Asia
2:29 am
Sat February 18, 2012

U.S. Not Afraid To Say It: China's The Cyber Bad Guy

Originally published on Sat February 18, 2012 12:09 pm

American officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names.

In the last few months, that has changed. China is now officially one of the cyber bad guys and probably the worst.

"We know, and there's good evidence ... of very deliberate, focused cyber-espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage," says Mike McConnell, a former director of national intelligence and before that, the director of the National Security Agency.

It's the Chinese he's talking about, though other countries — like Russia — also engage in cyber-espionage to gain a competitive edge. China stands out as especially aggressive.

"China does not care what other people think," says Richard Bejtlich, the chief security officer at MANDIANT, a company that helps firms deal with cyber-intrusions.

"Culturally, they are very interested in being seen as responsible, but when it comes to their actual work on the ground, if you try kicking them out of your network on a Friday, they're back on a Monday," he says.

The increased willingness of the U.S. government to point a finger at the Chinese dates from an official report released last October that identified them "as the world's most active and persistent perpetrators of economic espionage."

McConnell says that report gave him a green light to say publicly what he'd long been saying privately about China's cyberspying.

"For those of us who made the argument that we needed something to use as justification for revealing these insights, that sort of unleashed us to do that," he says.

Last month, McConnell co-authored an op-ed column in the Wall Street Journal, along with recently retired Deputy Defense Secretary William Lynn and former Secretary of Homeland Security Michael Chertoff, titled: China's Cyber Thievery Is National Policy — And Must Be Challenged.

One reason they were anxious to publicize China's cyber-espionage was to counter those who claimed there was little concrete evidence to link the Chinese definitively to major hacking activity.

One problem in cyber-espionage investigation is that it can be almost impossible to trace a computer intrusion back to its source. MANDIANT'S Bejtlich says any good cybersleuth pays little heed to IP addresses. He says he can identify Chinese hackers just by the way they work.

"They have quirks, maybe even they way that they type, the way that they select commands [and] the way that they build their software," he says. "There's probably 20 or more characteristics you can use, none of which involve an IP address."

The signs pointing to China as the prime cyber-espionage culprit in the world today have accumulated over years, Bejtlich says, to the point where there is virtually no doubt about who exactly is responsible.

"In our government, there are people who know exactly who these guys are," he says. "I've seen pictures of office buildings; there are pictures of individuals."

As the country's top spy, McConnell saw the best intelligence on cyber-espionage. He won't talk about any pictures the government has, but he has no qualms about pointing to China as the top U.S. problem.

"We know a great deal about how the attacks are generated and where they come from," McConnell says.

McConnell says that clear understanding of the problem is one of the reasons he and his colleagues were adamant about making as much of this information public as they could. He says they want people to understand that cybertheft is real, that it's getting worse, and that it's important to hold China particularly responsible.

Chinese officials have heard this complaint often. Their customary response is that they, too, have been victims of cyberthievery and do not condone it.

Copyright 2014 NPR. To see more, visit http://www.npr.org/.

Transcript

SCOTT SIMON, HOST:

This is WEEKEND EDITION from NPR News. I'm Scott Simon. China's vice president who is next in line to lead that country departed from Los Angeles last night after a four-day U.S. visit. Xi Jinping got a friendly reception in the United States despite a host of complaints from China's human rights record to its practice of hacking into U.S. computers to steal secrets and technology. That last problem was barely mentioned in public, but NPR's Tom Gjelten says it is a top U.S. concern.

TOM GJELTEN, BYLINE: U.S. officials have long complained about countries that systematically hack into U.S. computer networks to steal valuable data, but until recently they did not name names. In the last few months, that has changed. China is now officially one of the cyber bad guys - probably the worst. Mike McConnell is a former director of national intelligence; before that, the director of the National Security Agency.

MIKE MCCONNELL: We know, and there's good evidence, and I've been aware of it for a long time at the classified level, and increasingly at the unclassified level, of very deliberate, focused cyber espionage to capture very valuable research and development information, or innovative ideas, or source code or business plans for their own advantage.

GJELTEN: It's the Chinese he's talking about. Other countries also engage in cyber espionage to gain a competitive edge - Russia for example. But China stands out as especially aggressive. Richard Bejtlich, the chief security officer at MANDIANT, a company that helps firms deal with cyber intrusions.

RICHARD BEJTLICH: China does not care what other people think. Culturally, they are very interested in being seen as being responsible, but when it comes to their actual work on the ground, if you try kicking them out of your network on a Friday, they're back on a Monday, or if not over the weekend.

GJELTEN: The increased willingness of the U.S. government to point a finger at the Chinese dates from an official report released last October that identified them, quote, "as the world's most active and persistent perpetrators of economic espionage." Mike McConnell says that report gave him a green light to say publicly what he'd long been saying privately about China's cyber spying.

MCCONNELL: For those of us who made the argument that we needed something to use as justification for revealing these insights, that was sort of unleashed us to do that.

GJELTEN: You welcomed that?

MCCONNELL: Oh, absolutely, welcomed it.

GJELTEN: Last month, McConnell co-authored an op-ed column in The Wall Street Journal, along with recently retired Deputy Defense Secretary William Lynn and the former Secretary of Homeland Security Michael Chertoff. The title: "China's Cyber Thievery is National Policy - And Must Be Challenged." One reason they were anxious to publicize China's cyber espionage was to counter those who claimed there was little concrete evidence to link the Chinese definitively to major hacking activity.

One problem in cyber espionage investigation is that it can be almost impossible to trace a computer intrusion back to its source, but Richard Bejtlich of the MANDIANT security firm says any good cyber sleuth pays little heed to IP addresses. He says he can identify Chinese hackers just by the way they work.

BEJTLICH: They have quirks, maybe even they way that they type, the way that they select commands, the way that they build their software, all of these things. There's probably 20 or more characteristics that you can use, none of which involve an IP address.

GJELTEN: And the signs pointing to China as the prime cyber espionage culprit in the world today have accumulated over years, Bejtlich says, to the point where there is virtually no doubt about who exactly is responsible.

BEJTLICH: In our government, there are people who know exactly who these guys are. I've seen pictures of office buildings; there are pictures of individuals.

GJELTEN: As the country's top spy, McConnell saw the best intelligence on cyber espionage. He won't talk about any pictures the government has, but he has no qualms pointing to China as the top U.S. problem.

MCCONNELL: We know a great deal about how the attacks are generated and where they come from. We have a clear understanding and that's the reason that those of us on the inside who understood that were so adamant about making as much of this information as we can public so people understand.

GJELTEN: Understand that cyber theft is real, that it's getting worse and that it's important to hold China in particular responsible. Chinese officials have heard this complaint often. Their customary response is that they, too, have been victims of cyber thievery and do not condone it. Tom Gjelten, NPR News, Washington. Transcript provided by NPR, Copyright NPR.