Panetta talks computer hacking issues with Chinese

Sep 20, 2012 by Lolita C. Baldor
U.S. Secretary of Defense Leon Panetta addresses cadets at the Engineering Academy of PLA Armored Forces, in Beijing, Wednesday, Sept. 19, 2012. (AP Photo/Larry Downing, Pool)

(AP)—Despite several years of escalating diplomacy and warnings, the U.S. is making little headway in its efforts to tamp down aggressive Chinese cyberattacks against American companies and the government.

U.S. Leon Panetta, who is wrapping up three days of meetings with military and civilian leaders, said he has brought the issue up at every session and come away with little more than agreements to talk again.

Meanwhile, cybersecurity analysts say the computer-based attacks emanating from continue unabated, and in fact are expanding and focusing more intently on critical American oil, gas and other energy companies.

"No diplomatic actions have made a difference," said Richard Bejtlich, chief security officer for the Virginia-based cybersecurity firm Mandiant. "They remain aggressive—they're kicked out one day and try to get back in the next day."

He said the China-backed hackers' tactics are also evolving, and they are more often going after corporate computer systems by breaching software weaknesses, rather than simply trying to get into a network by duping an individual employee. And he said they appear to be increasingly targeting lucrative energy companies.

Efforts by officials across the U.S. government have not seemed to have any impact, Bejtlich said, adding: "The Chinese don't seem to care. So I don't have any hope that the is reaching anyone of any note."

Panetta, who is leaving China on Thursday, met with China's leader-in-waiting, Xi Jinping, Wednesday and afterward told reporters that he urged Xi and other leaders to have an ongoing dialogue with the United States about the .

"I think it's clear that they want to engage in a dialogue on this issue," Panetta said, "and I guess that's the most important thing. That's the beginning of trying to perhaps be able to develop an approach to dealing with that has some semblance of order here as opposed to having countries basically all flying in the dark."

Chinese officials have steadfastly denied the cyberattacks, saying they also are victims of computer hackers and breaches.

But nine months ago senior U.S. intelligence officials for the first time publicly accused China of systematically stealing American high-tech data for its own national economic gain. It was the most forceful and detailed airing of U.S. allegations against Beijing after years of private complaints, and it launched a more open push to combat the attacks.

James Lewis, a cybersecurity expert with the Center for Strategic and International Studies, said the U.S. is starting to push the Chinese harder on the issue, but the administration needs to do more.

"The damage from Chinese cyber espionage is easy to overstate but that doesn't mean we should accept it," he said. "The Bush administration was unaware of the problem; this administration needs to come up with a more dynamic response."

Cyber experts and U.S. officials agree that one of the biggest threats is the possibility of a miscalculation when a cyber breach triggers a clash between the two nations and there is no underlying relationship that can be used to discuss or work out the problem.

"How do you make sure something doesn't go off course and become a flashpoint for a bigger crisis?" Lewis said.

He added that the People's Liberation Army has been more confrontational lately, and lingering questions remain about the relationship between the Chinese political leaders and the military, and whether the civilian officials can effectively rein in the PLA.

Bejtlich and others describe a hierarchy of hackers in China that includes three main groups: those who are employed directly by the government, those who are affiliated with universities or quasi-government agencies and the so-called patriotic hackers who work on their own but direct their attacks against the U.S. and Western interests.

Bejtlich said some of the state-sponsored hackers appear to moonlight, stealing data from Western companies perhaps as a way of making more money. As long as they don't present a threat to China or Chinese companies, it is tolerated.

Panetta has warned repeatedly that cyberattacks and cyberwarfare could set off the next war. And U.S. officials and security experts say government and private industry systems are constantly being probed, breached and attacked. A key threat is an attack against critical infrastructure, including the electric grid, power plants or financial networks, that could plunge the U.S. into crisis.

Officials have said that at this point the main threats from China are intelligence espionage and the theft of corporate and high-tech data, rather than an all-out act of war. But they warn that in China, many of whom work for, are backed by or are tolerated by the Chinese government, are capable of highly sophisticated attacks.

Explore further: Twitter rules out Turkey office amid tax row

not rated yet
add to favorites email to friend print save as pdf

Related Stories

US, China to cooperate more on cyber threat

May 08, 2012

(AP) -- Asserting that cyberattacks against the U.S. don't come only from China, the U.S. and Chinese defense ministers said they agreed Monday to work together on cyber issues to avoid miscalculations that ...

A few hacker teams do most China-based data theft

Dec 12, 2011

As few as 12 different Chinese groups, largely backed or directed by the government there, commit the bulk of the China-based cyberattacks stealing critical data from U.S. companies and government agencies, according to U.S. ...

Cyber weaknesses should deter US from waging war

Nov 08, 2011

(AP) -- America's critical computer networks are so vulnerable to attack that it should deter U.S. leaders from going to war with other nations, a former top U.S. cybersecurity official said Monday.

US report blasts China, Russia for cybercrime

Nov 03, 2011

(AP) -- Cyberattacks by Chinese and Russian intelligence services, as well corporate hackers in those countries, have swallowed up large amounts of high-tech American research and development data, and that stolen information ...

US Senate in new cybersecurity push

Feb 15, 2012

US senators, warning of potentially catastrophic cyberattacks, introduced a bill Tuesday aimed at protecting critical infrastructure such as power, water and transportation systems.

Recommended for you

Twitter rules out Turkey office amid tax row

16 hours ago

Social networking company Twitter on Wednesday rejected demands from the Turkish government to open an office there, following accusations of tax evasion and a two-week ban on the service.

How does false information spread online?

18 hours ago

Last summer the World Economic Forum (WEF) invited its 1,500 council members to identify top trends facing the world, including what should be done about them. The WEF consists of 80 councils covering a wide range of issues including social media. Members come ...

User comments : 0

More news stories

Simplicity is key to co-operative robots

A way of making hundreds—or even thousands—of tiny robots cluster to carry out tasks without using any memory or processing power has been developed by engineers at the University of Sheffield, UK.

Microsoft CEO is driving data-culture mindset

(Phys.org) —Microsoft's future strategy: is all about leveraging data, from different sources, coming together using one cohesive Microsoft architecture. Microsoft CEO Satya Nadella on Tuesday, both in ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

Patent talk: Google sharpens contact lens vision

(Phys.org) —A report from Patent Bolt brings us one step closer to what Google may have in mind in developing smart contact lenses. According to the discussion Google is interested in the concept of contact ...

Quantenna promises 10-gigabit Wi-Fi by next year

(Phys.org) —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...