Chinese hackers allegedly broke into U.S. government computer networks in March and “gained access to some of the databases of the Office of Personnel Management” that hold personal information about tens of thousands of federal employees seeking security clearances. Homeland Security confirmed the OPM hack, but said it has not “identified any loss of personally identifiable information.” While we continue to hear tales about Chinese cyber-espionage drama, some cybersecurity experts believe that this latest intrusion falls under “traditional national security espionage” and is “OK” under U.S. rules. If the hack had been about stealing trade secrets and intellectual property, to pass along to economic competitors, then the breach would have broken the rules.
In May, the Justice Department charged five Chinese military officers with hacking into American companies for cyber-espionage; the 56-page indictment (pdf) included accusations of Chinese hackers being hired to steal trade secrets from American nuclear, metal and solar companies. To the U.S., these hacks go beyond normal national security espionage. As former Director of National Intelligence Michael McConnell told Politico, “We don’t break into an economic competitor and take their business plans. For the Chinese, that’s their primary focus.”
Yet Matthew Rhoades, director of the Truman National Security Project’s Cyberspace and Security Program, said the OPM hack “is traditional national security espionage through different means. It’s the same thing the U.S. and the Soviets used to get into during the Cold War. Essentially, you’re just trying to find targets with access to highly classified national security systems and operations.” Rhoades told Politico, “It doesn’t mean we’re going to be happy about this [OPM hack], but I do think we need to separate these two issues.”
Busted for hacking U.S. defense contractors
Last week, at the request of the U.S., the Royal Canadian Mounted Police in British Columbia arrested the owner of Chinese aviation firm Lode-Tech for allegedly stealing military secrets. Su Bin and two uncharged co-conspirators affiliated with “multiple organizations in the PRC (People’s Republic of China)” allegedly “stole large quantities of data that relate to dozens of U.S. military projects,” including pilfering information about Lockheed’s F-22 and F-35 fighter jets and Boeing’s C-17 transport plane.
Between 2009 and 2013, according to the complaint, the hackers “gained remote access from China to information residing on the computer systems of U.S. companies including cleared defense contractors.” Bin allegedly wrote in an email that the pilfered data would help China “stand easily on the giant’s shoulders” and “rapidly catch up with U.S. levels." His bail hearing was set for July 18.
Attacked 39 million times in four months
Reports such as Mandiant’s have shed some light on Chinese military hackers in the past, but what’s it like if you are holding “the key for climate-friendly biofuels,” like the "small" Florida-based company Algenol Biofuels, and become a target of Chinese espionage?
Jack Voth, the company’s information technology chief, told the Washington Post that he first discovered a telnet connection from a Chinese IP to its videoconference camera over a year ago, but during the last four months alone, “hackers have attempted to break into its computers 39 million times.”
What’s so important?
Algenol is “letting thousands of plastic bags of algae bake in the sun” for the purpose of producing commercial biofuels. “The company pumps carbon dioxide and some brackish water into the bags and produces four transportation fuels — ethanol, gasoline, diesel and jet fuel” for about $1.27 a gallon. Algenol says “it can convert more than 85% of the carbon dioxide it uses in the process into fuel.”
The Post reported that the Chinese regard biofuel as a “priority.” Algenol claims that 63,000 intrusion attempts “came directly from China, including 6,653 attempts over 15 months from Peoples’ Liberation Army IP addresses and servers” that were publicly identified in Mandiant’s report.
Algenol traced some other attacks back to “Aliyun Computing, the cloud computing subsidiary of Alibaba, one of the most powerful online commerce and retail giants in China.” Strangely, the biofuel company did not know about the relationship to Alibaba until The Post’s involvement. However Voth claimed that “one Aliyun IP address had 'tried systematically over the last 10 months to get in,' attempting about 135 times in a 'very clever' way to avoid setting off Algenol’s security system."
Inquiries by The Post led the American firm to hand over a list of 2,000 alleged attacks to Alibaba; the Chinese company claimed there were “numerous specific instances” in which Algenol’s systems “mischaracterized” attacks that were instead bounced marketing emails. The Chinese company found one instance of a botnet and “immediately” shut down the infected virtualized server.
Voth “disputed Alibaba’s explanation about the marketing e-mails to employees who left Algenol four years ago, and said that to mistake an Alibaba security response for an attack would mean that there was a flaw with the widely used firewall language called Snort, which is updated constantly.”
Algenol chief executive Paul Woods told The Post that he did not want to get into “a game of whack-a-mole here, with us constantly being attacked by new servers of theirs.” But it’s not just China wanting to get hold of Algenol’s secret recipes. Although Algenol is not a big firm, employing about 125 people, the company has spent “hundreds of thousands of dollars” to protect its computers from attackers with IPs from China, Germany, North Korea, Russia, Taiwan and the United States.
There’s no mention of the FBI being involved in investigating the alleged hacks against Algenol, but stealing trade secrets and intellectual property are against the rules according to Justice Department standards. Yet Woods called the DOJ’s indictment against five Chinese officials in May “a joke” that will "not touch the alleged culprits or change behavior."