Site   Web

May 7, 2013

Chinese Cyber-Espionage a Growing Problem: Pentagon

China is increasingly focusing on its information operations (IO) as a tool to target American government and corporate computer systems, the Pentagon said in a report released this week.

A unit of the Chinese People’s Liberation Army, at the behest of the Chinese government, used it IO systems as a tool last year to continually steal information about the foreign policy and military goals of the U.S., according to the 83-page report from the office of the Secretary of Defense, which was presented to Congress Monday (May 6).

“Chinese information operations (IO) is seen as a tool to permit China to fight and win an information campaign, precluding the need for conventional military action,” the report reads, adding that the Chinese consider the U.S. to be a prime target because it is seen as “information dependent.”

The report, ‘Military and Security Developments Involving the People’s Republic of China,’ also indicated that Chinese hackers have targeted the U.S. diplomatic, economic, and defense industrial base sectors that support U.S. national defense programs.

“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the report said.

China’s IO campaign has several goals:

• To seize and maintain campaign information superiority;

• Unify command campaign information operational forces;

• Carry out information warfare, related reconnaissance, and offensive and defensive information warfare methods;

• Collect intelligence from enemy information systems;

• Destroy enemy information systems;

• Weaken the enemy’s ability to acquire, transmit, process, and use information during war.

“China continues to engage in activities designed to support military procurement and modernization,” the report said. “These include economic espionage, theft of trade secrets, export control violations, and technology transfer.”

The Pentagon’s report acts as a confirmation to reports released earlier this year by Mandient and Verizon. Mandient released a 74-page report in February that accused a unit of the Chinese People’s Liberation Army of launching thousands of hacking attacks against U.S. companies and defense contractors since 2006.

The military hacking unit is “one of the most persistent of China’s cyber-threat actors,” the Mandient report said, adding that the unit “is able to wage such a long-running and extensive cyber-espionage campaign in large part because it receives direct government support.”

The Alexandria, Virginia-based security firm traced the hacking to four large networks in Shanghai, two of which serve the Pudong New Area where a 12-storey building run by Unit 61398 of the People’s Liberation Army is located.

A report released by Verizon last month revealed that 96 percent of all espionage cases in 2012 “were attributed to threat actors in China,” backing up Mandient’s findings.

Last week, an exclusive report by Bloomberg revealed that QinetiQ, a U.K. security research and technology company that supplies the U.S. military with secret satellites, drones, and software, was victimized by hackers linked to the Chinese military. The breach of its systems occurred over a three-year period, beginning in 2007, compromising the majority of the firm’s research. According to Bloomberg, the attack on QinetiQ was just the tip of the iceberg — virtually every U.S. defense contractor has been hit by Chinese hackers.

The U.S. government has said it is prepared to take all necessary measures to protect the country from cyber-invasions.

U.S. President Barack Obama’s national security advisor Tom Donilon said more and more U.S. businesses are voicing concerns about “sophisticated, targeted theft of confidential business information and proprietary technologies” through cyber-attacks stemming from China at an unparalleled rate.

“The international community cannot afford to tolerate such activity from any country,” Donilon said during a March speech. “As the president said in the State of the Union, we will take action to protect our economy against cyber-threats.

“From the president on down, this has become a key point of concern and discussion with China at all levels of our governments. And it will continue to be. The United States will do all it must to protect our national networks, critical infrastructure, and our valuable public and private sector property.”

Just a month after Donilon’s remarks, the Pentagon launched a new Cyber Command and, as the threat of cyber-attacks continues to grow, so too will the military’s budget for computer network warfare, sources told The New York Times last month.

The officials, who spoke on the condition of anonymity, said the new cyber-policies were governed in part by the nation’s counter-terrorism policy — especially on the roles the military and the intelligence agencies will play in the use of cyber-weapons.