U.S.: Beijing backs hacking on 'massive scale'

Commission report to Congress says hacking by Chinese government, individuals, and organizations into networks in the U.S. and elsewhere has "extensive intelligence and reconnaissance components."

Lance Whitney Contributing Writer

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.

See full bio

Lance Whitney

Nov. 17, 2010 10:57 a.m. PT

2 min read

A report delivered today to Congress by a commission on U.S.-Chinese relations is pointing the finger at the Chinese government for continued hacking attempts and computer exploits.

"Recent high-profile, China-based computer exploitations continue to suggest some level of state support. Indicators include the massive scale of these exploitations and the extensive intelligence and reconnaissance components," noted the report from the U.S.-China Economic and Security Review Commission's (USCC).

The report specifically concluded that the Chinese government, Communist Party, and Chinese individuals and organizations continue to hack into computer systems and networks in the U.S. and other countries. Finding the methods used more sophisticated than in past attacks, the commission said that the hackers are increasingly using social-networking tools and malicious software with ties to criminal organizations.

CNET last month reported on the findings of the commission through information obtained from a draft report. Today's release marks the official version of the USCC's 2010 report to Congress.

The report details a number of incidents in which China hijacked or redirected Internet data from other countries. Among the most prominent highlights, the USCC described one incident in April (PDF) in which state-controlled Chinese carrier China Telecom sent out incorrect information on Internet traffic paths that told data from the U.S. and other countries to travel through Chinese servers.

This incident, which occurred in April and lasted 18 minutes, affected traffic to and from U.S. government and military sites as well as those for commercial companies, such as Dell, Microsoft, IBM, and Yahoo. The USCC could not determine if this redirection was intentional, or what, if anything, Chinese telecommunications carriers did with the "hijacked" data. But it did point out in its report that this type of activity could let a telecommunications firm access data from traffic that's supposed to be secure and encrypted.

In response to the USCC's allegation, China Telecom today denied any involvement in the April incident, according to Reuters. "The spokesman of China Telecom Corporation Limited denied any hijack of Internet traffic," the company said in a statement e-mailed to Reuters.