m computers in China were hijacked and controlled from foreign IP addresses last year, and more than 10m of those infiltrated machines were under control from IP addresses located in the US. The institution listed South Korea and Germany as second- and third-ranking countries of origin for attackers on Chinese computers.

In response to questions, CNCERT said it was unable to identify either victims or attackers.

Huawei, the Chinese company which is the world’s second-largest vendor of telecom networking equipment, said it was also under constant attack. John Suffolk, the company’s chief security officer, estimated that Huawei is attacked about 10,000 times a week.

The National Journal’s Brian Fung writes that it’s naive to assume that the US isn’t snooping back, but he also pokes holes in China’s claims:

It’s obviously impossible to know whether Beijing is being honest about those figures. But if this is their way of accusing the United States of doing the same thing that they are — and that everyone should quit complaining — it’s a pretty weak defense. Even if we take their figures at face value (more on that next), there’s a big difference between knocking a website offline and penetrating a corporate network undetected so that you can steal trade secrets. The former involves very low stakes; anyone can do it, and the payoff is insignificant. Espionage and intelligence-gathering is all about the latter.

Sixty-three percent of China’s website hacks were traced back to the United States. But, just as it’s very difficult to prove with 100 percent certainty that recent cyberspying on American firms was the work of Chinese hackers and not, say, Russian or North Korean hackers routing their work through China, it’s equally hard to prove that the American government was responsible for the hacks going in the other direction. This is what’s called the attribution problem: All the circumstantial evidence points you to one culprit, but you can never know if you’ve fingered the right actor for sure. If the United States is retaliating against China with hacks of its own, website vandalism should be the least of Beijing’s complaints.

Meanwhile, Foreign Policy’s Dan Blumenthal writes that it’s time for the US government to go on the diplomatic, security and legal offensive to make China pay for militarizing cyberspace:

The U.S. military’s cyber-efforts presumably already include it own probes, penetrations, and demonstrations of capability. While the leaks claiming the U.S. government’s involvement in the Stuxnet operation — the computer worm that disabled centrifuges in the Iranian nuclear program — may have damaged U.S. national security, at least China knows that Washington is quite capable of carrying out strategic cyberattacks. To enhance deterrence, the U.S. government needs to demonstrate these sorts of capabilities more regularly, perhaps through cyber-exercises modeled after military exercises. For example, the U.S. military could set up an allied public training exercise in which it conducted cyberattacks against a “Country X” to disable its military infrastructure such as radars, satellites, and computer-based command-and-control systems.

To use the tools at America’s disposal in the fight for cybersecurity will require a high degree of interagency coordination, a much-maligned process. But Washington has made all the levers of power work together previously. The successful use of unified legal, law enforcement, financial, intelligence, and military deterrence against the Kim regime of North Korea during a short period of George W. Bush’s administration met the strategic goals of imposing serious costs on a dangerous government. China is not North Korea — it is far more responsible and less totalitarian. But America must target those acting irresponsibly in cyberspace. By taking the offensive, the United States can start to impose, rather than simply incur, costs in this element of strategic competition with China. Sitting by idly, however, presents a much greater likelihood that China’s dangerous cyberstrategy could spark a wider conflict.

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | No comment | Add to del.icio.us
Post tags: cyberattacks, cyberespionage, cybersecurity, Mandiant, Ministry of Foreign Affairs, U.S. relations
Download Tools to Circumvent the Great Firewall

When downloaded, the tainted versions would allow hackers to remotely control infected computers after users attempted to read the report which was released last week by U.S. IT security vendor, Mandiant.

A blog post by Symantec said hackers used the report as “bait”, embedding a malware called, Trojan.Pidief, into fake reports which displayed a blank PDF document when opened. Unbeknownst to users, the tainted report would trigger the exploit code for Adobe Acrobat and Reader Remote Code Execution Vulnerability.

Symantec highlighted an e-mail in Japanese purported to be from someone in the media industry which contained a PDF attachment of the fake Mandiant report.

Cybersecurity has become a wedge in Sino-U.S. relations in recent years, and lately the two sides have traded accusations of hacking. The New York Times’ David Sanger reported earlier this week that the Obama administration is more willing than ever to call out the Chinese directly over the hacking issue:

Defining “enemies” in this case is not always an easy task. China is not an outright foe of the United States, the way the Soviet Union once was; rather, China is both an economic competitor and a crucial supplier and customer. The two countries traded $425 billion in goods last year, and China remains, despite many diplomatic tensions, a critical financier of American debt. As Hillary Rodham Clinton put it to Australia’s prime minister in 2009 on her way to visit China for the first time as secretary of state, “How do you deal toughly with your banker?”

In the case of the evidence that the People’s Liberation Army is probably the force behind “Comment Crew,” the biggest of roughly 20 hacking groups that American intelligence agencies follow, the answer is that the United States is being highly circumspect. Administration officials were perfectly happy to have Mandiant, a private security firm, issue the report tracing the cyberattacks to the door of China’s cybercommand; American officials said privately that they had no problems with Mandiant’s conclusions, but they did not want to say so on the record.

…

In the next few months, American officials say, there will be many private warnings delivered by Washington to Chinese leaders, including Xi Jinping, who will soon assume China’s presidency. Both Tom Donilon, the national security adviser, and Mrs. Clinton’s successor, John Kerry, have trips to China in the offing. Those private conversations are expected to make a case that the sheer size and sophistication of the attacks over the past few years threaten to erode support for China among the country’s biggest allies in Washington, the American business community.

“America’s biggest global firms have been ballast in the relationship” with China, said Kurt M. Campbell, who recently resigned as assistant secretary of state for East Asia to start a consulting firm, the Asia Group, to manage the prickly commercial relationships. “And now they are the ones telling the Chinese that these pernicious attacks are undermining what has been built up over decades.”

Meanwhile, Ezra Klein of the Washington Post reports that Chinese hackers may be wrong to focus on the U.S. capital as much as they do:

The Chinese look at Washington, and they think there must be some document somewhere, some flowchart saved on a computer in the basement of some think tank, that lays it all out. Because in China, there would be. In China, someone would be in charge. There would be a plan somewhere. It would probably last for many years. It would be at least partially followed. But that’s not how it works in Washington.

What the Chinese hackers are looking for is the great myth of Washington, what I call the myth of scheming. You see it all over. If you’ve been watching the series “House of Cards” on Netflix, it’s all about the myth of scheming. Things happen because the Rep. Frank Underwood has planned for them to happen. And when they don’t happen, it’s because someone has counterplanned against him.

…

I almost feel bad for the Chinese hackers. Imagine the junior analysts tasked with picking through the terabytes of e-mails from every low-rent think tank in Washington, trying to figure out what matters and what doesn’t, trying to make everything fit a pattern. Imagine all the spurious connections they’re drawing, all the fundraising bluster they’re taking as fact, all the black humor they’re reading as straight description, all the mundane organizational chatter they’re reading.

They’re missing our real strength, the real reason Washington fails day-to-day but has worked over years: It’s because we don’t stick too rigidly to plans or rely on some grand design. That way, when it all falls apart, as it always does and always will, we’re okay.

© Scott Greene for China Digital Times (CDT), 2013. | Permalink | One comment | Add to del.icio.us
Post tags: Barack Obama, cyberattacks, cyberespionage, cybersecurity, hackers, hacking, Mandiant, People's Liberation Army, PLA, Washington
Download Tools to Circumvent the Great Firewall