The New York Times reported today about an office tower on the outskirts of Shanghai which serves as the People’s Liberation Army base for China’s growing corps of cyberwarriors. According to the article, a growing body of digital forensic evidence — confirmed by American intelligence officials who say they have tapped into the activity of the army unit for years — leaves little doubt that an overwhelming percentage of the attacks on American corporations, organizations and government agencies originate from that locatioin.
While, the concern heretofore has been primarily corporate espionage, the hackers have also focused on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.
Most of the hacks are the result of spearfishing attacks which are becoming increasingly sophisticated. Most workers know by now to open emails from unknown sources or to click on links in those emails. But now emails are designed to look like they came from fellow employees with messages in perfect English.
Chinese officials deny any form of hacking, and there are enormous diplomatic sensitivities involved in directly accusing the Chinese government of running this organization because of our complex economic relationships.
The president mentioned the problem in his latest State of the Union speech, without calling out China or any other nation. “We know foreign countries and companies swipe our corporate secrets,” he said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air-traffic control systems. We cannot look back years from now and wonder why we did nothing.”
Until we do something, China has no incentive to stop.