Thursday, May 09, 2013

China angry over US accusations of cyberespionage

China has expressed anger over this year's Annual Report to the US Congress outlining China's military development. State organs such as Xinhua, The People's Daily and the China Daily were swift to criticise the report calling it "baseless" and referring to the "evil acts" of the United States [BBC].

Temper tantrums

In one tirade which could be described as a temper tantrum coming from a schoolboy caught cheating at cards the Global Times inferred the US report was nothing short of paranoia.

"The report is more like a mirror of America's mentality toward China's rise, namely a worry about China's increasing strength and a desire to maintain the US' strategic advantage," the editorial entitled "Pentagon report falls flat on its face" read.

The Xinhua report was just as scathing calling the publication of the US report an "unwise move" and describing it as "harmful to the aspiration of both countries to forge a cooperative partnership based on mutual respect, mutual benefit and a win-win situation."

The report also accused the US of interfering with China's internal affairs by commenting on the situation across the Taiwan Straits by claiming "the PLA (People's Liberation Army) has developed and deployed military capabilities to coerce Taiwan or to attempt an invasion, if necessary."

US accused by China

In response to accusations of cyberespionage China retorted its often repeated line that it opposed any forms of computer hacking and was itself the victim of cyberattacks and even suggested the United States was the "largest source" of such attacks.

Meanwhile China's ministry spokeswoman, Hua Chunying blasted the US allegations saying, "We're willing to carry out an even-tempered and constructive dialogue with the US on the issue of Internet security. But we are firmly opposed to any groundless accusations and speculations, since they will only damage the cooperation efforts and atmosphere between the two sides to strengthen dialogue and cooperation." [NYT]

Defensive claims

While claiming China's military build was purely defensive, China's media reports seem to conveniently ignore its assertiveness in the South and East China Seas and recent incursions into Indian territory, as well as its bullying rhetoric concerning what it calls the Diaoyu Islands [People's Daily]. 

"China has repeatedly stated the defensive nature of its national defense policy," China's media claimed, citing white papers published in April that "made it clear that its armed forces have always been a staunch force to uphold world peace and regional stability."

The concerns and protests seen in India, Japan, the Philippines and other Asian countries over China's assertiveness in the region would somewhat contradict this sweeping statement.

Evidence of attacks

Whether or not China is under sustained cyberattacks, as claimed, it offers very little evidence. Meanwhile there is a mountain of evidence pointing to China's continued cyberespionage, hacking attempts and malware distribution, as well as IP theft.

From Google's claims of cyberattacks in late 2009 and early 2010, said to be part of a wider hacking enterprise known as Operation Aurora, to McAfee's Operation Shady Rat [PDF] report and the recent Mandiant report [PDF], there is clear evidence showing China's concerted and sustained cyberattacks on western companies, institutions and governments.

Changing tack

This year's US report to congress, an 83 page document [PDF], was far more abrasive than previous reports [2006 PDF / 2007 PDF / 2008 PDF / 2009 PDF / 2010 PDF / 2011 PDF / 2012 PDF]

For the first time it directly accused the Chinese military of perpetrating cyberattacks aimed at gleaning information to bolster China's military strength with stolen technology. China vehemently refutes such allegations but most editorials in western publications are unconvinced by China's denials.

"There seems little doubt that China's computer hackers are engaged in an aggressive and increasingly threatening campaign of cyberespionage directed at a range of government and private systems in the United States, including the power grid and telecommunications networks," The New York Times declared in its editorial published the day after the critical report was made public. Bloomberg's BusinessWeek were just as dismissive of China's explanations, publishing an article entitled "Yes, the Chinese army is lying to you" 

Until now the Obama administration had avoided directly accusing both the Chinese government and the People's Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage. Now the United States were not so shy at pointing an accusatory finger.

China accused

"In 2012, numerous computer systems around the world, including those owned by the US government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military," the report stated.

China's primary goal was to steal industrial technology, the report went on to say, but added that many intrusions were also likely aimed at obtaining insights into American policy makers' thinking. It warned that the same information-gathering could easily be used for "building a picture of US network defense networks, logistics, and related military capabilities that could be exploited during a crisis."

America's position on how it tackles the issue of cyberattacks has gradually shifted from veiled accusations to more pointed and direct statements. Before the publication of this week's report, the US had already made representations to the Chinese. In April Secretary of State John Kerry and Treasury Secretary Jack Lew visited China and raised the cyberhacking issue. Their protestations were, however, dismissed by Qian Xiaoqing, deputy director of the state Internet Information Office, who told Reuters, "Lately people have been cooking up a theory of a Chinese Internet threat, which is just an extension of the old 'China threat' and just as groundless."

"Jeopardizing trust"

The rhetoric has certainly become louder, but what will it mean for bilateral relations. The US, to some degree, is reliant on China for its buying up of debt, the import of so-called rare-earths, and other trade. China too is also reliant on the US for investment as well as the provision of much needed trade. The question is how much one country is dependent upon the other, and whether either country could survive should relations sour to the extent that imports and exports between the two dry up. 

China has made threatening and pointed remarks suggesting that the US report could " jeopardize mutual trust between the world's two largest economies and create obstacles in the development of their relationship." The US have also indicated that continued attacks could damage relations, and hope that by increasing the pressure China will be forced to come to the table to discuss these issues of cyberattacks.

China might be under the belief it can continue along the same road, without any major consequences. But as has already been seen some corporations have already decided to quit doing business in the Middle Kingdom.

Future questions

Google closed down its self-censored mainland China search engine in March 2010 due to cyberhacking of Google source code and attempts to steal the passwords of hundreds of Gmail accounts, including US officials, journalists and Chinese activists.

Google was not the only company attacked. At least 34 companies, including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical, were also attacked, according to congressional and industry sources. However, at that time few were willing to admit they had been attacked, lest they anger China or create panic amongst shareholders.

But the hacking continued and hit the headlines once again this year when The New York Times and The Wall Street Journal revealed that they had been hacked from China. Bloomberg's BusinessWeek a month later exposed a network of hackers, digging all the way down to a vacation photo of a People's Liberation Army professor from Zhengzhou who had exposed his real identity by launching a small telecom side business that allowed investigators to connect his real name with his cyber-identity. The magazine followed the trail of Joe Stewart, director of malware research at Dell SecureWorks, who said he tracks 24,000 Internet domains "that Chinese spies have rented or hacked for the purpose of espionage."

Then only days later, Mandiant, an American private cyber security company, issued its explosive report which traced "one of the most prolific cyber espionage groups in terms of the sheer quantity of information stolen" to the neighbourhood of a PLA building in Shanghai that houses an intelligence organization known as Unit 61398 [NYT].

Seeking a response

Congress is searching for ways to respond with some calling for ever stronger measures to counter the continuing attacks. Mike Rogers, a Michigan Republican and chairman of the House Permanent Select Committee on Intelligence, is focused on making China pay a price. "Right now there is no incentive for the Chinese to stop doing this," The New York Times quoted Rogers as saying in February. "If we don't create a high price, it's only going to keep accelerating."

It was "beyond a shadow of a doubt" that the Chinese government and military was behind growing cyberattacks against the United States, Rogers said, adding that the US was losing the war to prevent such attacks.

"They use their military and intelligence structure to steal intellectual property from American businesses, and European businesses, and Asian businesses, re-purpose it and then compete in the international market against the United States," Rogers told ABC's This Week.

Eliot Engel, a New York Democratic party representative and ranking member of the House Foreign Affairs Committee, said that there had to be greater consequences for Chinese cyberhacking and cyberespionage, and called for sanctions and indictments against those responsible, as well as limiting access to visas.

"I think we have to make it very clear to them that they – this cannot be business as usual," Engel said. "If they're going to continue to do this to the extent that they're doing it, there's a price to pay."

Timing

At the time Rogers warned that the US was not prepared to deter such cyberattacks from continuing. "If you're going to punch your neighbour in the nose, best to hit the weight room for a couple of months," Rogers said. "We're not ready yet, we are completely vulnerable to this."

Maybe the US has been taking time out to workout in the gym and feels it is ready to take on the card cheats. But like any playground scrap, it could end in just a few grazes or escalate into a larger brawl.

tvnewswatch, Yunnan, China

More reports: BBC / CNN money / CNN GPS / Guardian / Telegraph / Bloomberg / NYT / IBT / CNET / NextGov / National Defense Magazine / BusinessWeek / WSJ blog

No comments: