Go Ahead, Blame China

Cyber-espionage: Is China the Main Offender?
Cyber-espionage: Is China the Main Offender?

The majority of cyber-attacks relating to espionage activity concern the theft of intellectual property and commercial intelligence material. So, one should ask which country has the most to gain from the theft of such material?

There are several candidates, given the possibilities for stolen IP to accelerate economic growth, provided an industrial base exists within the country. However, to successfully engage in cyber-espionage, a nation must also have access to skilled individuals with the ability to manipulate and exploit the internet and a systems infrastructure that can cloak this activity. China would appear to be the primary candidate.

Mandiant, a US-based security company, agrees with this view and has identified three important historical factors supporting the notion that the People’s Republic of China (PRC) conducts cyber-espionage:

  • Traditional Chinese approaches to commerce have never emphasized a distinct divide between the public and private sectors, and there is no stigma attached to espionage in general, much less for economic purposes
  • Over the past three decades, strengthening the country’s technological and industrial base at all costs and through all means has been a critical national security concern for the PRC to avoid both the humiliations China has suffered in the past at the hands of imperialist powers and to assume the role of a great power in the future
  • The Communist Party of China (CPC) has banked its legitimacy almost completely on the promise of breakneck economic growth, having largely abandoned Marxism as a dead end and instead attempts to adapt the country to a modern market economy

At the beginning of June 2013, security firm Kaspersky Labs released a report identifying a cyber-espionage group called NetTraveler. The operations of this group has been traced to four networks near Shanghai – with some operations taking place at a location that is also the headquarters of Unit 61398, a division of China’s military. This secret division is likely operating from the Dudong complex in Shanghai. Kaspersky found a ‘how-to list’ of instructions given to NetTraveler recruits, detailing steps how to create a cyber-attack, as well as a list of targets.

The group apparently comprises young college graduates and military analysts and seemingly steals data on space exploration, nanotech, energy production, nuclear power, lasers, computing and communications. In all of these areas, China aims to enhance its vertical integration business ambitions. China’s strategy is to move from the world’s manufacturer to a world leader in all areas of technology within 10 years.

On May 28, 2013, it was reported that the cabling and security control blueprints for the Australian Security Intelligence Organisation’s (ASIO) new headquarters were accessed by Chinese hackers operating from the state-sponsored Dudong complex.

Earlier in May, the Pentagon – for the first time – directly accused the Chinese government of targeting US government computers with the aim of harvesting intelligence information. US aerospace giant, Lockheed Martin, alleged that Chinese hackers from the Dudong Complex accessed or attempted to infiltrate its valuable and sensitive IP.

Europe has not escaped the attention of the NetTraveler. Many industrial firms have reported illegal access and attempts on their systems, citing the Shanghai network as the source of the hacking. Small to medium-sized enterprises were also targeted, as many engage in focused research for larger corporations.

At the business level, China refutes the accusations and claims the hackers may be routing their attacks through China to cloak their identity. However, analysis of web network activity within Europe suggests otherwise. At the state level, the Chinese government refuses to comment, thus adopting their traditional stance. Nevertheless, Mandiant has issued what I believe is definitive proof that the Chinese government is behind the majority of high-profile cyber-espionage attacks on US businesses.

Strong evidence would suggest that the Chinese government and businesses are actively supporting or participating in cyber-espionage to position the PRC as the world’s dominant supplier of high technology, thus potentially raising its economy to the number one position globally and at the same time, improving national security.


David Stupples is a Professor of Systems and Cryptography at City University London. Stupples is an active researcher on internet security, with a focus on cyber-terrorism and organized cybercrime.

What’s Hot on Infosecurity Magazine?