Shoddy evidence and past hypocrisy weaken US cyber-spying charges

By Dr. George Koo and Professor Ling-chi Wang Published: 2013-3-6 19:56:06

Despite Bloomberg Buisnessweek's accusation that the Chinese army is spying on Americans, the report that led to the charges has serious flaws. These raise troubling questions about a repetition of the "China spy syndrome."

Beginning with The New York Times sensational January 30 disclosure of Chinese hacking, every publication of note or of little note has since run one or more stories on cyber attacks emanating from China.

The release of a report by the Internet security firm Mandiant on February 18 set the stage for an announcement from the White House on February 20 that the administration was determined to protect US businesses and punish the perpetrators at home and abroad.

Is this an orchestration for a new policy initiative? Or, is this just a reinforcement of Barack Obama's pivot to Asia and the Trans Pacific Partnership, two major initiatives aimed clearly in response to the "rise of China?"

Since the nascent art of hacking and counter measures of cyber security are subjects too esoteric and beyond the comprehension of most except those skilled in the craft, the media focused instead on the more lurid details taken from the so-called Mandiant Report.

The report alleged that most of the cyber attacks levied against Corporate America came from a 12-story building in the Pudong neighborhood of Shanghai that belonged to a particular department, the ominously named Unit 61398, of the PLA.

Since the issuer of the report is in the business of selling its services to safeguard company networks from cyber attacks, presumably it is in Mandiant's interest to portray the attackers in ways as menacing and sinister as possible. The PLA certainly fits the bill.

However, shortly after the Mandiant Report broke the news, articles that presented contrary points of view began to appear. The most comprehensive belonged to Jeffrey Carr, a cyber security expert in his own right, who pointed out that there are more than 30 nations with the capability to run "military grade network operations" necessary to mount the kind of sophisticated attacks found in the report. According to the US National Intelligence Estimate, Russia, Israel, and France are among the leading countries when it comes to cyber hacking activities.

Carr concluded that Mandiant was too quick to identify China as the culprit without performing rigorous analysis to eliminate other competing hypotheses and comparing its cyber espionage activities with those of other countries.

Two days after The New York Times article appeared, the US edition of The World Journal, a Chinese-language daily, reported that seven of the IP addresses identified by the Mandiant Report as coming from the PLA office in Shanghai were actually from Hong Kong, including one from the Hong Kong University of Science & Technology.

This should not come as a surprise since hacking can emanate from anywhere in the world and can easily be misdirected to appear as if coming from somewhere else. What was surprising was that this finding came from a little noted ethnic paper and not from the major media stars.

Maybe Al Gore did not invent the Internet but it is an inconvenient truth that the US defense agency did and Americans have since led in the development and use of the Internet. As the world's most advanced economy, the US has invested heavily and become most dependent on networks in cyber space and thus most vulnerable to attacks.

The US has also led in the development and use of weapons in cyber warfare. For example, the US-developed Stuxnet virus has been credited with causing the centrifuges to spin out of control in the Iranian nuclear enhancement facility.

Being the first known country to launch a cyber attack in peacetime and in the absence of any international treaty and protocol, the US has lost the moral high ground to define appropriate conduct in cyber space.

This is of course not the first time that Washington is reaping the consequences of what it has sowed. The US was the first, and to date the only, country to use the atomic bomb. Since then, it has had to devote decades of diplomatic efforts to promote nuclear nonproliferation and now lives in fear of nuclear weapons falling into the hands of rogue nations or terrorists.

The next Pandora's box, one the US has already opened and soon will be trying to shut, is the use of drones for transnational surveillance and assassinations of terrorist suspects without due process.

Friends and foes alike have seen the cost effective capability of a drone in rendering destruction and killing and all are rushing to develop their me-too ability.

The day is nigh when Americans will be troubled by the prospect of encountering drones operated remotely and in the hands of someone holding a grudge against the US. We will then, again, have to expend endless diplomatic efforts in proselytizing the idea of "do as I say and not as I do."

As for China, it has in its way been trying to tell the US that it does not hold a grudge. In typically understated signals, China has let Washington know that it possesses silent running submarines, stealth planes and missiles capable of downing communication satellites.

China even went out of its way to make sure that US intelligence got a full picture of its nuclear weapons technology, as suggested by nuclear scientist Daniel Stillman of the Los Alamos National Laboratory. The latest air shows in China are displaying a large array of domestically manufactured drones.

Indeed, China appears to be practicing a porcupine defense strategy, or, peaceful intentions but beware of the ability to retaliate in kind. Some have suggested that the alleged PLA hacking has been deliberately sloppy, thus leaving visible trails to let the US know that China too possesses cyber warfare capability.

Cyber espionage and warfare are serious problems that are here to stay. Washington needs to develop effective, long-term countermeasures and a thoughtful and balanced diplomacy. Singling out China as the sole villain without critically examining what other nations are doing, including us, is counterproductive, potentially misleading and in the long run, harmful to our national interests and world peace.


George Koo is an international business consultant and board member of New America Media. Ling-chi Wang is a retired professor of Asian American history at the University of California, Berkeley. This article was originally posted on New America Media on Feb 26, 2013.

Posted in: Viewpoint

blog comments powered by Disqus