Two U.S. lawmakers on Wednesday accused China of hacking into their office computers, bringing a swift denial from the Chinese government the next day.
U.S. Rep. Frank Wolf (R.-Va.), a frequent advocate of human rights causes, said that in August 2006 an outside attack was made on four of his office computers that contained “information about all of the casework I have done on behalf of political dissidents and human rights activists around the world.”
House Information Resources and FBI officials told Wolf that the attacks came from within the People’s Republic of China, he added.
“These cyber-attacks permitted the source to probe our computers to evaluate our system’s defenses, and to view and copy information,” Wolf said. “My suspicion is that I was targeted by Chinese sources because of my long history of speaking out about China’s abysmal human rights record.”
‘Very Serious Concern’
Rep. Christopher Smith (R.-N.J.), a member of the House Committee on Foreign Affairs, said his computer had also been attacked by a source within China and that the attack targeted files related to China.
“These contained legislative proposals directly related to Beijing, including the Global Online Freedom Act, e-mails with human rights groups regarding strategy, information on hearings on China — I chaired more than 25 hearings on human rights abuses in China — and the names of Chinese dissidents,” Smith recounted. “While this absolutely doesn’t prove that Beijing was behind the attack, it raises very serious concern that it was.”
Wolf on Wednesday put forth H.R. 1263, a privileged resolution on the House floor calling for greater protection of Congressional computer and information systems.
The Chinese government responded on Thursday by saying that the allegations are unfounded, suggesting that the developing nation has not yet achieved the technical know-how to perpetrate such an attack, according to Reuters.
Experts on national security and cyberwarfare, however, are not convinced.
“That’s preposterous,” Jody Westby, CEO of Global Cyber Risk and chair of the American Bar Association’s Privacy and Computer Crime Committee, told the E-Commerce Times. Westby is also a distinguished fellow with Carnegie Mellon University’s CyLab.
“They certainly do have the technical know-how, and have openly stated in their own government documents that they are actively developing the capability with the goal of being able to win an informatized war by 2050,” she explained.
“We know that they have hacked into the Department of Defense, we know that they are all over our systems, and we suspect they have probably penetrated many millions of computers in the United States,” Westby added. “The Chinese are probably the country most actively and openly pursuing cyber-warfare capabilities.”
Of course, it’s one thing to trace an attack to China, but another thing altogether to be able to say that it was the Chinese government itself that was responsible for it, she noted.
Pinpointing the Source
“Out of all these cyber-reconnaissance missions that seem to be conducted from China, we don’t know how many were conducted on behalf of China,” she explained.
It could be lone Chinese individuals behind them, or “there could be government activities being conducted from computers not tied to a government IP address,” Westby said.
Because of the difficulty pinpointing the source of the attacks, then, it would “probably be a little broad” to accuse the Chinese government itself of perpetrating them, she said. On the other hand, “it’s certainly not wild speculation.”
No Question on Capabilities
Indeed, “we see this all the time,” Johannes Ullrich, chief technology officer at the SANS Institute, told the E-Commerce Times.
“Whether it’s the Chinese government or individuals is harder to distinguish,” Ullrich agreed.
Nevertheless, “Chinese individuals certainly have the capability, so the government must too,” he added.
Lack of Cooperation
On a higher level, regardless of the particular source, “as long as it’s someone from China, the Chinese government quite simply should be investigating and cooperating instead of denying,” Westby asserted.
“In China, the government has control over communications, so why aren’t they cooperating?” she pointed out.
“They may want to call themselves a developing country, but they’re very actively and aggressively competing on the global stage and saying ‘We’re going to do this our way,'” she added. “They’re one of the most sophisticated countries when it comes to communications and technology — especially when it comes to the Internet.”