Staff members use computers at a press center in Beijing. Security experts say hacking of U.S. computers from China is becoming an increasing problem.
Staff members use computers at a press center in Beijing. Security experts say hacking of U.S. computers from China is becoming an increasing problem. Greg Baker/AP
American officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names.
In the last few months, that has changed. China is now officially one of the cyber bad guys and probably the worst.
"We know, and there's good evidence ... of very deliberate, focused cyber-espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage," says Mike McConnell, a former director of national intelligence and before that, the director of the National Security Agency.
It's the Chinese he's talking about, though other countries — like Russia — also engage in cyber-espionage to gain a competitive edge. China stands out as especially aggressive.
"China does not care what other people think," says Richard Bejtlich, the chief security officer at MANDIANT, a company that helps firms deal with cyber-intrusions.
"Culturally, they are very interested in being seen as responsible, but when it comes to their actual work on the ground, if you try kicking them out of your network on a Friday, they're back on a Monday," he says.
The increased willingness of the U.S. government to point a finger at the Chinese dates from an official report released last October that identified them "as the world's most active and persistent perpetrators of economic espionage."
McConnell says that report gave him a green light to say publicly what he'd long been saying privately about China's cyberspying.
"For those of us who made the argument that we needed something to use as justification for revealing these insights, that sort of unleashed us to do that," he says.
Last month, McConnell co-authored an op-ed column in the Wall Street Journal, along with recently retired Deputy Defense Secretary William Lynn and former Secretary of Homeland Security Michael Chertoff, titled: China's Cyber Thievery Is National Policy — And Must Be Challenged.
One reason they were anxious to publicize China's cyber-espionage was to counter those who claimed there was little concrete evidence to link the Chinese definitively to major hacking activity.
One problem in cyber-espionage investigation is that it can be almost impossible to trace a computer intrusion back to its source. MANDIANT'S Bejtlich says any good cybersleuth pays little heed to IP addresses. He says he can identify Chinese hackers just by the way they work.
"They have quirks, maybe even they way that they type, the way that they select commands [and] the way that they build their software," he says. "There's probably 20 or more characteristics you can use, none of which involve an IP address."
The signs pointing to China as the prime cyber-espionage culprit in the world today have accumulated over years, Bejtlich says, to the point where there is virtually no doubt about who exactly is responsible.
"In our government, there are people who know exactly who these guys are," he says. "I've seen pictures of office buildings; there are pictures of individuals."
As the country's top spy, McConnell saw the best intelligence on cyber-espionage. He won't talk about any pictures the government has, but he has no qualms about pointing to China as the top U.S. problem.
"We know a great deal about how the attacks are generated and where they come from," McConnell says.
McConnell says that clear understanding of the problem is one of the reasons he and his colleagues were adamant about making as much of this information public as they could. He says they want people to understand that cybertheft is real, that it's getting worse, and that it's important to hold China particularly responsible.
Chinese officials have heard this complaint often. Their customary response is that they, too, have been victims of cyberthievery and do not condone it.