What Do We Make of the Chinese Hacking?

By James Fallows

Today's China topics:

cyberwarriors.jpg1) Chinese hacking, as reported in the lead front-page story of today's NYT (and a fascinating story in Bloomberg Bus Week). Is this really something new? Or merely our old friend "threat inflation,"* cued both to the impending sequestration menace and last week's SOTU mentions of new efforts in cyber-security?

We're all working with limited info, but at first impression this reads to me like something new, specifically in the degree of traceability to the Chinese military.

Here's the background: Through the years, anyone who's looked into this topic has gotten used to threat inflation -- but also the reverse, in the form of caveats and cautions about how much is unclear. Yes, public and private facilities in the U.S. and elsewhere are subject to nonstop electronic probes and assaults. Yes, a lot of the attacks seem to come out of China. Still, I've heard time and again how hard it is to tell how much reflects "coordinated" military actions and how much  is from on-their-own hackers, rival corporations, or ordinary profit-seeking crooks. Apart from China, there's plenty else to worry about. When I did an Atlantic article about the problem three years ago (source of the illustration above), this is what I heard, emphasis added:

Next, the authorities stressed that Chinese organizations and individuals were a serious source of electronic threats--but far from the only one, or perhaps even the main one. You could take this as good news about U.S.-China relations, but it was usually meant as bad news about the problem as a whole. "The Chinese would be in the top three, maybe the top two, leading problems in cyberspace," James Lewis, a former diplomat who worked on security and intelligence issues and is now at the Center for Strategic and International Studies, in Washington, told me. "They're not close to being the primary problem, and there is debate about whether they're even number two."

Number one in his analysis is Russia, through a combination of state, organized-criminal, and unorganized-individual activity. Number two is Israel--and there are more on the list. "The French are notorious for looking for economic advantage through their intelligence system," I was told by Ed Giorgio, who has served as the chief code maker and chief code breaker for the National Security Agency. "The Israelis are notorious for looking for political advantage. We have seen Brazil emerge as a source of financial crime, to join Russia, which is guilty of all of the above." Interestingly, no one suggested that international terrorist groups--as opposed to governments, corporations, or "normal" criminals--are making significant use of electronic networks to inflict damage on Western targets, although some groups rely on the Internet for recruitment, organization, and propagandizing.

If you'd like to see that kind of "well, how much can we really prove here?" analysis applied to the current NYT report see this post from Jeffrey Carr, and a related article in Business Insider

I agree that there's a lot we still don't know; I'll also say, having seen more of the "Chinese cyber-threat" reports than most people, that this one seems more specific** than before, and the flow of recent evidence has pointed increasingly to China. It's worth reading the whole story, and the underlying Mandiant report. Also see Evan Osnos's good run-down of reasons to think this could be something new.

Two other points of context:

  • First, before any readers in China write in to inform me, of course the U.S. government has its own extensive cyber-teams. In this as in most other military areas, I would assume that its capabilities are far ahead of the PLA's -- and no U.S. official I've asked has ever led me to think otherwise. 

  • Second, the Chinese embassy's earnest but boilerplate response is one more reminder of the uneven level of everything involving China, including savvy in dealings with the outside world. We're told that the technical probes being sent out are extremely sophisticated. On the other hand, the language of the diplomats traces back to the era of "resolutely condemning" foreign hegemony etc: 
Contacted Monday, officials at the Chinese embassy in Washington again insisted that their government does not engage in computer hacking, and that such activity is illegal .... [JF note: pirate videos are also "illegal" in China. So is speeding, bribery, etc.]

''Making unfounded accusations based on preliminary results is both irresponsible and unprofessional, and is not helpful for the resolution of the relevant problem,'' said Hong Lei, a ministry spokesman. ''China resolutely opposes hacking actions and has established relevant laws and regulations and taken strict law enforcement measures to defend against online hacking activities.''

2) The real problem for, and with, China. My friends at Danwei have a report, drawn from the Chinese media and Chinese studies, showing that groundwater in nearly all Chinese cities is polluted, and that in about two thirds of them it is "severely" polluted. That is what the big Chinese headline below says.

To put this in context:
  • Environmental disaster is the gravest threat to China's continued development. That's according to me, but it is not some wacko view.
  • The Chinese government is trying very hard to deal with these problems, and is even unleashing the press to do more. The question is whether anyone can do enough, fast enough.
  • This latest report closes a circle. The air that people breathe in many Chinese cities has become dangerously polluted. Their food supply is subject to constant contamination scandals. Now it appears that not merely stagnant ponds but the water people draw from deep underground is already tainted. This is a giant problem -- for them, and for everyone.
I mention this because I worry about it and its implications a lot more than whatever the Chinese cyber-sleuths might have in mind, damaging as the cyber-assaults can be.

* For the record: I am not suggesting that the NYT reporters, whom I know and respect, are "inflating" anything. But it is a reality that certain reports, interviews, disclosures come into reporters' hands at some times -- and not at others.

** Eg, this part of the NYT story, about a building in Shanghai that by chance I have seen, though I have not gone inside. (I'll look for it when I'm there next month):
Mandiant [a security firm] discovered that two sets of I.P. addresses used in the attacks were registered in the same neighborhood as [the military's] Unit 61398's building....

"Either they are coming from inside Unit 61398," said Kevin Mandia, the founder and chief executive of Mandiant, in an interview last week, "or the people who run the most-controlled, most-monitored Internet networks in the world are clueless about thousands of people generating attacks from this one neighborhood."

This article available online at: