The who's-hacking-who battle between China and the U.S. is heating up this week as President Obama's national security adviser made a statement sure to draw the ire of China's leaders.
Tom Donilon, in a speech to The Asia Society on Monday, signaled a desire to build a constructive relationship with China. The president, he said, places great importance on this relationship because there are few diplomatic, economic or security challenges in the world that can be addressed without China at the table.
But Donilon also noted that cyber-security has become a growing challenge to the economic relationship between the U.S. and China. Economies as large as the U.S. and China, he said, have a tremendous shared stake in ensuring that the Internet remains open, interoperable, secure, reliable and stable.
Beijing Should Take Serious Steps
"I am not talking about ordinary cybercrime or hacking. And, this is not solely a national security concern or a concern of the U.S. government," Donilon said.
"Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale."
The international community cannot afford to tolerate such activity from any country, Donilon said. He reminded his listeners what President Obama said in his State of the Union address: "We will take action to protect our economy against cyber-threats." Donilon signaled that the United States will do all it must to protect its national networks, critical infrastructure, and its public and private sector property.
"But, specifically with respect to the issue of cyber-enabled theft, we seek three things from the Chinese side," he said.
"First, we need a recognition of the urgency and scope of this problem and the risk it poses -- to international trade, to the reputation of Chinese industry and to our overall relations.
"Second, Beijing should take serious steps to investigate and put a stop to these activities.
"Finally, we need China to engage with us in a constructive direct dialog to establish acceptable norms of behavior in cyberspace."
Reviewing the Mandiant Report
Although China denies it, a report from the Mandian security firm alleges that nation is hacking into U.S. interests. The New York Times hired Mandian to conduct an investigation after it said it was hacked. The Wall Street Journal also claimed a hack from criminals in China.
Tom Cross, director of research for Lancope, reviewed Mandiant's report, which attributes several attacks to a group known as APT1 and apparently connected to the Chinese military. Cross told us that computer network operators need to know if their networks have been targeted by APT1, because these additional indicators may help them identify infections have yet to be discovered. These indicator that identify an APT1 attack have not been published anywhere else.
"Its important for people to understand that attackers in China don't have to launch their attacks from China. They can break into computers anywhere in the world and launch their attacks from any geographic location," Cross said.
"Some people assume that by filtering traffic from certain countries, they can protect themselves from threats emanating from that country. That's a bit of an oversimplification. It doesn't work for sophisticated attacks. Those attacks can come from anywhere."