Although politicians and security consultants in the US have for years accused the Chinese government of hacking and cyberespionage, they’ve presented little concrete proof or information to the public about the alleged attacks. On 18 February 2013, the New York Times published a report tying a very active Chinese hacking group to a specific People’s Liberation Army (PLA) unit in Shanghai. The newspaper based its story on a report published by Mandiant, a security firm in Washington DC. The firm was founded by Kevin Mandia, a US Air Force veteran and former computer security officer with the 7th Communications Group at the Pentagon.
The Mandiant report on Chinese hacking was unusually detailed. It tracked individual members of the hacking group, identified their headquarters as a building in Pudong district, Shanghai, that was occupied by PLA Unit 61398. Stating that the group’s attacks targeted mostly corporate and infrastructure computer systems, the report claimed that the hackers had stolen technology blueprints, negotiating strategies and manufacturing processes from more than one hundred companies, mostly American, in a variety of industries. On 27 February, the New York Times published another report saying that ‘Chinese-speaking users and amateur hackers’ had scoured the Internet and found new evidence that ‘while circumstantial, adds to the signs suggesting Chinese military efforts to hack into American corporate computer systems’. The Chinese Foreign Ministry dismissed the accusations in the Mandiant report as ‘groundless’ and lacking ‘hard evidence’.
On 12 March, James Clapper, the Director of US National Intelligence, testified before the Senate Intelligence Committee that cyberattacks have replaced terrorism as the number one threat against the US. Two days later, on 14 March, US President Obama, in an interview with ABC News, said that some, but not all, hacking originating from China was state-sponsored. He also cautioned about the need to avoid ‘war rhetoric’ when discussing cyberattacks.
On 5 May 2013, the Pentagon released its annual report to Congress on Chinese military capabilities. The report described the primary goal of China’s state-affiliated hackers as stealing industrial technology, but said many intrusions also seemed aimed at obtaining insights into the thinking of American policy makers. It warned that the same information gathering could easily be used for ‘building a picture of US network defense networks, logistics, and related military capabilities that could be exploited during a crisis.’
In response, the Chinese Foreign Ministry reiterated that China opposes cyberattacks as well as ‘all groundless accusations and hyping’ that could harm prospects for co-operation. Xinhua News Agency published a report quoting Wang Xinjun, a researcher with the Academy of Military Sciences of the Chinese People’s Liberation Army, who called the Pentagon’s accusations ‘irresponsible … as the Chinese government and armed forces have never sanctioned hacking activities’. Both China and the US are victims of cybercrimes and should work together to tackle the issue, Wang said.
Rally in Hong Kong in support of Edward Snowden, 15 June 2013.
Photo: See-ming Lee 李思明
The diplomatic tit-for-tat took an unexpected turn, however, on 23 June, when the Hong Kong-based South China Morning Post published details of US hacking operations in Hong Kong and mainland China as provided by former National Security Agency (NSA) contractor Edward Snowden. According to the report:
Snowden said that according to unverified documents seen by the Post, the NSA had been hacking computers in Hong Kong and on the mainland since 2009… . ‘We hack network backbones — like huge internet routers, basically — that give us access to the communications of hundreds of thousands of computers without having to hack every single one,’ he said.
The allegations prompted Xinhua News Agency to publish a report accusing the US of playing ‘innocent victim’ while in fact being the ‘biggest villain in our age’.
President Obama tried to differentiate between US and Chinese cyberespionage, saying ‘every country in the world, large and small, engages in intelligence gathering… . [But] a hacker directly connected with the Chinese government … breaking into Apple’s software systems to see if they can obtain the designs for the latest Apple product’ is ‘theft’. Many observers would agree that there is a difference. But to a perhaps equally large number of unsympathetic observers in China, not all of whom write for the People’s Daily, the Snowden affair has undermined the American moral high ground when it comes to hacking and surveillance
