Cyber warfare officially arrived on Capitol Hill last week. Two Republican congressmen, Rep. Frank Wolf of Virginia and Rep. Christopher Smith of New Jersey, went public last Wednesday with the news that in 2006 and 2007 their office computer networks had been breached by Chinese hackers.
The cyber raiders were not looking for sensitive military or economic data. Instead, they apparently tried to steal political information about Chinese dissidents. “My suspicion is that I was targeted by Chinese sources because of my long history of speaking out about China’s abysmal human rights record,” Wolf told the Washington Times. Both congressmen said the attacks were made against aides who “…worked specifically on China and human rights issues.”
This is not the first time that Chinese government hackers have gotten their hands on sensitive American documents. Chinese hackers’ long march through American computer networks is believed to have started in 2000. Since then, the attacks have increased in both their frequency and their sophistication. For instance, the latest attack made use of spy software that downloaded files from the congressmen’s computers without detection. The software is secretly installed when a personalized email is opened.
China’s largest cyber-raid in the United States occurred in 2004. The assault was so massive that American security authorities gave it a code name, “Titan Rain.” Computers in several defense and space installations were targeted and thousands of unclassified documents, both military and industrial, were stolen. Fortunately, classified military information is not directly connected to the internet; but data found in those unclassified networks can also be of a sensitive nature.
Equally brazen was a 2007 cyber attack on Pentagon computers. That attack saw Secretary of Defense Robert Gates’ computer system compromised. The perpetrator in this case was believed to have been the People’s Liberation Army.
Last March, the military news website Strategy Page.com detailed how Chinese hackers may attack in the future. Counterfeit computer equipment is sometimes sold to the American military. This equipment may contain counterfeit computer cards that are made in China. The danger is that the fake cards could be “hardwired” to allow Chinese cyber agents access to the computer networks where they wind up. According to Strategy Page, criminals currently place stickers on counterfeit cards to make it appear that they are from reputable American suppliers. Many such cards have been found, but none yet with this kind of “spy chip.” Nevertheless, the website notes, American security authorities have a “scary, new problem on its hands.”
China’s success in cyber espionage does not mean that it has given up the traditional approach of obtaining information from U.S.-based spies. Just last March, a Chinese-born engineer was sentenced in California to 24 years for attempting to obtain and export to China American submarine technology. A month earlier, a former Chinese-American engineer at Boeing was arrested for stealing corporate secrets from the aerospace program for the same purpose. And only last month, a Chinese citizen living legally in New Orleans pleaded guilty to espionage for sending American military information to her homeland.
Such one-man missions pale in comparison to the biggest Chinese espionage program directed against the United States and the West. It is known as the “thousand grains of sand” strategy. In this approach, the agents are all amateurs. They consist of Chinese who are either going overseas, such as students, or those who already live abroad. Appealing to their shared ancestry, Chinese intelligence asks them to bring or send home any military, technological or economic information, no matter how low level. The goal is that such information, when put together, will lead to something big. “Chinese do not hit homeruns,” John Pike, a security expert, has remarked. “Their theory is that if you do enough of it, eventually it will amount to something.”
By some estimates, the “thousand grains of sand” program involves 100,000 people – a testament both to the importance that China attaches to the program as well as to its extent. And it has been going on for a long time. “For nearly two decades, Beijing has mobilized the Chinese-American community to penetrate US military corporations that are working on defense contracts,” writes commentator Sreeram Chaulia.
Nor is the U.S. China’s only target. In an interview with Canadian television, a former Chinese diplomat has revealed that Canada and Australia, which also have large ethnic Chinese communities, have hundreds of Chinese government agents in their midst. Last year, Germany came under a Chinese cyber attack that saw the computers of several government ministries, as well as the office of the German Chancellor, Angela Merkel, compromised. This breach of German security caused Merkel to broach the subject of Chinese cyber espionage with Chinese premier Wen Jiabao when she visited China last year.
Merkel’s confrontational stance toward Chinese cyber warfare stands in stark contrast to the comparative inaction of American officials. In fact, Rep. Wolf said he was asked by government officials not to go public with the news that the Chinese had hacked his office computer system. “A lot of people urged me not to do this,” he said.
American silence on Chinese cyber warfare efforts is probably due to the fact that the Pentagon is also conducting a similar program against China, and apparently with more success. For example, American intelligence officials know that counterfeit computer cards containing a spy chip are a possibility because they have already invented one. As a result, American officials may well be reluctant to draw attention to their own spying successes.
As last week’s revelations confirmed, Chinese cyber warfare constitutes a real threat to American security. But it’s important to bear in mind that America’s strategic reluctance to publicize its victories on the espionage front doesn’t mean that those victories are very real indeed.