Report: U.S. vulnerable to Chinese cyber espionage

Congressional commission report says Chinese could conduct cyber warfare so sophisticated that U.S. may unable to respond.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read

China is actively conducting cyber espionage as a warfare strategy and has targeted U.S. government and commercial computers, according to a new report from the U.S.-China Economic and Security Review Commission.

"China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report (PDF) delivered to Congress on Thursday.

The report cites news articles and testimony from U.S. officials like Col. Gary McAlum, chief of staff for the U.S. Strategic Command's Joint Task Force for Global Network Operations. It concludes that Chinese cyber attacks, authoritarian rule, and trade violations are impediments to U.S. economic and national security interests.

A spokesman for the Chinese foreign ministry, Qin Gang, said the report was misleading, impeding cooperation between the U.S. and China, and "unworthy of rebuttal," according to an article published late Monday in Secure Computing Magazine.

China is targeting government and private computers in the U.S., including systems operated by the biggest U.S. defense contractors, according to the report, which cited news articles. In 2005, hackers from China nabbed NASA files on the propulsion system, solar panels, and fuel tanks, and an aviation mission planning system for Army helicopters and Army and Navy flight planning software were stolen from the Army Aviation and Missile Command at Redstone Arsenal in Alabama, the report said.

China can access an unclassified U.S. military network called the NIPRNet (Non-secure Internet Protocol Router Network) and "views is as a significant Achilles' heel and as an important target of its asymmetric capability," according to the report. This "gives China the potential capability to delay or disrupt U.S. forces without physically engaging them--and in ways it lacks the capability to do conventionally."

The U.S. government also is at risk as a result of the global computer supply chain, the commission said. Computer components used by the U.S. and manufactured in China are "vulnerable to tampering by Chinese security services, such as implanting malicious code that could be remotely activated on command and place U.S. systems or the data they contain at risk of destruction or manipulation," the report said. Hundreds of counterfeit routers made in China were found in systems throughout the Defense Department, it said.

The Chinese government is training citizens in cyber operations at military academies, and tolerates, or even encourages, actions taken by an estimated 250 hacker groups there, the report said.

Chinese military officials believe the U.S. is doing cyber espionage against China, and believe that by striking first with a cyber attack they can plant misinformation and hide their tracks, according to the report.

U.S. officials and lawmakers have complained about specific incidences where they believed Chinese representatives breached their systems. This summer, two congressmen who have been longtime critics of China's human rights record accused China of compromising computers that had information related to political dissidents. In the spring, government sources told the Associated Press that they were looking into allegations that Chinese officials copied data from a laptop left unattended in China by the commerce secretary.