Image credit: flickr/RBerteig
There's a lot of noise coming from the senior ranks of the Obama Administration and the U.S. military about cyber espionage by China. Barely a week goes by without a withering assessment of the damage done by Chinese cyber intrusions on U.S. industry, government agencies and contractors.
The latest flare up came this week with the release of the Department of Defense's annual military assessment of the People's Republic of China (PRC). That report directly accused the Chinese government and military of engaging in cyber espionage against the U.S. government, U.S. military and U.S. companies. That followed on the heels of reports last week of a serious breach at the U.S. Department of Labor that showed evidence of the involvement of a group known as "Deep Panda" that is believed to operate out of China, according to an analysis by the firm Cloudstrike.
That report and the DoD assessment also echoed some of the same points made by the security firm Mandiant in a February report that profiled the activities of a hacking unit of the People's Liberation Army (PLA), "Unit 61398," that is linked to around 150 intrusions the company has analyzed.
It's good that Uncle Sam has put offensive computer intrusions and spying atop his list of grievances with The People's Republic of China. But it's equally true that the U.S. government shares some of the blame for the damage wrought by the attacks for close to 20 years.
Let's be frank: China's intent to steal U.S. secrets is no secret. There has been public knowledge of widespread, China-based hacking against the government, military and its key contractors for more than a decade. "Moonlight Maze" was the name given to a large-scale hack of the U.S. Department of Energy, The Pentagon and NASA in the late 1990s and was the subject of a 1999 Newsweek article.
Then, in 2005, there was "Titan Rain," a widespread assault on the U.S. Defense Department that breached "hundreds of unclassified networks," according to a report in The Washington Post. That breach was discovered by someone working outside the government, a Sandia National Labs investigator named Shawn Carpenter, who was investigating cyber breaches at Sandia and other defense contractors. Concerned, Carpenter reported it to federal officials and then leaked the story to the media after he was told to mind his knitting.
A similarly timed intrusion on government networks in 2006 was named "Byzantine Hades," according to leaked State Department documents fingering the PLA as the source of the hack. Then there was the Operation Aurora, a massive attack on prominent U.S. technology, financial services and defense industrial base companies in 2009 and 2010. That attack came to light after Google decided to go public about it. And those are just the attacks that got named.
Sign up for CIO Asia eNewsletters.