Hacking for the Party: Cables Suggest Chinese Support for Cyber Espionage
The US diplomatic cables suggest that China's leaders ordered the cyber attack on Google in 2009. What's more, security experts at the State Department suspect that China's government plays a leading role in coordinating cyber espionage despite having pledged to "decisively and energetically" combat it.
A woman reads the signs on flowers delivered by Chinese Google users outside the Google China headquarters in Beijing January 13, 2010.
After hackers attempted to crack the e-mail accounts of Chinese human rights activists, Google publicly complained last January about a "highly sophisticated and targeted attack on our corporate infrastructure originating from China." It was the beginning of a feud between Google and the Chinese government that would eventually lead the American IT giant to partially pull out the world's most populous country.
Even today, it remains unclear who was actually behind the attack. Cyber detectives suspect the perpetrators were from the Shanghai Jiaotong University and the Lanxiang Vocation School in the eastern province of Shandong. But one document from the US Embassy in Beijing suggests that the hackers might not have been acting on their own account.
"A well-placed contact claims that the Chinese government coordinated the recent intrusions of Google systems," diplomats claimed in a cable dated Jan. 26 and classified "secret" to headquarters back in Washington. "According to our contact, the closely held operations were directed at the Politburo Standing Committee level" -- which puts it as high as you can get in the Chinese Communist Party.
The diplomats also informed the State Department that the State Council Information Office had taken over control of the operation. According to the still unconfirmed information included in the embassy documents, two members of the Politburo coordinated the campaign against Google.
The reason behind the hacking is also still unclear. One of Americans' sources surmised that perhaps the country wanted to get rid of a rival of Baidu, the major domestic competitor.
But another source was convinced that the operations "were 'one hundred percent' political in nature" and therefore not economically motivated. Despite having only conquered a quarter of the Chinese market at that point and having voluntarily blocked politically sensitive content, Google had allegedly become a source of discomfort for top Chinese functionaries. Indeed, some conservative officials viewed Google as a conveyer of US government propaganda -- which alone might have been enough to make them want to teach the company a lesson.
Toleration, If Not Support
The attack on Google is no isolated incident. Chinese hackers have already penetrated a number of Western computer systems. Still, the country's leaders have always denied playing any role in the cyber campaigns. For example, already in 2007, Prime Minister Web Jiabao promised German Chancellor Angela Merkel that his country would "decisively and energetically" go after hackers.
But German and American experts have suspected the opposite: that China's government at least tolerates, if not outright supports, computer attacks originating from within the country.
A "Diplomatic Security Daily" dispatched on June 29, 2009 supports this theory. Each day, US Secretary of State Hillary Clinton sends analyses like this one to selected embassies across the world with the classification level "secret/noforn," meaning not for the eyes of non-US citizens. Under the category of "Cyber Threats," the section of the State Department responsible for analyzing them reported on two Chinese computer firms whose shared head had admitted that half of his investment funding had come from the government.
In 2003, one of his companies received an official security permit that allowed it to collaborate with Microsoft. The Chinese were even given access to the confidential source code of some programs. However, there is some doubt about whether that was a good idea.
The Hazy Line
According to the report, a short time later, a certain Yang Hua began working for the company. He also happened to be an officer in the People's Liberation Army, a member of the 3rd Communications Regiment, Unit 61416. He was supposedly there to learn how to protect computer networks from attacks.
"While links between top Chinese companies and the PRC (People's Republic of China) are not uncommon," computer experts at the US State Department warned, "it illustrates the PRC's use of its 'private sector' in support of governmental information warfare objectives, especially in its ability to gather, process, and exploit information."
The cable also states that the officer wasn't the only suspicious person working at the company who had access to Microsoft's source code. From June 2002 to March 2003, the company also employed a man named Lin Yong as its highest-ranking "security engineer." The US diplomats noted that the man was actually a well-known hacker nicknamed "the Lion."
© SPIEGEL ONLINE 2010
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH
A time lapse of 251,287 documents: The world map shows where the majority of the cables originated from, and where they had the highest level of classification. View the atlas ...
By its very nature, field reporting to Washington is candid and often incomplete information. It is not an expression of policy, nor does it always shape final policy decisions. Nevertheless, these cables could compromise private discussions with foreign governments and opposition leaders, and when the substance of private conversations is printed on the front pages of newspapers across the world, it can deeply impact not only US foreign policy interests, but those of our allies and friends around the world.
To be clear -- such disclosures put at risk our diplomats, intelligence professionals, and people around the world who come to the United States for assistance in promoting democracy and open government. These documents also may include named individuals who in many cases live and work under oppressive regimes and who are trying to create more open and free societies. President Obama supports responsible, accountable, and open government at home and around the world, but this reckless and dangerous action runs counter to that goal.
By releasing stolen and classified documents, Wikileaks has put at risk not only the cause of human rights but also the lives and work of these individuals. We condemn in the strongest terms the unauthorized disclosure of classified documents and sensitive national security information.