US: Chinese Military is Hacking on "Unprecedented" Scale

[CountDeMoney]

In any event, nobody cares.

[Kleves]

But wait, there's more:

The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking  units backed by the People's Republic of China, prompting  high level warnings to Chinese officials to stop such activities,  U.S. intelligence officials tell NBC News.

The disclosure on the eve of a two-day summit between the U.S. and Chinese presidents highlights what has become a persistent source of tension between the two global powers: Beijing's aggressive, orchestrated campaign to pierce America's national security armor at any weak point – in this case the computers and laptops of top campaign aides and advisers who received high-level briefings.

The goal of the campaign intrusion, according to the officials: to export massive amounts of internal data from both campaigns—including internal position papers and private emails of key advisers in both camps.

"Based on everything I know, this was a case of political cyberespionage by the Chinese government against the two American political parties," said Dennis Blair, who served as President Obama's director of national intelligence in 2009 and 2010. "They were looking for positions on China, surprises that might be rolled out by campaigns against China."

The intrusion into the campaigns' computer networks and subsequent efforts to penetrate them were highly sophisticated and continued for months after they were first detected by the FBI in the summer of 2008, according to the officials and an Obama campaign security consultant hired to thwart them. The intrusions and some details of what was targeted have been previously reported, but not publicly attributed to government-backed Chinese hackers.

Obama publicly referred to the attacks -- in general terms -- at a May 29, 2009, White House event announcing a new cybersecurity policy. "Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans," he said then.

But neither the president nor his top aides publicly spoke about the identity of the hackers, or the depth and gravity of the attack.

Officials and former campaign officials now acknowledge to NBC News that the security breach was far more serious than has been publicly known, involving the potential compromise of a large number of internal files. And, in one case, it included the apparent theft of private correspondence from McCain to the president of Taiwan.

Cyberattacks by the Chinese are expected to be at the top of the president's agenda this weekend. U.S. officials say that such intrusions – many of them traced to a unit of the People's Republic of China in Shanghai – have gotten even more brazen since the 2008 campaign.

"There's been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue," said Shawn Henry, who headed up the FBI's probe of the 2008 attacks as the bureau's chief of cyberinvestigations. He is now president of Crowdstrike, a computer security firm.

David Plouffe, Obama campaign manager, vividly recalls getting a phone call from Josh Bolton, then President George W. Bush's chief of staff, in the middle of August 2008 alerting him to the intrusion and that the FBI was investigating the attack. "He said we have reason to believe that your campaign system has been penetrated  by a foreign entity," Plouffe said in an interview.

Within days, the campaign dispatched a computer security team from Kroll Advisory Solutions to Chicago to cleanse the campaign's infected computers — including the laptops of senior staffers.   

In retrospect, the attack seems simple. It was delivered by a "phishing" email – outlining the "agenda" for an upcoming meeting — that circulated among top staffers and  contained a zip file attachment with "malware," a hidden malicious virus.

But it was no ordinary virus, said Alan Brill, the senior managing director of Kroll Solutions. The malware was "as sophisticated as anything we had seen" and was part of what he called "an infection chain" that replicated itself throughout the Obama campaign's computer system. It also was designed to stay buried in the computers for months, if not years, he said.

He and his consultants were unable to determine precisely what had been compromised, but Brill says the bombardment of viruses by the attackers continued for months.  "It was like a firefight," Brill said. "This was starting every day knowing that you didn't know what they were going to throw at you."

Trevor Potter, who served as general counsel to the McCain campaign, said he got a similar warning about the cyberintrusion during a briefing from U.S. law enforcement officials at campaign headquarters..  "They told us, 'You've been compromised, your computers are under the control of someone else. You need to get off network'," said Potter.

In one incident that caused concern among U.S. intelligence officials, the Chinese hackers appeared to have gotten access to private correspondence between McCain, then the GOP presidential candidate, and Ma Ying-jeou, the newly elected president of Taiwan. On July 25, 2008, McCain had signed a personal letter — drafted on campaign computers — pledging his support for the U.S. –Taiwanese relationship and Ma's efforts to modernize the country's military. A copy of the letter has been obtained by NBC News.

But before the letter had even been delivered, a top McCain foreign policy adviser got a phone call from a senior Chinese diplomat in Washington complaining about the correspondence. "He was putting me on notice that they knew this was going on," said Randall Schriver, a former State Department official who was serving as a top McCain adviser on Asian policy. "It certainly struck me as odd that they would be so well-informed."

A spokesman for the Chinese Embassy said officials were unavailable for comment because they were busy preparing for this weekend's summit between President Obama and Chinese President Xi Jinping in California. But in recent weeks, Chinese officials have denied any role in cyberattacks against the U.S. government and private enterprise. "China opposes all forms of cyberattacks," Zheng Zeguang, assistant Chinese foreign minister, said in a press briefing in Beijing last week.

When the summit does take place this weekend,  hacking  by the Chinese is expected to be at the top of the president's agenda.

U.S. officials say that Chinese  intrusions have escalated in the years since, involving repeated attacks on U.S. government agencies, political campaigns, corporations, law firms, and defense contractors — including the theft of national security secrets and hundreds of billions of dollars in intellectual property.

A recent report from a U.S. commission chaired by former Intelligence Director Blair and former U.S. Ambassador to China Jon Huntsman Jr., estimated that the theft of intellectual property – mostly from China – was costing the U.S. $300 billion a year.

"It's stealing of information and there should be outrage," said Henry, the former FBI executive assistant director. 

Previous warnings to the  Chinese about cyberattacks have been brushed off. The 2008 attacks, for example, prompted U.S. intelligence officials to sternly warn the Chinese that they had "crossed the line," says one former senior U.S. official who was directly involved in the investigation.

"We told them we knew what they were up to – and that this had gone too far," said the former official.  Chinese officials listened politely and denied they had anything to do with the attacks on the campaign, the former official said.

[CountDeMoney]

But see, they're not a threat, because they're getting all economical and slowly reforming all democratic like and stuff.

[The Minsky Moment]

But wait, there's more:

Looks like more espionage, not sabotage.

[Kleves]

Fortunately, Obama raised the hacking issue with Xi Jinping, so I am sure the hacking will stop. Because diplomacy. Oh, wait:

America's research universities, among the most open and robust centers of information exchange in the world, are increasingly coming under cyberattack, most of it thought to be from China, with millions of hacking attempts weekly. Campuses are being forced to tighten security, constrict their culture of openness and try to determine what has been stolen.

University officials concede that some of the hacking attempts have succeeded. But they have declined to reveal specifics, other than those involving the theft of personal data like Social Security numbers. They acknowledge that they often do not learn of break-ins until much later, if ever, and that even after discovering the breaches they may not be able to tell what was taken.

Universities and their professors are awarded thousands of patents each year, some with vast potential value, in fields as disparate as prescription drugs, computer chips, fuel cells, aircraft and medical devices.

"The attacks are increasing exponentially, and so is the sophistication, and I think it's outpaced our ability to respond," said Rodney J. Petersen, who heads the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies. "So everyone's investing a lot more resources in detecting this, so we learn of even more incidents we wouldn't have known about before."

Tracy B. Mitrano, the director of information technology policy at Cornell University, said that detection was "probably our greatest area of concern, that the hackers' ability to detect vulnerabilities and penetrate them without being detected has increased sharply."

Like many of her counterparts, she said that while the largest number of attacks appeared to have originated in China, hackers have become adept at bouncing their work around the world. Officials do not know whether the hackers are private or governmental. A request for comment from the Chinese Embassy in Washington was not immediately answered.

Analysts can track where communications come from — a region, a service provider, sometimes even a user's specific Internet address. But hackers often route their penetration attempts through multiple computers, even multiple countries, and the targeted organizations rarely go to the effort and expense — often fruitless — of trying to trace the origins. American government officials, security experts and university and corporate officials nonetheless say that China is clearly the leading source of efforts to steal information, but attributing individual attacks to specific people, groups or places is rare.

The increased threat of hacking has forced many universities to rethink the basic structure of their computer networks and their open style, though officials say they are resisting the temptation to create a fortress with high digital walls.

"A university environment is very different from a corporation or a government agency, because of the kind of openness and free flow of information you're trying to promote," said David J. Shaw, the chief information security officer at Purdue University. "The researchers want to collaborate with others, inside and outside the university, and to share their discoveries."

Some universities no longer allow their professors to take laptops to certain countries, and that should be a standard practice, said James A. Lewis, a senior fellow at the Center for Strategic and International Studies, a policy group in Washington. "There are some countries, including China, where the minute you connect to a network, everything will be copied, or something will be planted on your computer in hopes that you'll take that computer back home and connect to your home network, and then they're in there," he said. "Academics aren't used to thinking that way."

Bill Mellon of the University of Wisconsin said that when he set out to overhaul computer security recently, he was stunned by the sheer volume of hacking attempts.

"We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system," said Mr. Mellon, the associate dean for research policy. "There are also a lot from Russia, and recently a lot from Vietnam, but it's primarily China."

Other universities report a similar number of attacks and say the figure is doubling every few years. What worries them most is the growing sophistication of the assault.

For corporations, cyberattacks have become a major concern, as they find evidence of persistent hacking by well-organized groups around the world — often suspected of being state-sponsored — that are looking to steal information that has commercial, political or national security value. The New York Times disclosed in January that hackers with possible links to the Chinese military had penetrated its computer systems, apparently looking for the sources of material embarrassing to China's leaders.

This kind of industrial espionage has become a sticking point in United States-China relations, with the Obama administration complaining of organized cybertheft of trade secrets, and Chinese officials pointing to revelations of American spying.

Like major corporations, universities develop intellectual property that can turn into valuable products like prescription drugs or computer chips. But university systems are harder to secure, with thousands of students and staff members logging in with their own computers.

Mr. Shaw, of Purdue, said that he and many of his counterparts had accepted that the external shells of their systems must remain somewhat porous. The most sensitive data can be housed in the equivalent of smaller vaults that are harder to access and harder to move within, use data encryption, and sometimes are not even connected to the larger campus network, particularly when the work involves dangerous pathogens or research that could turn into weapons systems.

"It's sort of the opposite of the corporate structure," which is often tougher to enter but easier to navigate, said Paul Rivers, manager of system and network security at the University of California, Berkeley. "We treat the overall Berkeley network as just as hostile as the Internet outside."

Berkeley's cybersecurity budget, already in the millions of dollars, has doubled since last year, responding to what Larry Conrad, the associate vice chancellor and chief information officer, said were "millions of attempted break-ins every single week."

Mr. Shaw, who arrived at Purdue last year, said, "I've had no resistance to any increased investment in security that I've advocated so far." Mr. Mellon, at Wisconsin, said his university was spending more than $1 million to upgrade computer security in just one program, which works with infectious diseases.

Along with increased spending has come an array of policy changes, often after consultation with the F.B.I. Every research university contacted said it was in frequent contact with the bureau, which has programs specifically to advise universities on safeguarding data. The F.B.I. did not respond to requests to discuss those efforts.

Not all of the potential threats are digital. In April, a researcher from China who was working at the University of Wisconsin's medical school was arrested and charged with trying to steal a cancer-fighting compound and related data.

Last year, Mr. Mellon said, Wisconsin began telling faculty members not to take their laptops and cellphones abroad, for fear of hacking. Most universities have not gone that far, but many say they have become more vigilant about urging professors to follow federal rules that prohibit taking some kinds of sensitive data out of the country, or have imposed their own restrictions, tighter than the government's. Still others require that employees returning from abroad have their computers scrubbed by professionals.

That kind of precaution has been standard for some corporations and government agencies for a few years, but it is newer to academia.

Information officers say they have also learned the hard way that when a software publisher like Oracle or Microsoft announces that it has discovered a security vulnerability and has developed a "patch" to correct it, systems need to apply the patch right away. As soon as such a hole is disclosed, hacker groups begin designing programs to take advantage of it, hoping to release new attacks before people and organizations get around to installing the patch.

"The time between when a vulnerability is announced and when we see attempts to exploit it has become extremely small," said Mr. Conrad, of Berkeley. "It's days. Sometimes hours."