Google the latest victim of Chinese 'state-sponsored' cyberwar

MI5 and US intelligence warned their top firms long ago about China's 'government-backed hacking'
Hackers 'accessed Google systems used for legal requests'

Just over two years ago the head of MI5, Jonathan Evans, wrote to about 300 British firms warning them to be wary of Chinese hackers trying to monitor their systems or break into them remotely via the internet: Rolls-Royce, the jet engine maker, and Royal Dutch Shell had both fallen victim to computer intrusions. It was only part of an ongoing strategy of "information warfare" that China's government – through its People's Liberation Army (PLA) – is carrying out across the world.

The latest targets in a scheme appear to be companies in Silicon Valley, where companies including Google and Adobe, which makes hugely popular Flash software (used for the vast majority of video online, such as the BBC's iPlayer and YouTube), have discovered ­intrusions into the computers where they store their "source code" – the millions of lines of programming, readable by humans, that comprise their software. Those are, effectively, their crown jewels: if they fall into rivals' hands, the programs can be copied, altered, or produced for free under another name.

For America's hi-tech firms, the idea that their source code falls into Chinese hands is the worst nightmare: intellectual property protection is notoriously poor in China, and the code could be rewritten into a piece of Chinese software – or even sold on the world market to compete with the original.

What makes it most worrying is that the hackers have the sanction of Beijing (though it always denies any link). A briefing paper produced in October by the US military security firm Northrop Grumman for the US-China Economic and Security Commission looked in detail at Beijing's strategy, including a roundup of hacking from China over the past 10 years.

Its summary was bleak, predicting a world of "information warfare" via the internet, using a strategy it dubbed "integrated network electronic warfare": "The PLA is training and equipping its force to use a variety of [internet warfare] tools for intelligence gathering and to establish information dominance over its adversaries during a conflict. PLA campaign doctrine identifies the early establishment of information dominance over an enemy as one of the highest operational priorities in a conflict; Inew appears designed to support this objective."

Such warfare is carried out by expert hackers with a range of skills: some will know how to hack into web servers, while others are skilled at finding previously undiscovered weaknesses – known as "zero-day vulnerabilities" – in commercial software. Standard antivirus and warning systems simply won't detect their use, meaning that computers can be compromised without warning.

Northrop Grumman did not think it was lone hackers with a grudge against the west, either: "The depth of resources necessary to sustain the scope of computer network exploitation targeting the US and many countries around the world coupled with the extremely focused targeting of defence engineering data, US military operational information, and China-related policy information is beyond the capabilities or profile of virtually all organised cybercriminal enterprises and is difficult at best without some type of state sponsorship."

In other words: though China might deny it, Beijing is behind the intrusions – such as Titan Rain, the name the Pentagon has given to a series of attacks since 2003 on groups such as Lockheed Martin, Nasa and the Sandia National Laboratories. Or the attempts to "phish" members of the UK parliament in autumn 2005.

What makes it obvious that these are state-sponsored attacks, as Northrop Grumman notes, is that the information being targeted is not credit card or bank account details but engineering, source code, and detail about military preparedness and networks.

According to the US Air Force, by 2007 the Chinese had "exfiltrated" (copied back to their own computers) at least 10 to 20 terabytes of data from US government networks. Since then the number will only have grown. One terabyte is 1,000 gigabytes – the average home computer now holds half a terabyte.

"Chinese espionage in the United States, which now comprises the single greatest threat to US technology, according to US counterintelligence officials, is straining the US capacity to respond," the report notes.

"This illicit activity both from traditional techniques and computer-based activity are possibly contributing to China's military modernisation and its acquisition of new technical capabilities."

In short, the report notes, "Chinese industrial espionage" is providing a source of new technology without investing time or money for research.

The present problem is the "reactive" nature of internet security. It is not an inherently secure network, having been set up by academics to swap information. But if Google's withdrawal of censorship (and possibly itself) from China has one effect, it may be to make more firms realise China's hackers are not to be ignored.

• This article was amended on Thursday 14 January 2010. We previously said the average home computer now holds half a gigabyte. This has been corrected.

Charles arthur, technology editor

The GuardianTramp

Related Content

Article image
Google phishing: Chinese Gmail attack raises cyberwar tensions
Senior US and South Korean government officials plus Chinese activists have login details stolen

Charles Arthur, technology editor

01, Jun, 2011 @10:47 PM

China's cyberwar goes beyond Google | Tim Stevens
Tim Stevens: The Chinese military has long seen its adversaries' IT networks as a target, and citizen hackers are willing volunteers in the fight

Tim Stevens

13, Jan, 2010 @5:30 PM

Article image
David Cameron challenges China to be more open about cyber-security

Prime minister seeks talks on 'issue of mutual concern' amid western fears that Beijing is behind most aggressive online attacks

Nicholas Watt in Shanghai

04, Dec, 2013 @12:01 AM

Article image
UK and allies accuse Chinese state-backed group of Microsoft hack
British foreign secretary says Beijing will be held to account if it does not stop ‘systematic cyber sabotage’

Dan Sabbagh, Jennifer Rankin and Peter Walker

19, Jul, 2021 @2:21 PM

Article image
The Guardian view on cyberwar: an urgent problem | Editorial
Editorial: The internet is now used as a low-level weapon of war. How should Britain best defend itself?

Editorial

22, Jan, 2018 @5:42 PM

Article image
China brands Google 'snotty-nosed' as cyber feud intensifies

Military portrays China as victim rather than perpetrator of cyber-attack and vows to strengthen online defences

Jonathan Watts in Beijing and agencies

03, Jun, 2011 @5:09 PM

Article image
Stuxnet worm heralds new era of global cyberwar
Attack aimed at Iran nuclear plant and recently revealed 2008 incident at US base show spread of cyber weapons

Peter Beaumont

30, Sep, 2010 @3:46 PM

Article image
Cyber-weaponry, virtual battlefields and the changing face of global warfare

Misha Glenny: Stuxnet forced countries to assess their vulnerability to cyber-attacks and make cyberwarfare mainstream defence policy

Misha Glenny

16, May, 2011 @6:30 PM

Article image
Google warns of surge in activity by state-backed hackers
More than 50,000 alerts sent so far this year, including of an Iranian group that targeted a UK university

Dan Milmo Global technology editor

15, Oct, 2021 @12:00 PM

Article image
Cyberwar heats up with Pentagon's virtual firing range
National Cyber Range intended as replica of internet allowing US scientists to test defences against hackers. By Charles Arthur

Charles Arthur and agencies

17, Jun, 2011 @9:45 AM