JNN 22 Feb 2013 WASHINGTON : US Internet security experts believe “almost all” powerful institutions in the nation’s capital of Washington have been penetrated by Chinese “cyber-spies” despite persistent denials by China about such activity.
The listing of major Washington institutions allegedly hacked in recent years includes US government agencies, congressional offices, think tanks, law firms, news organizations, contractors, human rights groups, and foreign embassies, The Washington Post reports on Thursday.
The information compromised by such hacking bids, the report insists quoting security experts, “would be enough to map how power is exercised in Washington to a remarkably nuanced degree.”
“I’ve yet to come across a network that hasn’t been breached,” said Shawn Henry, former head of cybersecurity for the FBI and president of CrowdStrike Services, a security company. “It’s like having an invisible man in your room, going through your filing cabinets.”
“The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, one of the most prominent Washington think tanks that has also been hacked in the past, according to the report.
“Law firms, think tanks, newspapers – if there’s something of interest, you should assume you’ve been penetrated,” Lewis emphasized.
Meanwhile, the report adds, the growing wave of cyber-espionage has prompted “diplomatic backlash and talk of action against the Chinese,” who have persistently rejected involvement in such hacking activities while insisting that Beijing remains to be a major target of US-based cyberattacks.
The US is widely regarded as one of the initiators of cyber warfare and is known to have launched cyberattacks on other nations, including the Islamic Republic of Iran.
In a Tuesday report on the unwavering cyberattacks against US institution, The New York Times also pointed to Washington’s cyber operations against other nations, confirming that American “cyberwarriors” have collaborated with the Israeli regime to disrupt Iran’s nuclear energy program by attempting to infect its computer networks with malicious software called Stuxnet.
The daily further states that among the major US media conglomerates allegedly targeted recently by China-based cyber intrusions have been The Wall Street Journal, The New York Times, and itself, The Washington Post.
It further insists that official Washington continues to regard China as the source of the problem, quoting Republican Chairman of the House Intelligence Committee Mike Rogers as saying, “The Chinese government’s direct role in cybertheft is rampant, and the problems have grown exponentially.”
“It is crucial,” Rogers added, “that the administration begin bilateral discussions to ensure that Beijing understands that there are consequences for state-sponsored economic espionage.”
Moreover, the Obama administration released a “strategy paper” on Wednesday, outlining “new efforts to fight the theft of trade secrets,” the daily reports.
The Obama administration is considering more assertive action against Beijing to combat a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies.
Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem. Neither of the former officials was authorized to discuss the classified report and spoke only on condition of anonymity.
One of the former officials said the NIE, an assessment prepared by the National Intelligence Council, also will cite more directly a role by the Chinese government in such espionage. The former official said the NIE will underscore the administration’s concerns about the threat and will put greater weight on plans for more aggressive action against the Chinese government.
Secretary of State Hillary Rodham Clinton, in an interview with reporters as she wound up her tenure, said the U.S. needs to send a strong message that it will respond to such incidents.
“Obviously this can become a very unwelcome and even dangerous tit-for-tat that could be a crescendo of consequences, here at home and around the world, that no one wants to see happen,” she said.
“The U.S. government has started to look seriously at more assertive measures and begun to engage the Chinese on senior levels,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “They realize that this is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China.”
To date, extensive discussions between Chinese officials and top U.S. leaders — including President Barack Obama and Defense Secretary Leon Panetta — have had little impact on what government and cybersecurity experts say is escalating and technologically evolving espionage. The Chinese deny such espionage efforts.
The Chinese foreign and defense ministries called the Times’ allegations baseless, and the Defense Ministry denied any involvement by the military.
“Chinese law forbids hacking and any other actions that damage Internet security,” the Defense Ministry said. “The Chinese military has never supported any hacking activities. Cyberattacks are characterized by being cross-national and anonymous. To accuse the Chinese military of launching cyberattacks without firm evidence is not professional and also groundless.”
In a report in November 2011, U.S. intelligence officials for the first time publicly accused China and Russia of systematically stealing American high-tech data for economic gain. And over the past several years, cybersecurity has been one of the key issues raised with allies as part of a broader U.S. effort to strengthen America’s defenses and encourage an international policy on accepted practices in cyberspace.
U.S. cybersecurity worries are not about China alone. Administration officials and cybersecurity experts also routinely point to widespread cyberthreats from Iran and Russia, as well as hacker networks across Eastern Europe and South America
The U.S. itself has been named in one of the most prominent cyberattacks — Stuxnet — the computer worm that infiltrated an Iranian nuclear facility, shutting down thousands of centrifuges there in 2010. Reports suggest that Stuxnet was a secret U.S.-Israeli program aimed at destabilizing Iran’s atomic energy program, which many Western countries accuses Iran for covering their Peaceful Nuclear Energy Plan for the development of nuclear weapons.
The White House declined comment on whether it will pursue aggressive action on China.
“The United States has substantial and growing concerns about the threats to U.S. economic and national security posed by cyber intrusions, including the theft of commercial information,” said spokesman Caitlin Hayden. “We have repeatedly raised our concerns with senior Chinese officials, including in the military, and we will continue to do so.”
Cybersecurity experts have been urging tougher action, suggesting that talking with China has had no effect.
“We need to find new approaches if we want to dissuade this type of activity,” said Stewart Baker, former assistant secretary at the Homeland Security Department and now in private law practice with Steptoe and Johnson in Washington. He said the U.S. must do a better job of attributing the cyberattacks to particular groups or nations and “see if we can sanction the people who are actually benefiting from them.”
The Obama administration has slowly been ratcheting up its rhetoric. In an unusually strong speech last October, Panetta warned that the U.S. would strike back against cyberattacks, even raising the specter of military action. And the White House has been urging Congress to authorize greater government action to protect infrastructure such as the nation’s electric grid and power plants.
The White House plans come after a Virginia-based cybersecurity firm released a torrent of details Monday that tied a secret Chinese military unit in Shanghai to years of cyberattacks against U.S. companies. After analyzing breaches that compromised more than 140 companies, Mandiant has concluded that they can be linked to the People’s Liberation Army’s Unit 61398.
Military experts believe the unit is part of the People’s Liberation Army’s cyber-command, which is under the direct authority of the General Staff Department, China’s version of the Joint Chiefs of Staff. As such, its activities would be likely to be authorized at the highest levels of China’s military.
The release of Mandiant’s report, complete with details on three of the alleged hackers and photographs of one of the military unit’s buildings in Shanghai, makes public what U.S. authorities have said less publicly for years. But it also increases the pressure on the U.S. to take more forceful action against the Chinese for what experts say has been years of systematic espionage.
The Chinese government, meanwhile, has denied involvement in the cyber-attacks tracked by Mandiant. Instead, the Foreign Ministry said that China, too, is a victim of hacking, some of it traced to the U.S. Foreign Ministry spokesman Hong Lei cited a report by an agency under the Ministry of Information Technology and Industry that said in 2012 alone that foreign hackers used viruses and other malicious software to seize control of 1,400 computers in China and 38,000 websites.
“Among the above attacks, those from the U.S. numbered the most,” Hong said at a daily media briefing, lodging the most specific allegations the Chinese government has made about foreign hacking.
Cybersecurity experts say U.S. authorities do not conduct similar attacks or steal data from Chinese companies, but acknowledge that intelligence agencies routinely spy on other countries.
China is clearly a target of interest, said Lewis, noting that the U.S. would be interested in Beijing’s military policies, such as any plans for action against Taiwan or Japan.
In its report, Mandiant said it traced the hacking back to a neighborhood in the outskirts of Shanghai that includes a white 12-story office building run by the PLA’s Unit 61398.
Mandiant said there are only two viable conclusions about the involvement of the Chinese military in the cyberattacks: Either Unit 61398 is responsible for the persistent attacks or they are being done by a secret organization of Chinese speakers with direct access to the Shanghai telecommunications infrastructure who are engaged in a multi-year espionage campaign being run right outside the military unit’s gates.
The unit “has systematically stolen hundreds of terabytes of data from at least 141 organizations,”
Richard Bejtlich, the chief security officer at Mandiant, said the company decided to make its report public in part to help send a message to both the Chinese and U.S. governments.
He said the release of an unclassified report that provides detailed evidence will allow authorities to have an open discussion about what to do.
Mandiant’s report is filled with high-tech details and juicy nuggets that led to its conclusion, including the code names of some of the hackers, like Ugly Gorilla, Dota and SuperHard, and that Dota appears to be a fan of Harry Potter because references to the book and movie character appear as answers to his computer security questions.
Alan Paller, director of research at SANS Institute, a computer-security organization, said that the level of cyberattacks, including against power companies and critical infrastructure, has shot up in the last seven or eight months. And the U.S. is getting more serious about blocking the attacks, including an initiative by the Defense Department to hire thousands of high-tech experts.
Just talking about it, he said, is having no effect.
Lewis, who has met and worked with Chinese officials on the issue, said their response has been consistent denial that China is involved in the hacking and counter-accusations that the U.S. is guilty of the same things.
“In the next year there will be an effort to figure out a way to engage the Chinese more energetically,” he said. “The issue now is how do we get the Chinese to take this more seriously as a potentially major disruption to the relationship.”
The answer, he said, is, “You have to back up words with actions, and that’s the phase I think we’re approaching.”