China: 'leading bad actor in cyberspace,' experts say

Feb 22, 2013 by Carol Huang
A pedestrian is seen walking past a 12-storey building alleged in a report on February 19, 2013, by the Internet security firm Mandiant, as the home of a Chinese military-led hacking group after the firm reportedly traced a host of cyberattacks to the building in Shanghai's northern suburb of Gaoqiao.

China's full-throated denials of hacking and counter-accusations of its own do nothing to allay growing concern over large-scale cyberspying alleged in a bombshell report this week, Western analysts said.

and state-run media have lashed out after a report by a US firm laid out in unprecedented detail what Western officials and experts have long claimed: that 's army runs an aggressive hacking operation targeting US firms.

But James Lewis, a senior fellow based in Washington with the Center for Strategic and International Studies (CSIS), said: "No country breaks into tears and confesses when accused of espionage, so the denials can be dismissed.

"Many countries besides the US have concluded that China is the leading bad actor in cyberspace and China's espionage is on track to become a major international problem," he added.

"Saying 'we're victims, too' won't deflect this."

The report from consultancy alleged that "APT1" had stolen data from at least 141 organisations across 20 industries and was part of a Chinese which investigators traced to an office block in Shanghai.

Although the account laid out the most detailed accusations yet of Chinese hacking, the rising power's online conduct had already drawn growing scrutiny.

Last month the and other American media outlets reported they had come under hacking attacks from China, and a US congressional report last year named the country as "the most threatening actor in cyberspace".

Beijing has rebuffed the allegations by countering that attacks tied to Chinese IP addresses do not necessarily originate from China, that their accusers have ulterior motives and that it too is a victim of hacking.

Graphic timeline of industries hacked by APT1, according to the Mandiant report.

Of about 10,000 attacks from overseas on Chinese websites last year, nearly three-quarters came from US IP addresses, the Xinhua state news agency said this month, citing the Emergency Response Coordination Centre.

Several Internet security firms with operations in China or Asia declined to comment on hacking attacks in light of the report.

But while Western powers have cyber-operations of their own, North American-based analysts said that Beijing's responses were disingenuous attempts to deflect attention from the mounting concern.

Major nations could be expected to carry out military and spy work in cyberspace as part of traditional war-planning and information-gathering, said Lewis, director of CSIS's technology and public policy programme.

Even so, China crossed a line by stealing commercial information, alarming Asian and Western countries, he added.

"The economic part is probably the most troubling because it says something about China's willingness to play by the rules in the international system," he said.

Xinhua said in a commentary that Mandiant's report "reeks of a commercial stunt" and Washington has a "habit of accusing other nations based on phoney evidence".

Beijing's defence ministry also argued that there was no globally agreed definition of hacking while the foreign ministry touted an "international code of conduct" proposed in 2011 by China, Russia and others.

But Lewis dismissed the claim of a lack of consensus on defining Internet breaches, pointing to the Council of Europe Convention on Cybercrime along with documents at the United Nations and World Trade Organization.

Nearly 40 countries, not including China, have ratified the European document, which Lewis called the "global standard".

Sarah McKune, a senior researcher at the University of Toronto Munk School of Global Affairs, said the code of conduct that Beijing supported had stirred controversy for possibly limiting free expression and access to information.

China has probably suffered similar levels of hacking as other nations, she said. "All countries experience cybercrime and neither China nor the US are outliers in that respect."

But Beijing could more persuasively address the concerns by responding to the allegations rather than highlighting its role as a victim, she added.

The rhetoric from government bodies and state media "is frankly not the kind of response one would hope for from a major power committed to cooperation on cybersecurity," McKune said.

"Very specific assertions have been made in the Mandiant report that implicate actors based in China, and those assertions require a real response."

Explore further: A Closer Look: Your (online) life after death

add to favorites email to friend print save as pdf

Related Stories

China steps up defence on hacking allegations

Feb 21, 2013

Chinese state media stepped up the war of words Thursday over allegations of sophisticated cyberattacks on US firms, branding the accusations a "commercial stunt" and accusing Washington of ulterior motives.

China military rejects hacking allegations

Feb 20, 2013

China's defence ministry Wednesday rebuffed a report linking its People's Liberation Army to sophisticated cyberattacks on US firms, saying there was no internationally agreed definition of hacking.

China Communist paper rejects hacking allegations

Feb 04, 2013

The official mouthpiece of China's ruling Communist Party on Monday roundly rejected claims of hacking attacks from China by American media outlets, hinting instead at ulterior motives by the US.

US, China trade charges on cyberattacks

Feb 19, 2013

The United States and China on Tuesday traded charges over cyberattacks after a security firm alleged that Beijing controled hackers who have penetrated the US government, companies and media.

Claims of hacking New York Times 'groundless': China

Jan 31, 2013

China on Thursday dismissed accusations that it had hacked into the system of the New York Times, in a cyberattack the paper linked to its expose of the wealth amassed by the family of Premier Wen Jiabao. ...

China paper: Google could be hurt by hacking claim

Jun 06, 2011

(AP) -- The Chinese Communist Party's main newspaper lashed out at Google on Monday, saying its latest complaints of computer hacking traced to China were politically motivated and warning its business might ...

Recommended for you

Yelp to pay US fine for child privacy violation

3 hours ago

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

A Closer Look: Your (online) life after death

Sep 16, 2014

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

Sep 16, 2014

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

Sep 16, 2014

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Claudius
1 / 5 (1) Feb 22, 2013
"China crossed a line by stealing commercial information, alarming Asian and Western countries, he added."

This seems a little hypocritical, as the U.S. and Israel busily release destructive viruses into the world.