Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.
The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies.
The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day.
“The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, which has been hacked in the past. “Law firms, think tanks, newspapers — if there’s something of interest, you should assume you’ve been penetrated.”
The rising wave of cyber-espionage has produced diplomatic backlash and talk of action against the Chinese, who have steadfastly denied involvement in hacking campaigns. A strategy paper released by the Obama administration Wednesday outlined new efforts to fight the theft of trade secrets.
Cyberspying against what could be called the “information industry” differs from hacks against traditional economic targets such as Lockheed Martin, Coca-Cola and Apple, whose computer systems contain valuable intellectual property that could assist Chinese industrial or military capabilities.
Instead, journalists, lawyers and human rights workers often have access to political actors whose communications could offer insight to Chinese intelligence services eager to understand how Washington works. Hackers often are searching for the unseen forces that might explain how the administration approaches an issue, experts say, with many Chinese officials presuming that reports by think tanks or news organizations are secretly the work of government officials — much as they would be in Beijing.
“They’re trying to make connections between prominent people who work at think tanks, prominent donors that they’ve heard of and how the government makes decisions,” said Dan Blumenthal, director of Asian studies at the American Enterprise Institute, which also has been hacked. “It’s a sophisticated intelligence-gathering effort at trying to make human-network linkages of people in power, whether they be in Congress or the executive branch.”
China’s aggressive effort
Russia and some other nations also are said to engage in cyber-
espionage against private companies and institutions, but security experts and U.S. officials say China’s effort is the most aggressive and comprehensive. The information-technology staffs of private groups have scrambled to neutralize the intrusions, often hiring outside specialists to expel hackers and installing monitoring systems to keep them out.
Yet such efforts do not always succeed, security experts say. Hackers often build secret “back door” access to computer systems or redouble their efforts to penetrate again once they’ve been purged.
Source : washingtonpost[dot]com