Join our Mailing List

"On my part, I remain committed to the process of dialogue. It is my firm belief that dialogue and a willingness to look with honesty and clarity at the reality of Tibet can lead us to a viable solution."

U.S. Probe Ties Chinese Cyberspying to Military

December 17, 2011



WASHINGTON—U.S. intelligence agencies have pinpointed many of the
Chinese groups responsible for cyberspying in the U.S., and most are
sponsored by the Chinese military, according to people who have been
briefed on a U.S. intelligence investigation.

Armed with this information, the U.S. has begun to lay the groundwork
to confront China more directly about its expansive cyberspying
campaign. Two weeks ago, U.S. officials met with Chinese counterparts
and warned China about the diplomatic consequences of economic spying,
according to a former official familiar with the meeting.

The Chinese cyberspying campaign stems largely from a dozen groups
connected to China's People's Liberation Army and a half-dozen
nonmilitary groups connected to organizations like universities, said
those who were briefed on the investigation. Two other groups play a
significant role, though investigators haven't determined whether they
are connected to the military.

In many cases, the National Security Agency has determined the
identities of individuals working in these groups, which is a critical
development that provides the U.S. the option of confronting the
Chinese government more directly about the activity or responding with
a counterattack, according to former officials briefed on the effort.

"It's actually a small number of groups that do most of the PLA's
dirty work," said James Lewis, a cybersecurity specialist at the
Center for Strategic and International Studies who frequently advises
the Obama administration. "NSA is pretty confident of their ability to
attribute [cyberespionage] to this set of actors."

In early November, the U.S. chief of counterintelligence issued a
report that was unusually blunt in accusing China of being the world's
"most active and persistent" perpetrator of economic spying. Lawmakers
have also become more vocal in calling out China for its widening
campaign of cyberespionage.

Still, diplomatic considerations may limit the U.S. interest in taking
a more confrontational approach because some U.S. officials are wary
of angering China, the largest holder of U.S. debt. Chinese officials
regularly dispute U.S. allegations of cyberspying, saying they are the
victims, not the perpetrators, of cybercrime and cyberespionage.

Identifying adversaries has been difficult because it is easy to fake
identities and locations in cyberspace. An inability to tie
cyberspying activities with precision to a certain actor has in the
past limited the U.S.'s ability to respond because it is hard to
retaliate or confront an unidentified adversary.

The U.S. government, led by the National Security Agency, has tracked
the growing Chinese cyberspying campaign against the U.S. for decades.
Past government efforts have had exotic names like "Titan Rain," and
"Byzantine Hades.

"More recently, NSA and other intelligence agencies have made
significant advances in attributing cyberattacks to specific
sources—mostly in China's People's Liberation Army—by combining
cyberforensics with ongoing intelligence collection through electronic
and human spying, Mr. Lewis said.

The U.S. investigation of China's activities is the latest round of
spy-versus-spy in cyberspace.

The activity breaks down into cyberspying efforts by 20 groups with
different attack styles that are responsible for most of the
cybertheft of U.S. secrets, said the people briefed on the
investigation. U.S. intelligence officials have given different
classified code names to each group.

U.S. intelligence officials can identify different groups based on a
variety of indicators. Those characteristics include the type of
cyberattack software they use, different Internet addresses they
employ when stealing data, and how attacks are carried out against
different targets. In addition to U.S. government agencies, major
targets of these groups include U.S. defense contractors, according to
former officials.

Collectively, these groups employ hundreds of people, according to
former officials briefed on the effort. That number is believed to be
small compared to the estimated 30,000 to 40,000 censors the Chinese
government is believed to employ to patrol the Internet.
CTC National Office 1425 René-Lévesque Blvd West, 3rd Floor, Montréal, Québec, Canada, H3G 1T7
T: (514) 487-0665
Developed by plank