WASHINGTON — The Obama administration is considering more assertive action against Beijing to combat a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies.
WASHINGTON — The Obama administration is considering more assertive action against Beijing to combat a persistent cyber-espionage campaign it believes Chinese hackers are waging against U.S. companies and government agencies.
As The New York Times and Wall Street Journal reported Thursday that their computer systems had been infiltrated by China-based hackers, cybersecurity experts said the U.S. government is eyeing more pointed diplomatic and trade measures.
Two former U.S. officials said the administration is preparing a new National Intelligence Estimate that, when complete, is expected to detail the cyberthreat, particularly from China, as a growing economic problem. Neither of the former officials was authorized to discuss the classified report and spoke only on condition of anonymity.
One of the former officials said the NIE, an assessment prepared by the National Intelligence Council, also will cite more directly a role by the Chinese government in such espionage. The former official said the NIE will underscore the administration’s concerns about the threat and will put greater weight on plans for more aggressive action against the Chinese government.
Secretary of State Hillary Rodham Clinton, in an interview with reporters as she wound up her tenure, said the U.S. needs to send a strong message that it will respond to such incidents.
“We have to begin making it clear to the Chinese — they’re not the only people hacking us or attempting to hack us — that the United States is going to have to take action to protect not only our government’s, but our private sector, from this kind of illegal intrusions. There’s a lot that we are working on that will be deployed in the event that we don’t get some kind of international effort under way,” she said.
“Obviously this can become a very unwelcome and even dangerous tit-for-tat that could be a crescendo of consequences, here at home and around the world, that no one wants to see happen,” she said.
Although the administration hasn’t yet decided what steps it may take, actions could include threats to cancel certain visas or put major purchases of Chinese goods through national security reviews.
“The U.S. government has started to look seriously at more assertive measures and begun to engage the Chinese on senior levels,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “They realize that this is a major problem in the bilateral relationship that threatens to destabilize U.S. relations with China.”
To date, extensive discussions between Chinese officials and top U.S. leaders — including President Barack Obama and Defense Secretary Leon Panetta — have had little impact on what government and cybersecurity experts say is escalating and technologically evolving espionage. The Chinese deny such espionage efforts.
Internet search leader Google focused attention on the China threat three years ago by alleging that it had traced a series of hacking attacks to that country. The company said the breaches, which became known as “Operation Aurora,” appeared aimed at heisting some of its business secrets, as well as spying on Chinese human rights activists who relied on Google’s Gmail service. As many as 20 other U.S. companies were also said to be targeted.
A four-month long cyberattack against The New York Times is the latest in a long string of breaches said to be by China-based hackers into corporate and government computer systems across the United States. The Times attacks, routed through computers at U.S. universities, targeted staff members’ email accounts, the Times said, and were likely in retribution for the newspaper’s investigation into the wealth amassed by the family of a top Chinese leader.
The Wall Street Journal on Thursday said that its computer systems, too, had been breached by China-based hackers in an effort to monitor the newspaper’s coverage of China issues.
Media organizations with bureaus in China have believed for years that their computers, phones and conversations were likely monitored on a fairly regular basis by the Chinese. The Gmail account of an Associated Press staffer was broken into in China in 2010.
Richard Bejtlich, the chief security officer at Mandiant, the firm hired by the Times to investigate the cyberattack, said the breach is consistent with what he routinely sees China-based hacking groups do. But, he said it had a personal aspect to it that became apparent: The hackers got into 53 computers but largely looked at the emails of the reporters working on a particular story. The newspaper’s investigation delved into how the relatives and family of Premier Wen Jiabao built a fortune worth over $2 billion.
“We’re starting to see more cases where there is a personal element,” Bejtlich said, adding that it gives companies another factor to consider. “It may not just be the institution, but, is there some aspect of your company that would cause someone on the other side to take personal interest in you?”
Journalists are popular targets, particularly in efforts to determine what information reporters have and who is talking to them.