March 29, 2024

Bits Blog: Cyberattacks a Topic in Obama Call With New Chinese President

Xi Jinping, the newly elected president of China.Feng Li/Getty Images Xi Jinping, the newly elected president of China.

Cyberthreats featured prominently in President Obama’s congratulatory call to the new Chinese president, Xi Jinping, on Thursday.

The president used the occasion to discuss the loss of United States intellectual property from cyberattacks. The mere mention of cyberthreats is a step forward for an administration that has been reluctant to confront Beijing on Chinese military attacks even as billions of dollars’ worth of trade secrets have been stolen.

But a spate of recent headlines about Chinese cyberattacks on The New York Times, The Washington Post, The Wall Street Journal and others have thrust the issue on the diplomatic stage.  A report by Mandiant, a computer security firm, tying hundreds of attacks back to one Chinese military unit, made the issue even harder to ignore.

Mr. Obama has been increasingly vocal about cyberthreats, but has not gone as far as to call out China by name. In his State of the Union address, he was careful to omit China when he said “we know foreign countries and companies swipe our corporate secrets.” And when the Obama administration sent the nation’s Internet providers a confidential list of Internet addresses tied to a hacking group that had stolen terabytes of data from American corporations, it failed to mention that every single address could be traced to the Chinese military cybercommand.

But privately, administration officials have said they plan to tell China’s new leaders that the volume and sophistication of Chinese cyberattacks have become so intense that they threaten the relationship between Washington and Beijing.

“In any discussion with China, the U.S. needs to have three agenda items: One, cybersecurity; two, cybersecurity; and three, cybersecurity,” Mike Rogers, the Republican chairman of the House Intelligence Committee, said in an interview.

China has long denied that it is responsible for cyberattacks on American companies and has said that it too is a victim of such attacks. And in discussions with American officials, Chinese representatives often refuse to discuss economic espionage.

“They say that the topic of economic espionage is ‘embarrassing’ for them,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, who has participated in such discussions. “They say, in the U.S. cyberwarriors are treated as heroes but those who participate in economic espionage are treated like criminals. In China, the line is not so clear.”

Article source: http://bits.blogs.nytimes.com/2013/03/14/cyberattacks-prominent-in-obama-call-with-new-chinese-president/?partner=rss&emc=rss

U.S. Demands China Crack Down on Cyberattacks

The demand, made in a speech by President Obama’s national security adviser, Tom Donilon, was the first public confrontation with China over cyberespionage and came two days after its foreign minister, Yang Jiechi, rejected a growing body of evidence that his country’s military was involved in cyberattacks on American corporations and some government agencies.

The White House, Mr. Donilon said, is seeking three things from Beijing: public recognition of the urgency of the problem; a commitment to crack down on hackers in China; and an agreement to take part in a dialogue to establish global standards.

“Increasingly, U.S. businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyberintrusions emanating from China on an unprecedented scale,” Mr. Donilon said in a wide-ranging address to the Asia Society in New York.

“The international community,” he added, “cannot tolerate such activity from any country.”

Until now, the White House has steered clear of mentioning China by name when discussing cybercrime, though Mr. Obama and other officials have raised it privately with Chinese counterparts. In his State of the Union address, he said, “We know foreign countries and companies swipe our corporate secrets.”

But as evidence has emerged suggesting the People’s Liberation Army is linked to hacking, the China connection has become harder for the administration not to confront head-on. The New York Times three weeks ago published evidence tying one of the most active of the Chinese groups to a neighborhood in Shanghai that is headquarters to a major cyberunit of the People’s Liberation Army. That account, based in large part on unclassified work done by Mandiant, a security firm, echoed the findings of intelligence agencies that have been tracking the Chinese attackers.

American officials say raising the issue with the Chinese is a delicate balancing act at a time when the United States is seeking China’s cooperation in containing North Korea’s nuclear and missile programs, and joining in sanctions on Iran. Yet they have been expressing their concerns about cyberattacks with Chinese officials for years. Starting in 2010, they invited P.L.A. officials to discuss the issue — a process that has only just started — and last November, Mr. Obama broached the subject at a summit meeting with Prime Minister Wen Jiabao, a senior administration official said.

Since then, the official said, there has been a “perfect storm” of media coverage and protests from the corporate world. Still, he said, Mr. Donilon chose not to mention the P.L.A. in his speech because he did not want to engage in finger-pointing.

“What we are hoping to do,” another senior official said, “is force the Chinese civilian leadership to realize that the P.L.A. is interfering with their foreign policy.”

The Chinese have insisted that they are the victims of cyberattacks, not the perpetrators. On Saturday, Mr. Yang issued his own call for “rules and cooperation” on cybersecurity and said reports of Chinese military involvement in cyberattacks were “built on shaky ground.”

“Anyone who tries to fabricate or piece together a sensational story to serve a political motive will not be able to blacken the name of others nor whitewash themselves,” Mr. Yang told reporters at the National People’s Congress, which was preparing to ratify the ascension of Xi Jinping to the Chinese presidency.

Mr. Donilon said the threats to cybersecurity had moved to the forefront of American concerns with China, noting that he was not “talking about ordinary cybercrime or hacking.”

That distinction, a senior administration official said, was meant to separate the theft of intellectual property by Chinese state entities from small-scale hacking by individuals, or the use of cyberweapons by a state to protect its national security. But the distinction between cyberattacks aimed at intellectual property theft and those aimed at disabling a military threat is largely made by Western officials devising legal arguments, not one the Chinese have embraced.

Even as he emphasized the need for international rules to guide cyberactivity, Mr. Donilon made no reference to the billions of dollars the American military and intelligence agencies are spending to develop an arsenal of offensive cyberweapons — to be used against military targets, officials insist, not economic ones. The most famous of these operations was the covert cyberattack mounted by the United States and Israel to disable the centrifuges that Iran uses to enrich uranium at its site in Natanz.

Mr. Donilon sketched out a vigorous agenda in Asia, insisting the United States would keep pursuing its “strategic pivot” toward the region, despite cuts in military spending. He announced that the Treasury Department would impose sanctions on a North Korean bank specializing in foreign-exchange transactions — ratcheting up the pressure on the North Korean government on the day that Pyongyang announced it would no longer abide by the 1953 armistice that halted the Korean War.

With fears about North Korea’s increased nuclear and missile capabilities causing considerable anxiety in Seoul and Tokyo, Mr. Donilon restated a “declaratory policy” that was first formulated by President George W. Bush after the North’s first nuclear test, in 2006. He warned that the United States would reserve the option to retaliate against the North, not just if it used nuclear weapons but if it allowed the “transfer of nuclear weapons or nuclear materials to other states or nonstate entities.”

That formulation did not appear to cover, however, the transfer of technology to build nuclear facilities, as North Korea did in Syria. That reactor was destroyed by Israel in 2007.

“It’s understandable that the people of South Korea would be concerned about the threat they face from the North,” Mr. Donilon said, apparently alluding to talk in the South of building the country’s own nuclear arsenal, a move the United States halted decades ago. Mr. Donilon added that the United States had assets in place “to insure that South Korea’s defense is provided for.”

Article source: http://www.nytimes.com/2013/03/12/world/asia/us-demands-that-china-end-hacking-and-set-cyber-rules.html?partner=rss&emc=rss

Washington Post Joins List of News Media Hacked by the Chinese

The Washington Post can be added to the growing list of American news organizations whose computers have been penetrated by Chinese hackers.

After The New York Times reported on Wednesday that its computers as well as those of Bloomberg News had been attacked by Chinese hackers, The Wall Street Journal said on Thursday that it too had been a victim of Chinese cyberattacks.

According to people with knowledge of an investigation at The Washington Post, its computer systems were also attacked by Chinese hackers in 2012. A former Post employee said there had been hacking attempts at the Washington Post for at least four years, but none targeted the company’s newsroom. Then, last year, newsroom computers were found to be communicating with Web servers that were traced back to China, according to people with knowledge of the Post investigation who declined to speak on the record.

Jennifer Lee, a spokeswoman for the Post Company, said that the “company did not have anything to share at this time.”

Security experts said that in 2008, Chinese hackers began targeting American news organizations as part of an effort to monitor coverage of Chinese issues.

In a report for clients in December, Mandiant, a computer security company, said that over the course of several investigations it found evidence that Chinese hackers had stolen e-mails, contacts and files from more than 30 journalists and executives at Western news organizations, and had maintained a “short list” of journalists for repeated attacks.

Among those targeted were journalists who had written about Chinese leaders, political and legal issues in China and the telecom giants Huawei and ZTE.

The Times reported on Wednesday that Bloomberg L.P. was also attacked by Chinese hackers after its Bloomberg News unit published an article last June about the wealth accumulated by relatives of Xi Jinping, China’s vice president at the time. Mr. Xi became general secretary of the Communist Party in November and is expected to become president in March.

The secretary of state, Hillary Rodham Clinton, said on Thursday that a global effort was needed to establish rules for cyberactivity. In her final meeting with reporters, Mrs. Clinton addressed a question about China’s efforts to infiltrate computer systems at The New York Times. “We have seen over the last years an increase in not only the hacking attempts on government institutions but also nongovernmental ones,” she said, adding that the Chinese “are not the only people who are hacking us.”

Article source: http://www.nytimes.com/2013/02/02/technology/washington-posts-joins-list-of-media-hacked-by-the-chinese.html?partner=rss&emc=rss