Patriotism and politics drive China cyberwar
By Kathrin Hille in Beijing and Joseph Menn in San,Francisco
Published: January 14 2010 02:00 | Last updated: January 14 2010 02:00
Just hours before Google announced late on Tuesday that China-based hackers had attacked its systems last month, China's cyberwarriors were at work - this time defacing Iranian websites in retaliation for a hacker attack on the pages of a Chinese search engine.
If the idea of search engines as battlegrounds in a cyberwar is surprising, the motivations and prowess of Chinese hackers are well established. Unlike most of their counterparts in other countries known for malicious computer activity, especially eastern Europe, Chinese hackers are known for patriotism.
They have often hit targets in Taiwan and, during diplomatic flare-ups, Japan and other neighbours. Commercial concerns for rank-and-file criminals have tended to come later, and some hacking collectives have split up over the issue.
The more critical questions are how much of the patriotic activity is directed or encouraged by the government, and how much officials are behind what appear to be commercial intrusions and thefts.
Attributing cyberespionage or most garden-variety hacking is excruciatingly difficult, especially without the sustained help of local law enforcement. Like most who have been victimised by Chinese hacking, Google refused explicitly to blame the authorities. But since it escalated the issue to incl-ude discussion on censorship, which is purely state-driven, the point was made.
"They are big enough to have taken the first step, to encourage other organisations to do the same, to shine a spotlight on what people think is a small problem," said Nart Villeneuve, a Canadian security expert who uncovered eavesdropping on a Chinese version of Skype.
A few other commercial targets have been more direct in their statements, and US and industry security experts are unanimously agreed that the Google attacks and most other politically motivated breaches are at the behest of government powers.
US officials have growing concerns over cyberattacks from China. Chip Gregson, assistant secretary for Asian and Pacific security affairs at the Pentagon, told a congressional committee yesterday that, alongside its nuclear and space programmes, China's efforts in cyberspace presented "an asymmetrical threat to our ways of doing business".
"The Chinese cyberattacks have been so aggressive and so pervasive that the concerns of the US national security establishment and [private] companies are the same and they have little option but to find common cause," said Michael Green, formerly President George W. Bush's top adviser on east Asia.
California internet filtering company CyberSitter this month joined the small number to make that charge explicitly, suing China over the apparent theft of about 3,000 lines of code that found its way into the Green Dam censorship software the government tried to mandate be preinstalled on PCs. It said thousands of attempts to take control of its corporate machines began inside the Chinese ministry of health.
Most companies doing any substantial business in China have been hacked but ignored it because of the size of the market, said a private security consultant, Ira Winkler, a former official at the National Sec-urity Agency in Maryland.
More likely to find their way into the public arena are attacks on activists, who were also a target in the Google operation. Last May, foreign media organisations and human rights groups in China were targeted with deceptive e-mails in an attempt to gain access to sensitive information.
Two months earlier, a comprehensive study conducted by the University of Toronto researchers found that a cyberspying operation run from servers based in China had accessed 1,300 computers in more than 100 countries. Targets included state institutions, international organisations and the media. Much of the type of information accessed was relevant to China's national security concerns surrounding Taiwan and Tibet.
China's active hacking community began to form in the early 1990s, with Beijing opening the first internet connection only in 1994.
Since then, different groupings, led by the most prominent "Red Hackers" or "Chinese Honkers", have been most visible when launching attacks against Japanese or Taiwanese -websites, targeting what Beijing perceives as Japanese imperialism or Taiwanese separatism.
A range of evidence supports the claim of state involvement. The same unpublicised security holes in Microsoft Office software have been used to target US defence contractors and Chinese human rights activists, claim experts including Mikko Hypponen of Finnish security firm F-Secure, who has helped Tibetan groups.
Mr Winkler said China's national security efforts went "beyond" those of the US "well into the commercial sector". Given China's filtering clampdown and extensive monitoring, along with the widespread spying, it was "grossly naive to think the government is not involved".
Additional reporting by Daniel Dombey in Washington
Copyright The Financial Times Limited 2010.