China's Internet Spying
|Jan 24, 2011|
Last June, at about the time of the anniversary of the Tiananmen Square massacre of 1989, several members of the internal investigation unit of a US company assembled at an international luxury chain hotel in Beijing for a conference.
The company does not want to be identified, or even to have its field of business identified more specifically. When the employees got back to their home base, they discovered that their computers had been penetrated through the hotel's internet system. The penetration of some of the computers was so extensive that their hard disks crashed.
"They had been hacked through and through," said a source. "It happened in the hotel through the internet connections. Whoever was on the other end had the ability to go clear into their hard disks."
Another source who recently stayed at a major international hotel in Shanghai to visit clients – and who also doesn't want his profession made public – went through a similar experience.
"Every time I opened Internet Explorer," he said, "the whole screen would dim before it went back to normal. My email accounts couldn't be opened, my company account couldn't be opened. And after two days, I got a warning that my brand new hard disk was in danger and that I should back up everything right away."
The source's Internet Explorer and email accounts behaved normally again once he was out of China, he said. The laptop was only used in the hotel, he added.
Major instances of hacking – including those which drove Google out of China – have received wide publicity. Despite denials by Beijing, diplomatic cables made available in November by WikiLeaks quoted a US Embassy official in Beijing who said contacts had told the US that the Chinese government was behind an internet hacking attack on Google and Western governments. There have been so many incidents that it is difficult to round them all up. And it certainly has to be recognized that China is hardly alone in the realm of computer hacking and industrial spying, given the apparent success of Stuxnet, the computer worm believed to have been created by US and Israeli interests to damage Iran's nuclear development program.
However, the kind of attention paid to these two companies, one of them relatively small, has not normally been recognized, and if it is widespread, it would take an army of spies and other personnel bigger than the now-defunct East Germany's Stasi state security operation. It is unknown just how deeply the Chinese government has penetrated such small operations, especially through the internet systems of widely known western hotels. But it appears that if you're a western businessman doing business in China, you may well attract attention, especially if you open your Internet connection in a major hotel.
If a new report by the Office of Economic Cooperation and Development is anything to go by, these are not isolated experiences, and could well be originating from the government, although not necessarily. The 121-page report, released by the OECD last week, is titled Future Global Shocks: Reducing Systemic Cybersecurity Risk.
Written by two consultants, Peter Sommer of the Information Systems and Innovation Group at the London School of Economics and Ian Brown, of Oxford Internet Institute, Oxford University, the report mainly concentrates on the possible threat that government hackers could ignite a cyber war. It ultimately concludes that, even despite the apparent success of the so-called Stuxnet worm in invading Iranian nuclear operations, there is little danger of that.
As long ago as 2005, according to the report, an FBI investigation codenamed Titan Rain into hackers apparently located in Guangdong found data being stolen on subjects such as NASA's Mars Reconnaissance Orbiter and Air Force flight-planning software.
While that appeared to be targeting government systems, "As well as non-classified US government systems, the hackers accessed systems at the World Bank and at defense contractors such as Lockheed Martin. Defense, law enforcement and intelligence agencies in the UK, Canada, Australia and New Zealand alerted businesses to improve security procedures in light of these intrusions."
It was unclear whether there was state involvement in these attacks, the report states. But, it continues, the US-China Economic and Security Review Commission concluded that "the depth of resources necessary to sustain the scope of computer network exploitation targeting the US and many countries around the world, coupled with the extremely focused targeting of defense engineering data, US military operational information, and China-related policy information is beyond the capabilities or profile of virtually all organized cybercriminal enterprises and is difficult at best without some type of state-sponsorship."
A major hacking operation allegedly is centered from servers in Chengdu, using free web-hosting services and social networking sites like Baidu and Google, according to a Canadian report last April, first as an effort to infiltrate the Tibetan exile community but expanded to compromise Indian computers at diplomatic missions across the planet.
Think-tanks such as the Institute for Defense Studies and Analyses and defense publications, the report said, were also targeted as were corporations like DLF Ltd, Tata and YKK India.
The US-based country risk company STRATFOR reported in 2010 that cases in the United States uncovered by the FBI found that espionage may not be directed from Beijing and that such activities aren't particularly well coordinated.
"Most of the cases involved charges of violating export restrictions or stealing trade secrets rather than the capital crime of stealing state secrets," STRATFOR said. The cases involved technology acquisition as well as attempts to buy and illegally export encryption devices, mobile-phone components, high-end analog-to-digital converters, microchips designed for aerospace applications and radiation-hardened semiconductors.
Other cases involved stealing trade secrets such as organic light- emitting diode processes from Dupont, hybrid vehicle technology from General Motors, insecticide formulas from Dow Chemical, paint formulas from Valspar and various vehicle design specifications from Ford.
"There are also a growing number of private Chinese companies getting involved in espionage," STRATFOR said. "One notable example was when Du Shanshan and Qin Yu passed on technology from GM to Chery Automobile, a private, rather than state-run, manufacturer. In the five trade-secret cases in 2010, most of the suspects were caught because of poor tradecraft. They stored data on their hard drives, sent e-mails on company computers and had obvious communications with companies in China. This is not the kind of tradecraft we would expect from trained intelligence officers. Most of these cases probably involved ad hoc agents, some of whom were likely recruited while working in the United States and offered jobs back in China when they were found to have access to important technology."
The OECD report lists a wide range of techniques and doctrines of information system security to prevent or at least manage such hacking, including creating a comprehensive security plan to minimize risk. However, the two examples above indicate that the ability of the hackers, government-controlled or otherwise, appear able to fairly easily circumvent conventional security measures.