Pentagon accuses China of cyberattacks on U.S military, business targets

Stolen data is used to ramp up China's military and high tech industries, Defense Department says in report to Congress

Chinese cyber espionage activities are fueling a rapid modernization of the country's defense and high tech industries, the Pentagon said in an unusually candid assessment of China's military and security developments last year.

In a departure from the usually veiled suggestions of Chinese involvement in cyberattacks, the 92-page Department of Defense report, released Monday, openly accused the Asian giant of launching cyberattacks aimed at exfiltrating information from the U.S. government and military as well as from corporate entities.

The stolen information is supporting China's defense industrial base, helping Chinese policymakers and military planners build "a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis," the report said.

Importantly, the report cautioned, the espionage activities are helping the country build out a sophisticated electronic warfare capability aimed at neutralizing American technological superiority in traditional kinetic warfare and other areas.

"China's investments in advanced electronic warfare systems, counter-space weapons, and computer network operations ... reflect the emphasis and priority China's leaders place on building capability for information advantage," the Pentagon said. "Beijing is investing in military programs and weapons designed to improve extended-range power projection and operations in emerging domains such as cyber, space, and electronic warfare."

Allegations of Chinese involvement in cyberattacks against U.S. interests are certainly not new. Security vendors and private companies in the U.S. have long accused operatives in China of launching countless cyberattacks to steal secret military, government or corporate data.

Earlier this year, security firm Mandiant released a detailed report that said a unit of the People's Liberation Army (PLA) of China was behind a years-long systematic cyberespionage campaign against the U.S. and several other countries. Chinese cyberattackers have breached since 2006 over 140 large companies from 20 major industries considered as strategic by China, the Mandiant report said.

In April, a senior director of Microsoft's Institute for Advanced Technology accused hackers operating out of China of trying to infiltrate the IT vendor's computer systems in a bid to find accounts that were under surveillance by the FBI and other law enforcement authorities.

That effort was apparently part of an elaborate counter-intelligence operation carried out by operatives in China to find out if any of their U.S. based agents had been compromised or were under surveillance in this country.

U.S. lawmakers too have on numerous occasions voiced concerns about cyberattacks originating from China.

Despite the rising rhetoric elsewhere, the U.S. government has long stopped short of openly accusing the Chinese government of launching cyberattacks.

That restraint may finally be wearing thin after the release of the Mandiant report and the public acknowledgment of its accuracy by security experts, DoD officials, intelligence analysts and U.S. lawmakers, said Anup Ghosh, CEO and founder of security firm Invincea.

Since the report was released, "the pressure has been mounting on the [Obama] Administration to not only acknowledge the threat, but also to declare how they will defend U.S. interests against the Chinese cyberthreat," Ghosh said.

"The acknowledgement by the Pentagon is a first step in publicly declaring the threat," he said. "The administration still needs to lay out what steps it will take to both defend against the threat as well as discourage unrestrained attacks against U.S. interests."

According to the Pentagon, China's cyber espionage activities are allowing the country to collect data for intelligence and network attack purposes.

The cyberattacks are also designed to slow down incident response times and disrupt logistics, communications and commercial activities, the report warned.

The report offers little information on capabilities of other countries to launch cyberattcks on U.S. interests.

In the past, security analysts and even the government have noted that China is by no means the only nation focused on ramping up its online spying capabilities.

The U.S. is also no laggard in launching cyberattacks on other nations.

For instance the Stuxnet attacks that disabled centrifuges at Iran's nuclear facilities in Natanz in 2010 are believed to have been carried out by security experts in Israel and the United States.

A 2012 report from the U.S. Department of Defense's Defense Security Service (DSS) entities said East Asia, where China is located, and the Pacific region, accounted for 42% of all attempts to collect sensitive U.S. data illegally. That report considered a range of espionage activities, and not just cyber espionage.

The report said the Near East, comprised of Iran, Israel, Libya, Saudi Arabia and other countries, is the second most active region, with 18% of all reported cyberattacks. Europe accounted for about 15% of the attempted attacks since 2007, while South and Central Asian countries such as India, Pakistan and Bangladesh were said pose a moderate cyber threat over the next few years.

John Pescatore, director of emerging security trends at the SANS Institute, said that while there's little doubt that China is actively engaged in cyber intelligence collection activities, the U.S and its allies are as well.

He noted that China's focus is on stealing industrial and trade secrets to close gaps in its own capabilities. That focus compares to the Soviet Union's effort to steal U.S trade secrets during the cold war.

Pesactore previously worked for the U.S. National Security Agency (NSA).

Traditionally, the U.S hasn't had to widely engage in industrial espionage because its capabilities have been well ahead of countries like China. Instead, its intelligence gathering efforts have been focused more on defense and security related goals, and more recently, counter-terrorism objectives, Pescatore said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

FREE Computerworld Insider Guide: IT Certification Study Tips
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies