Inside Scoop: Hacks tied to China's army: Inside Scoop
Inside Scoop: Inside Scoop: Hacks tied to China's army3:55 /
CNET's Kara Tsuboi and Declan McCullagh discuss the recent spate of alleged Chinese cyberattacks on American companies. Find out how hackers are infiltrating computers and what the U.S. government is saying about the hacking.
-Hey everyone and welcome to the Inside Scoop. I'm Kara Tsuboi and I'm joined by CNET's chief political correspondent, Declan Mccullagh. Thanks for joining us Declan. And today, we are talking about new report coming out about over 140 companies that have supposedly been attacked by someone within China. Why don't you clarify a little bit? -What we knew going in and this has been the case for years now. Google was the first major company to go public with this about 3 years ago. We knew that there are bunch of hackers in China probably around Shanghai who were responsible for a lot of these intrusions, but what we didn't know was whether they are part of the Chinese government or military and the report that was released a day or so ago provides pretty compelling evidence. I mean if these were a jury, the jury would have voted a convict that not just a group of hackers that are working independently. This is actually part of the Chinese army, and they are the ones who are behind these hundred plus intrusions into largely U.S. companies. And how are they doing this? How are they getting in? -Well, it's a combination of a sort of low scale and high scale attacks. What they often do is they'll send you e-mail the reports to be from your boss, your manager, your CEOs saying, here's a new presentation or some press release, can you double click this and let me know what you think? That sounds pretty compelling -Sure it is. -Especially if it comes from a Gmail address. You don't even know what your boss' home Gmail address, it's a bit looks familiar and you're probably just gonna click on it, and then they got access to your system. From that entry point or access point, they can then leap frog into other systems and map out the internal network, infect the other computers and it's very difficult to protect against this. They are called spear fishing. It's very targeted hacks against individuals. I mean, if you get e-mail from your mom or your cousin, you might actually open it. -Absolutely, and we know that more than 20 different industries have an attack, what do you think the purposes. What kind of information are they collecting? -Oh, we've known for a while that these industries are being attacked. I mean there was flurry of articles last summer saying that say the electric power grid has been infiltrated, which is kind of scary. I really feel or understand why any nuclear power plant has to be connected to the internet, but putting that aside, the interesting thing is that, if you have controls some of these computers, I mean, you can do malicious things. You can destroy data. You can alter data, which is almost worse or you can try to take over some of the control systems that might control say water utilities or sewage utilities here or so on, but they haven't. It's almost like they had orders from above. Is it a code of ethics, I don't know, but all they're doing is extracting data. It's espionage. It's not sabotage. -What is the position that U.S. government is taking on this? -The U.S. government has been, I mean, look-- The U.S. Government is not entirely stupid. They do know this is going on. They've have it. We've known since a year or so that the airforce has a special office that has been looking into this from the government end, but I mean, this is-- it's not attacking U.S. systems to destroy them. It's not really war. In a traditional sense, it's espionage, and espionage is typically handled not by, you know, invading other countries, but by diplomatic action. So, yesterday, the state department, the spokesman said, well, we're talking like it's at the highest levels, and what was this means, I don't know. There is a White House report due to come today talking about espionage and theft of trade secrets. China is probably the biggest culprit in this respect and so I think this is something that's going to be handled at the diplomatic level and probably not just in the next year, but over the next 5 or 10 years. -I would think so as well. Both parties are gonna continuing doing what they're doing and will receive the responses. -Exactly. -Great, thank you so much, Declan Mccullagh, I'm Kara Tsuboi. Thanks for watching the Inside Scope.