Is the Chinese army hacking American computers?

In early 2013, the New York Times reported its networks had been hacked.
In early 2013, the New York Times reported its networks had been hacked.
© Ramin Talaie/Corbis

Marvin Gile smooths his tie, takes a sip of coffee and settles in at his desk, ready to begin another day as chief financial officer at the defense contracting company that's been his employer for the past 12 years. His first order of business is slogging through the dozens of e-mails that accumulated in his inbox overnight.

Delete. Delete. Delete.


Then he notices an e-mail from the company's human resources director announcing a new hire. He double-clicks the attached PDF to learn the details, but the document opens and then crashes. Strange. He moves on to the next task of the day.

What Gile doesn't know is that in the few seconds it took him to open the bogus e-mail and attachment, malicious software -- malware -- was released, putting his company's proprietary information at risk. The moment the malware breached his computer, it sent up a virtual flare to signal one or more servers around the world to send instructions. And in just a few minutes, it was transferring files of sensitive information to a remote location [source: Taylor].

Cyberattacks like this one are on the rise. From 2010 to 2011, the number of cyberattacks made on U.S. companies rose 44 percent; defense, energy and financial sectors were the most targeted, but Google, Intel, Facebook and the members of the U.S. Congress were victims, too [source: Rodriguez]. Reports of malware-based attacks remained strong in 2012, with malware infiltrations causing Internet blackouts at major U.S. banks and compromising networks at nuclear energy companies [sources: Perlroth, Goldman].

While it isn't always clear where the attacks originate, attention has increasingly turned to the Chinese government. In February 2013, for example, the New York Times reported its computer networks had been hacked during a four-month period by a China-based group with government ties. Soon after, a comprehensive report released by computer security firm Mandiant linked the People's Liberation Army in China to cyberattacks at 141 U.S. companies.


Chinese Cyber Attacks and U.S. Targets

This Shanghai tower is believed to be the origin point of recent cyberattacks.
This Shanghai tower is believed to be the origin point of recent cyberattacks.
© Imaginechina/Corbis

Despite the recent outcry that Chinese hackers have targeted U.S. companies and government entities, the attempts aren't isolated to one nation. Chinese hackers have reportedly infiltrated the Australian Reserve Bank, as well as government entities in Taiwan, Brunei, Myanmar, Vietnam and other countries [sources: Saarinen, Taipei Times].

In a method markedly similar to attacks characteristic of the Chinese military, a group of hackers targeted the New York Times by routing e-mails through computers at U.S. universities. American intelligence officials confirmed the cyberattacks were traced to a specific IP address -- a point of origin so narrow, that in the whole of China and its 1.3 billion residents, it could be pinpointed to a 12-story office building on the edge of Shanghai. Not only did the attacks on the New York Times launch from this building, so did the majority of malware targeting U.S. companies and government entities. Interestingly, the same building houses the People's Liberation Army Unit 61398, which has led to speculation that an elite group of hackers, known as the Comment Crew or the Shanghai Group, are actually sponsored by the Chinese army.


A 60-page report released by Mandiant, a U.S.-based computer security firm, details the cyber threats posed by the hackers working with PLA 61398 and categorizes their activity as APT1 -- Advanced Persistent Threat No. 1. According to the report, the Shanghai hackers have spent the last few years waging a largely undetectable and notably effective cyberespionage war against most of the developed world. In doing so, they've stolen data from at least 141 U.S. organizations equaling hundreds of terabytes. Just one terabyte equals about 220 million pages of text [source: Mandiant].

These breaches in cyber security are costly. In fact, it can be expensive even if the hackers aren't particularly successful in their efforts. It takes an average of 18 days to repair and restore systems after a cyberattack, and each attack costs an estimated $415,000. The defense industry, for example, spent nearly $20 million on cyberattacks in 2011 alone [source: Rodriguez].

Unfortunately, the costs could be far greater. An American company with direct access to more than 60 percent of North America's oil and gas pipelines has been a target of Chinese hackers. So has RSA, a computer security firm with access to passcodes that lead to sensitive corporate and government information [source: Sanger].

Although attention is focused on the Shanghai-based Comment Crew, there are other hacker cells to worry about, too. Beijing Group, for example, is believed to include dozens of people, including translators, analysts and programmers. One thing is certain: These attacks are not the work of amateurs. The scope of the cyberattacks is too large -- and too well organized -- to be the work of freelancers flexing their technological muscles [source: Lawrence].

Ironically, amateur hackers could be these groups' undoing. In the weeks after the People's Liberation Army 61398 was tied to widespread hacking, amateur cyber sleuths uncovered additional evidence. Amateur Internet detectives outed a hacker known as DOTA (after the video game "Defense of the Ancients") on Twitter. Turns out, the hacker's telephone number had been listed in a 2009 advertisement for an apartment rental just 656 yards (600 meters) from Unit 61398's Shanghai headquarters [source: Perlroth].


Uncovering a Motive for Chinese Cyberattacks

The attack on the New York Times is believed to be a result of the paper's planned reporting on Chinese premier Wen Jiabao.
The attack on the New York Times is believed to be a result of the paper's planned reporting on Chinese premier Wen Jiabao.
© Liu Jiansheng/Xinhua Press/Corbis

When it comes to cyberattacks by Chinese hackers on U.S. companies and government entities, the reigning question is "why?"

Could hacking be a new and faceless version of war waged remotely? Is the endgame designed to plunge the U.S. into a pre-technology state? These are questions President Obama alluded to in his 2013 State of the Union address, saying, "We know foreign countries and companies swipe our corporate secrets. Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems" [source: The White House].


Some suspect the computer attacks are actually a new version of corporate espionage designed to bolster the Chinese economy by providing access to proprietary information. It's worth noting, however, that a Chinese government-issued attack on America's financial markets, transportation systems or power grid would also affect China. China is now one of the largest investors in oil and gas in the U.S.; an attack would devalue China's U.S. investments and interrupt its flow of exports [sources: Corsi, Perlroth].

Sometimes, the information-gathering efforts of Chinese hackers take on a more political and personal angle. Take the four-month infiltration of the New York Times, for example. Just as the newspaper was set to publish a potentially embarrassing article about a wealthy Chinese leader (it would reveal how premier Wen Jiabao amassed more than $2 billion, breaking basic Communist tenets), hackers using Chinese university computers uncovered Times reporters' passwords and then used that information to access 53 of the employees' personal computers. They also snuck into the e-mail accounts of the newspaper's bureau chiefs in Shanghai and India. The computers the hackers used were the same computers previously used by the Chinese military to breach U.S. military contractors [sources: Associated Press, Perlroth].

In the midst of the controversy surrounding its cyber actions, China is deflecting blame. According to China's state news agency, the country is actually a victim in the cyber espionage game rather than an aggressor. In fact, China's state news agency reveals there are 1.29 million hacked host computers in China that are controlled by U.S. servers [source: Estes]. And China's defense ministry reports two-thirds of its military hacking attempts came from the U.S. in 2012 [source: Wee].

Wherever the blame lies, many countries are taking a hard look at how they protect government and corporate information. The U.S. and China are among those calling for the world's most technologically advanced nations to forge new rules of engagement. In addition to the obvious -- like not breaking into other countries' computers -- the guidelines would require nations to ferret out hackers operating within their borders, and set up global norms for cyberspace behavior [source: Landler].


Frequently Answered Questions

How big is China's cyber army?
China's cyber army is large and growing. It is estimated to have over 100,000 personnel and is expanding its capabilities.

Lots More Information

Author's Note: Is the Chinese army hacking American computers?

Perhaps the greatest threat is not the one getting the most ink. An intense campaign of cyberassaults against U.S. computers has originated in Iran, too. Among other targets, these attacks are believed to have infiltrated American banks. And, says House Intelligence Committee Chairman Mike Rogers, this places critical information at risk, especially when it comes to federal, military and infrastructure operations. While Rogers and other lawmakers are calling for new cyber regulations -- including some that would require companies to share information on hacker threats or breaches -- it's like naming a baby at his first birthday. Great idea, just a little late.

Related Articles

  • Associated Press. "NY Times Says Chinese Hacked its Computers over Story on Top Communist Leader's Wealth." Fox News. Jan. 31, 2013. (March 10, 2013)
  • Estes, Adam Clark. "Framing Itself as a Victim, China Calls for a Global Crackdown on Hackers." The Atlantic Wire. March 10, 2013.
  • Goldman, David. "Hacker Hits on U.S. Power and Nuclear Targets Spiked in 2012." CNN. Jan. 9, 2013. (March 10, 2013)
  • Landler, Mark. "U.S. Demands That China End Hacking and Set Cyber Rules." The New York Times. March 11, 2013.
  • Lawrence, Dune. "A Chinese Hacker's Identity Unmasked." Business Week. Feb. 14, 2013. (March 10, 2013)
  • Mandiant. "APT1: Exposing One of China's Cyber Espionage Units." (March 10, 2013)
  • Perlroth, Nicole. "As Hacking Against U.S. Rises, Experts Try to Pin Down Motive." The New York Times. March 3, 2013. (March 10, 2013)
  • Perlroth, Nicole. "Attacks on Six Banks Frustrate Customers." The New York Times. Sept. 30, 2012. (March 10, 2013)
  • Perlroth, Nicole. "Hackers in China Attacked The Times for Last Four Months." The New York Times. Jan. 30, 2013. (March 10, 2013)
  • Perlroth, Nicole. "Internet Sleuths Add Evidence to Chinese Military Hacking Accusations." The New York Times. Feb. 27, 2013. (March 10, 2013)
  • Reuters. "China Says U.S. is Top Source of Hacking Attacks on Country." March 10, 2013.
  • Rodriguez, Salvador. "Cyber Attacks on the Rise and More Costly, Study Says." Los Angeles Times. Aug. 2, 2011. (March 10, 2013)
  • Saarinen, Juha. "Chinese Hackers Infiltrated Reserve Bank." IT News. March 11, 2013.,chinese-hackers-infiltrated-reserve-bank.aspx
  • Sanger, David. "Chinese Army Unit is seen as Tied to Hacking against U.S." The New York Times. Feb. 18, 2013. (March 10, 2013)
  • Taipei Times. "Taiwan, U.S. to Cooperate on Cybersecurity." Feb. 23, 2013. (March 10, 2013)
  • Taylor, Paul. "Anatomy of a Cyberattack." Financial Times. Aug. 10, 2011. (March 10, 2013),Authorised=false.html?
  • The White House. "Remarks by the President in the State of the Union Address." Feb. 12, 2013. (March 10, 2013)