A long report ran on Reuters today, detailing some of the ways the Chinese government and associated hackers spy on the United States and other Western governments and companies. In short, the Chinese are way better at cyberspying than pretty much anybody else. There's a whole lot of very complicated information in the report, much of it just barely within a layman's grasp. If you'd like to be able to talk about it somewhat intelligently with your friends later, take a look through our condensed guide, below.
What's going on here? As you probably know, governments spy on each other all the time. Reuters's Mark Hosenball explains that "Today, most of that is done electronically, with computers rather than listening devices in chandeliers or human moles in tuxedos." And his report suggests that China has perhaps the best cyberspying operation on earth — better than the United States government and better than the largest U.S. companies. That means Chinese hackers are, overall, better than the American ones. They get more information from us than we do from them, and they work for or with the Chinese military.
Secret U.S. State Department cables, obtained by WikiLeaks and made available to Reuters by a third party, trace systems breaches -- colorfully code-named "Byzantine Hades" by U.S. investigators -- to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China's People's Liberation Army.
What do these hackers do? They get sensitive military and corporate information through a variety of electronic means. Hosenball uses as a reference point the January 2010 malicious code attack on Google known as Aurora, "which compromised the Gmail accounts of human rights activists and succeeded in accessing Google source code repositories." Similar bits of malicious code have been used to get access to e-mails and e-mail addresses in the U.S. government, as well as "thousands" of companies. Then, hackers engage in so-called spear-phishing attacks, wherein hackers will contact key people and pose as trusted sources in order to extract sensitive information.
Two former national security officials involved in cyber-investigations told Reuters that Chinese intelligence and military units, and affiliated private hacker groups, actively engage in "target development" for spear-phish attacks by combing the Internet for details about U.S. government and commercial employees' job descriptions, networks of associates, and even the way they sign their emails -- such as U.S. military personnel's use of "V/R," which stands for "Very Respectfully" or "Virtual Regards."
Another bit of code that made it into at least one State Department computer in 2006 is known as the Gh0stNet Remote Access Tool, or RAT. It can "capture keystrokes, take screen shots, install and change files, as well as record sound with a connected microphone and video with a connected webcam."
How pervasive is this? It's pretty widespread. Hosenball reports that, "in the last five years, cyber-intrusions reported to the U.S. Computer Emergency Response Team, a unit of the Department of Homeland Security, have increased more than 650 percent, from 5,503 incidents in fiscal 2006 to 41,776 four years later, according to a March 16 report by the Government Accountability Office." In the corporate world, Hosenball points out that the Aurora attack actually targeted thousands of companies. So far, only 34 have been identified.
The full scope of commercial computer intrusions is unknown. A study released by computer-security firm McAfee and government consulting company SAIC on March 28 shows that more than half of some 1,000 companies in the United States, Britain and other countries decided not to investigate a computer-security breach because of the cost. One in 10 companies will only report a security breach when legally obliged to do so, according to the study.
How does this affect me? Unless you work for the State Department, the Department of Defense, or one of the intelligence agencies, or are a higher-level employee of a large corporation, it probably doesn't affect you much directly. The espionage is aimed at the government and corporations as a way of learning as much as possible about secret systems in order to outperform or evade them. The Chinese are unlikely to invade any time soon, even if they find out when the secretary of defense takes his lunch break. Rather, the attacks are one of many tactics China is employing to keep its economy growing. But one expert says China won't do anything to destabilize the United States: "China's representatives acknowledged destabilization of U.S. markets would, in effect, be an attack on China's economy, itself."
What's being done about it? The U.S. government has reportedly begun "quiet, proxy-led talks with China over cyber issues." In addition, the "nominally independent" research group, China Institutes for Contemporary International Relations, made contact in mid-2009 with former U.S. diplomat James A. Lewis, who now works with the Center for Strategic and International Studies.
Lewis said that in his first meeting with his Chinese counterparts, a representative of the China Institutes asked: "Why does the Western press always blame China (for cyber-attacks)?" Lewis says he replied: "Because it's true."
While progress has been slow, Lewis told Reuters that both the U.S. and Chinese governments were monitoring the talks. "We're building the groundwork for official discussions."