Strong Evidence Points to China as Cyberhack Source

August 4, 2011 11:44 pm Last Updated: October 1, 2015 4:01 pm
GLOBAL ASSAULT: McAfee identified targets from Asia, Europe, and North America in its victim count as part of the report. Companies, governments, NGOs, and media groups were all hit. (McAfee)
GLOBAL ASSAULT: McAfee identified targets from Asia, Europe, and North America in its victim count as part of the report. Companies, governments, NGOs, and media groups were all hit. (McAfee)

Only five nations would be capable of sponsoring a massive cyber-espionage campaign that infiltrated governments, international organizations, and high-tech companies, persisted over years, and stole billions of dollars’ worth of intellectual property—like the operation unveiled by security firm McAfee this week.

The United States and the U.K. can be removed from the equation because they don’t spy on each other. Iran and Russia are capable, but the evidence doesn’t suggest they were involved. Taking into account past campaigns of monumental hacking, and considering the Asian focus in the recent attack, there’s only one country left, according to James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies, in a Twitter post.


The onslaught has been termed Operation Shady RAT (referring to one of the items of software used in the attack, a “Remote Administration Tool”), and bears a striking resemblance to similar campaigns that have been traced back to China and, many experts believe, actors sponsored by the Chinese regime.

Atlanta-based Dell SecureWorks has also traced the attacks. They pinpoint them to two major Chinese cities: Shanghai and Beijing.

According to McAfee, hackers stole petabytes (thousands of terabytes) of information, including industry-relevant secrets from a sweeping variety of targets since 2006: classified state secrets from governments, design schematics and source code from technology companies, and exploration plans from natural resources companies.

McAfee won’t say whether they have evidence that the attacks originated in China, but experts don’t see much room for argument.

The Work of a State

In its report, security firm McAfee said the large-scale cyber-espionage operation was conducted not by a group of independent hackers but a "state actor." This is due to the “sophistication, target list, or type of information” targeted, McAfee spokesperson Joris Evers told The Epoch Times in a telephone interview.

“It’s not typical stuff that a cybercriminal could go after or turn into money,” he said. “That’s why we think it was a nation-sponsored activity."

A number of important indicators implicate China.

Of the 72 compromised parties from 14 countries, Chinese entities were entirely missing from the hit list of hacks. Also, most of the targets in the operation are of definite interest to the Chinese regime, including Taiwan and the U.S.’s defense industry.

“All the signs point to China,” Lewis, the cybersecurity expert, said to Vanity Fair. “Who else spies on Taiwan?”

A China expert quoted in the Nelson Report, a newsletter sent to Washington insiders, also believed China was the source of the attacks. “Only such a police state is capable of a cyber-act of war of that scale and scope,” he said.

Targets All Over the World

The Epoch Times looked at over a dozen of the hacking incidents and, through targeted news searches, traced them to business deals and political events around the time they occurred.

A pattern emerges of friendly meetings, deal announcements, or cooperative efforts between China and a variety of groups, closely followed or in some cases preceded by, a hacking intrusion. Snooping on the targets in all of these cases would potentially have netted the Chinese regime’s high-tech blueprints, top-secret documents, and other pieces of insider information invaluable in political or business discussions, in some cases of very high financial value.

The Pohang Iron and Steel Company (POSCO), based in Pohang, South Korea, is the third largest steel maker in the world. In July 2006, POSCO initiated a takeover of a large mill in China’s Jiangsu Province, and in November, POSCO developed a “new efficient steel.” McAfee says that Korean Steel Company was hacked in July 2006—the same date of takeover negotiations. The intrusion lasted beyond November.

Continued: The evidence accumulates…