By Craig Timberg and Ellen Nakashima, Published: February 20
Government and business leaders in the United States and around the world are rushing to build better defenses - and prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace.
Whitney Shefte, Sohail al-Jamea and Robert O'Harrow Jr./ The Washington Post
The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies.
The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day.
“The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, which has been hacked in the past. “Law firms, think tanks, newspapers — if there’s something of interest, you should assume you’ve been penetrated.”
The rising wave of cyber-espionage has produced diplomatic backlash and talk of action against the Chinese, who have steadfastly denied involvement in hacking campaigns. A strategy paper released by the Obama administration Wednesday outlined new efforts to fight the theft of trade secrets.
Cyberspying against what could be called the “information industry” differs from hacks against traditional economic targets such as Lockheed Martin, Coca-Cola and Apple, whose computer systems contain valuable intellectual property that could assist Chinese industrial or military capabilities.
Instead, journalists, lawyers and human rights workers often have access to political actors whose communications could offer insight to Chinese intelligence services eager to understand how Washington works. Hackers often are searching for the unseen forces that might explain how the administration approaches an issue, experts say, with many Chinese officials presuming that reports by think tanks or news organizations are secretly the work of government officials — much as they would be in Beijing.
“They’re trying to make connections between prominent people who work at think tanks, prominent donors that they’ve heard of and how the government makes decisions,” said Dan Blumenthal, director of Asian studies at the American Enterprise Institute, which also has been hacked. “It’s a sophisticated intelligence-gathering effort at trying to make human-network linkages of people in power, whether they be in Congress or the executive branch.”
China’s aggressive effort
Russia and some other nations also are said to engage in cyber-
espionage against private companies and institutions, but security experts and U.S. officials say China’s effort is the most aggressive and comprehensive. The information-technology staffs of private groups have scrambled to neutralize the intrusions, often hiring outside specialists to expel hackers and installing monitoring systems to keep them out.
Yet such efforts do not always succeed, security experts say. Hackers often build secret “back door” access to computer systems or redouble their efforts to penetrate again once they’ve been purged.
Not long after the Wall Street Journal reported last month that its systems had been infiltrated, the chief executive of its parent company, Rupert Murdoch, tweeted, “Chinese still hacking us, or were over the weekend.” The New York Times and The Washington Post have also reported being victims of cyber-intrusions probably conducted by the Chinese.
The former head of cybersecurity investigations for the FBI, Shawn Henry, said his agents used to alert dozens of companies and private institutions about breaches every week, with Chinese hackers the most common suspects.
“I’ve yet to come across a network that hasn’t been breached,” said Henry, president of CrowdStrike Services, a security company. “It’s like having an invisible man in your room, going through your filing cabinets.”
The rise of pervasive cyber-
espionage has followed broader technological shifts: More and more information is gathered and conveyed online. Rising computing power, meanwhile, has made more of it vulnerable to hackers almost anywhere in the world. This has dramatically lowered the cost of spying — traditionally a labor-intensive pursuit that carries the risk of arrest or worse — and made more institutions viable targets.
The Chinese government has consistently denied having the kind of aggressive cyber-espionage campaign often described by Western officials and security experts, calling such allegations irresponsible and unsupported by evidence.
This week, Chinese officials disputed a report by Mandiant, an Alexandria-based security company, detailing the Chinese military unit allegedly responsible for stealing hundreds of terabytes of data from 141 organizations in 20 industries in the United States and around the world.
But official Washington expresses little doubt about the source of the problem. “The Chinese government’s direct role in cybertheft is rampant, and the problems have grown exponentially,” said Rep Mike Rogers (R-Mich.), chairman of the House Intelligence Committee. “It is crucial that the administration begin bilateral discussions to ensure that Beijing understands that there are consequences for state-sponsored economic espionage.”
‘Spearphishing’ at The Post
The reported hack into The Post’s computer systems happened in a typical way: An employee fell for what experts call a “spearphishing” scam, hitting a bogus link that downloaded a malicious program, infecting the company’s information-technology server, said people familiar with the incident who spoke on the condition of anonymity to discuss details not released publicly by the company. (Post Co. officials have confirmed the hack only in general terms.)
That initial intrusion, which happened in 2009, allowed the hackers to gain access to The Post’s directory of user names, passwords and computers that use Windows-based operating systems. People with knowledge of the infiltration said the company learned of it when Mandiant discovered the breach in 2011.
The Post hired Mandiant to expel the hackers and installed advanced monitoring systems to prevent a recurrence. Experts say it’s difficult for any company to know definitively what information hackers steal while they have access to computer systems — especially if the theft happened months or years before it was discovered.
News of The Post’s infiltration, first revealed this month, alarmed Texas-based religious rights activist Bob Fu. As recently as December, he had obtained a sensitive Chinese document and passed it along by e-mail to a Post correspondent in Beijing. The resulting story named Fu but not the document’s original source within China, who Fu said could have been arrested if discovered.
An associate working for China Aid was briefly detained after the story appeared and was questioned about the document. It’s not clear if any information was gleaned from Fu’s e-mail exchange with the Post correspondent, which took place after the company’s computer system was secured.
“Oh, my goodness, that makes me a little sweaty,” Fu said, recalling the incident. “The consequences could be so unbearable.”
Dissidents have long engaged in cat-and-mouse games with Chinese authorities, accepting that many of their phone calls and e-mails are monitored while still attempting to protect their most sensitive communications from interception.
Canadian researchers in 2009 uncovered a vast global cyber-
espionage network controlled largely by servers in China. The military and political targets whose networks were monitored — including the Tibetan government in exile and the office of the Dalai Lama — strongly suggested a Chinese role in the operation. Among the 1,295 computers infected in 103 countries were several belonging to the Associated Press bureau in London, according to the researchers, who were with the SecDev Group and the Munk Centre for International Studies at the University of Toronto.
Such infiltrations have unnerved the Chinese dissident community, where accusations of spying are common, said Andrew Nathan, a Columbia University professor active in several human rights groups that do work related to China. “There’s a paranoia that sets in,” he said. “That may be one of the functions of this surveillance.”
Security experts say that, while defenses are becoming more sophisticated against cyber-espionage, hackers continue to improve their skills as well. But even if foreign agents manage to gain access to mounting piles of data, they face a problem familiar to intelligence agencies everywhere: what to do with it.
“Most of us aren’t very interesting most of the time,” said Thomas Fingar, a China expert and former chairman of the National Intelligence Council. “You can waste an enormous amount of time and effort puzzling over something that is totally meaningless.”
William Wan in Beijing contributed to this report.