What Do We Make of the Chinese Hacking?

Today's China topics:

cyberwarriors.jpg1) Chinese hacking, as reported in the lead front-page story of today's NYT (and a fascinating story in Bloomberg Bus Week). Is this really something new? Or merely our old friend "threat inflation,"* cued both to the impending sequestration menace and last week's SOTU mentions of new efforts in cyber-security?

We're all working with limited info, but at first impression this reads to me like something new, specifically in the degree of traceability to the Chinese military.

Here's the background: Through the years, anyone who's looked into this topic has gotten used to threat inflation -- but also the reverse, in the form of caveats and cautions about how much is unclear. Yes, public and private facilities in the U.S. and elsewhere are subject to nonstop electronic probes and assaults. Yes, a lot of the attacks seem to come out of China. Still, I've heard time and again how hard it is to tell how much reflects "coordinated" military actions and how much  is from on-their-own hackers, rival corporations, or ordinary profit-seeking crooks. Apart from China, there's plenty else to worry about. When I did an Atlantic article about the problem three years ago (source of the illustration above), this is what I heard, emphasis added:

Next, the authorities stressed that Chinese organizations and individuals were a serious source of electronic threats--but far from the only one, or perhaps even the main one. You could take this as good news about U.S.-China relations, but it was usually meant as bad news about the problem as a whole. "The Chinese would be in the top three, maybe the top two, leading problems in cyberspace," James Lewis, a former diplomat who worked on security and intelligence issues and is now at the Center for Strategic and International Studies, in Washington, told me. "They're not close to being the primary problem, and there is debate about whether they're even number two."

Number one in his analysis is Russia, through a combination of state, organized-criminal, and unorganized-individual activity. Number two is Israel--and there are more on the list. "The French are notorious for looking for economic advantage through their intelligence system," I was told by Ed Giorgio, who has served as the chief code maker and chief code breaker for the National Security Agency. "The Israelis are notorious for looking for political advantage. We have seen Brazil emerge as a source of financial crime, to join Russia, which is guilty of all of the above." Interestingly, no one suggested that international terrorist groups--as opposed to governments, corporations, or "normal" criminals--are making significant use of electronic networks to inflict damage on Western targets, although some groups rely on the Internet for recruitment, organization, and propagandizing.

If you'd like to see that kind of "well, how much can we really prove here?" analysis applied to the current NYT report see this post from Jeffrey Carr, and a related article in Business Insider

I agree that there's a lot we still don't know; I'll also say, having seen more of the "Chinese cyber-threat" reports than most people, that this one seems more specific** than before, and the flow of recent evidence has pointed increasingly to China. It's worth reading the whole story, and the underlying Mandiant report. Also see Evan Osnos's good run-down of reasons to think this could be something new.

Two other points of context:

  • First, before any readers in China write in to inform me, of course the U.S. government has its own extensive cyber-teams. In this as in most other military areas, I would assume that its capabilities are far ahead of the PLA's -- and no U.S. official I've asked has ever led me to think otherwise. 

  • Second, the Chinese embassy's earnest but boilerplate response is one more reminder of the uneven level of everything involving China, including savvy in dealings with the outside world. We're told that the technical probes being sent out are extremely sophisticated. On the other hand, the language of the diplomats traces back to the era of "resolutely condemning" foreign hegemony etc: 
Contacted Monday, officials at the Chinese embassy in Washington again insisted that their government does not engage in computer hacking, and that such activity is illegal .... [JF note: pirate videos are also "illegal" in China. So is speeding, bribery, etc.]

''Making unfounded accusations based on preliminary results is both irresponsible and unprofessional, and is not helpful for the resolution of the relevant problem,'' said Hong Lei, a ministry spokesman. ''China resolutely opposes hacking actions and has established relevant laws and regulations and taken strict law enforcement measures to defend against online hacking activities.''

2) The real problem for, and with, China. My friends at Danwei have a report, drawn from the Chinese media and Chinese studies, showing that groundwater in nearly all Chinese cities is polluted, and that in about two thirds of them it is "severely" polluted. That is what the big Chinese headline below says.

To put this in context:
  • Environmental disaster is the gravest threat to China's continued development. That's according to me, but it is not some wacko view.
  • The Chinese government is trying very hard to deal with these problems, and is even unleashing the press to do more. The question is whether anyone can do enough, fast enough.
  • This latest report closes a circle. The air that people breathe in many Chinese cities has become dangerously polluted. Their food supply is subject to constant contamination scandals. Now it appears that not merely stagnant ponds but the water people draw from deep underground is already tainted. This is a giant problem -- for them, and for everyone.
I mention this because I worry about it and its implications a lot more than whatever the Chinese cyber-sleuths might have in mind, damaging as the cyber-assaults can be.

* For the record: I am not suggesting that the NYT reporters, whom I know and respect, are "inflating" anything. But it is a reality that certain reports, interviews, disclosures come into reporters' hands at some times -- and not at others.

** Eg, this part of the NYT story, about a building in Shanghai that by chance I have seen, though I have not gone inside. (I'll look for it when I'm there next month):
Mandiant [a security firm] discovered that two sets of I.P. addresses used in the attacks were registered in the same neighborhood as [the military's] Unit 61398's building....

"Either they are coming from inside Unit 61398," said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, "or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood."
Presented by

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.


A Stop-Motion Tour of New York City

A filmmaker animated hundreds of still photographs to create this Big Apple flip book


The Absurd Psychology of Restaurant Menus

Would people eat healthier if celery was called "cool celery?"


This Japanese Inn Has Been Open For 1,300 Years

It's one of the oldest family businesses in the world.


What Happens Inside a Dying Mind?

Science cannot fully explain near-death experiences.

More in Global

From This Author

Just In