U.S officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names.
In the last few months, that has changed. China is now officially one of the cyber bad guys and probably the worst.
“We know and there’s good evidence … of very deliberate, focused cyber espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage,” says Mike McConnell, a former director of national intelligence and before that the director of the National Security Agency.
It’s the Chinese he’s talking about, though other countries also engage in cyber espionage to gain a competitive edge. Russia, for example, but China stands out as especially aggressive.
“China does not care what other people think,” says Richard Bejtlich, the chief security officer at MANDIANT, a company that helps firms deal with cyber intrusions. “Culturally they are very interested in being seen as responsible, but when it comes to their actual work on the ground; if you try kicking them out of your network on a Friday, they’re back on a Monday.”
The increased willingness of the U.S. government to point a finger at the Chinese dates from an official report released last October that identified them “as the world’s most active and persistent perpetrators of economic espionage.”
Mike McConnell says that report gave him a green light to say publicly what he’d long been saying privately about China’s cyber spying.
“For those of us who made the argument that we needed something to use as justification for revealing these insights, that sort of unleashed us to do that,” he says.
Last month, McConnell co-authored an op-ed column in the Wall Street Journal, along with the recently retired deputy defense secretary William Lynn, and the former secretary of homeland security Michael Chertoff, titled: China’s Cyber Thievery is National Policy — And Must Be Challenged.
One reason they were anxious to publicize China’s cyber espionage was to counter those who claimed there was little concrete evidence to link the Chinese definitively to major hacking activity.
One problem in cyber espionage investigation is that it can be almost impossible to trace a computer intrusion back to its source. But Richard Bejtlich of the MANDIANT security firm says any good cyber sleuth pays little heed to IP addresses. He says he can identify Chinese hackers just by the way they work.
“They have quirks, maybe even they way that they type, the way that they select commands [and] the way that they build their software,” he says. “There’s probably twenty or more characteristics you can use, none of which involve an IP address.”
And the signs pointing to China as the prime cyber espionage culprit in the world today have accumulated over years, Bejtlich says, to the point where there is virtually no doubt about who exactly is responsible.
“In our government, there are people who know exactly who these guys are,” he says. “I’ve seen pictures of office buildings; there are pictures of individuals.”
As the country’s top spy, Mike McConnell saw the best intelligence on cyber espionage. He won’t talk about any pictures the government has, but he has no qualms about pointing to China as the top U.S. problem.
“We know a great deal about how the attacks are generated and where they come from,” McConnell says.
McConnell says that clear understanding of the problem is one of the reasons he and his colleagues were adamant about making as much of this information as they could public. He says they want people to understand that cyber theft is real, that it’s getting worse and that it’s important to hold China in particular responsible.
Chinese officials have heard this complaint often. Their customary response is that they, too, have been victims of cyber thievery and do not condone it.