Cyber war expanding to new front
China believed to be hacking firms for economic advantage
The scale and sophistication of the cyber attacks on Google Inc. and other large U.S. corporations by hackers in China is raising national security concerns that the Asian superpower is escalating its industrial espionage efforts on the Internet.
While the U.S. focus has been primarily on protecting military and state secrets from cyber spying, a new battle is being waged in which corporate computers and the lucrative intellectual property they hold have become as much of a target of foreign governments as those run by the Pentagon and the CIA.
“This is a watershed moment in the cyber war,” James Mulvenon, director of the national-security firm, Center for Intelligence Research and Analysis at Defense Group Inc., said last week. “Before, the Chinese were going after defense targets to modernize the country’s military machine. But these intrusions strike at the heart of American innovation community.”
The attacks on Google and several dozen other companies have alarmed government officials and lawmakers who warned that the U.S. may already be losing the battle to protect the nation’s besieged cyber infrastructure.
Rep. Anna Eschoo, D-Calif., a senior member of the House Select Committee on Intelligence, called China a pervasive hacker. “This behavior is unacceptable. We used to use the term ‘highway robbery.’ This is high-tech robbery.”
The cost has been huge, according to a recent study by a congressional advisory panel, the U.S.-China Economic and Security Review Commission. While it is hard to quantify the value of the intellectual property that is stolen by the Chinese each year – since many businesses do not like to report getting hacked – Dan Slane, chairman of the commission, estimated it was in the hundreds of billions of dollars.
Alan Paller, director of research at the SANS Institute, a Bethesda, Md., security firm, said Chinese hackers target Western companies with an approach dubbed “1,000 grains of sand,” meaning they go after every piece of information in search of competitive intelligence. Most companies keep silent about the attacks but they draw heavy scrutiny from law enforcement officials.
Google revealed last week that it had fallen prey to a series of cyber attacks originating from China. The Mountain View, Calif., Internet giant said it believed the attackers wanted access to the e-mail accounts of Chinese human rights activists. But the incursions, which also included theft of intellectual property, raised the possibility that the hackers were also attempting economic espionage.
Google took the bold stance of making the attacks public, catching the Chinese government off guard. The company’s defiance of the world’s most populous country stunned observers. It also prompted questions about the scope and nature of the attacks.
On Tuesday, Google announced it has delayed the debut of two mobile phones designed to connect with its Internet services in China, the latest aftershock from Google’s threat to shut down its services in China.
“For a big multinational company to consider leaving a critical market means the overall damage to its operation and assets is likely to be greater than the benefits,” said Oded Shenkar, a professor of business management at Ohio State University and the author of “The Chinese Century.” “Google is not only making a human rights statement, my educated guess is that there is much more to it than that.”
The attacks against the U.S. are ramping up, according to the congressional U.S.-China commission, which noted in October that Chinese espionage was “straining the U.S. capacity to respond.”
The report focused on an attack on one company, concluding that it was supported and may have been choreographed by the Chinese government. The report also alleged that China’s military, the People’s Liberation Army, is responsible for aspects of cyber spying and has created cyber warfare militia units.
McAfee Labs, which has analyzed the attacks on Google and other companies, said that the hackers had deployed highly sophisticated “advanced persistent threats,” or APT, that in the past were primarily used against governments. The attacks targeted specific individuals with known access to lucrative corporate information.
Google may have been particularly vulnerable because all of its technology is online and networked, said Marc Rotenberg, executive director of the Electronic Privacy Information Center.
Google said it would improve security for Gmail users by encrypting data to its servers.
How to protect the nation’s cyber infrastructure, largely in private sector hands, from alleged state-sponsored attacks has become a matter of intensifying debate in Washington, analysts say. The U.S. currently has no formal policy for dealing with such attacks.
“This highlights a core dilemma for the U.S. cyber strategy,” Mulvenon said. “What can the U.S. government do to defend Google? Really not very much.”