More
- Classifieds
- Cars
- Deals
- Real Estate
- Rentals
- Photos
- Blogs

Technology

Chinese cyberspies have hacked most Washington institutions, experts say

By Craig Timberg and Ellen Nakashima,February 20, 2013

Government and business leaders in the United States and around the world…

Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.

The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies.

The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day.

READ: Zero Day — A special report on the threat in cyberspace

“The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, which has been hacked in the past. “Law firms, think tanks, newspapers — if there’s something of interest, you should assume you’ve been penetrated.”

The rising wave of cyber-espionage has produced diplomatic backlash and talk of action against the Chinese, who have steadfastly denied involvement in hacking campaigns. A strategy paper released by the Obama administration Wednesday outlined new efforts to fight the theft of trade secrets.

Cyberspying against what could be called the “information industry” differs from hacks against traditional economic targets such as Lockheed Martin, Coca-Cola and Apple, whose computer systems contain valuable intellectual property that could assist Chinese industrial or military capabilities.

Instead, journalists, lawyers and human rights workers often have access to political actors whose communications could offer insight to Chinese intelligence services eager to understand how Washington works. Hackers often are searching for the unseen forces that might explain how the administration approaches an issue, experts say, with many Chinese officials presuming that reports by think tanks or news organizations are secretly the work of government officials — much as they would be in Beijing.

“They’re trying to make connections between prominent people who work at think tanks, prominent donors that they’ve heard of and how the government makes decisions,” said Dan Blumenthal, director of Asian studies at the American Enterprise Institute, which also has been hacked. “It’s a sophisticated intelligence-gathering effort at trying to make human-network linkages of people in power, whether they be in Congress or the executive branch.”

China’s aggressive effort

Russia and some other nations also are said to engage in cyber-
espionage against private companies and institutions, but security experts and U.S. officials say China’s effort is the most aggressive and comprehensive. The information-technology staffs of private groups have scrambled to neutralize the intrusions, often hiring outside specialists to expel hackers and installing monitoring systems to keep them out.

Yet such efforts do not always succeed, security experts say. Hackers often build secret “back door” access to computer systems or redouble their efforts to penetrate again once they’ve been purged.

Not long after the Wall Street Journal reported last month that its systems had been infiltrated, the chief executive of its parent company, Rupert Murdoch, tweeted, “Chinese still hacking us, or were over the weekend.” The New York Times and The Washington Post have also reported being victims of cyber-intrusions probably conducted by the Chinese.

The former head of cybersecurity investigations for the FBI, Shawn Henry, said his agents used to alert dozens of companies and private institutions about breaches every week, with Chinese hackers the most common suspects.

“I’ve yet to come across a network that hasn’t been breached,” said Henry, president of CrowdStrike Services, a security company. “It’s like having an invisible man in your room, going through your filing cabinets.”

The rise of pervasive cyber-
espionage has followed broader technological shifts: More and more information is gathered and conveyed online. Rising computing power, meanwhile, has made more of it vulnerable to hackers almost anywhere in the world. This has dramatically lowered the cost of spying — traditionally a labor-intensive pursuit that carries the risk of arrest or worse — and made more institutions viable targets.

The Chinese government has consistently denied having the kind of aggressive cyber-espionage campaign often described by Western officials and security experts, calling such allegations irresponsible and unsupported by evidence.