I have long expressed my concern over China's behavior on the Internet, particularly their many furtive and illicit actions against U.S. citizens, U.S. companies, government agencies, and infrastructure operations. I have also discussed -- particularly in some of my lectures -- the prevalence of online organized crime coming out of Eastern Europe and the former Soviet states.
Yesterday, the Office of the National Counterintelligence Executive (the agency responsible for American counterintelligence efforts) issued a report to Congress entitled, "Foreign Spies Stealing U.S. Economic Secrets in Cyberspace" (PDF).
I have to tell you that I haven't been able to read this report yet. I've been trying to download it, or, indeed, get to the NCIX.gov site all evening. Unfortunately, the site has been down for at least the past few hours:
I wouldn't necessarily read a whole lot into that, but it is curious that a report that claims Russia and China have been actively engaging in cyber-spying and penetration attempts is now inaccessible.
Update: A few hours later (3:30AM ET), I was able to get onto the NCIX site. Read the report. It's fascinating.
The Chinese government has long claimed that they have no involvement in any nefarious acts against the United States, but we've also got a long line of circumstantial evidence that seems to counter that assertion.
See also: Deconstructing a nasty Chinese World of Warcraft phishing scheme
In fact, in an article about the report, The Washington Post cites Chinese Embassy spokesman Wang Baodang, who denied the veracity of the NCIX report, claiming China opposes "any form of unlawful cyberspace activities."
A New York Times article quotes Chinese Foreign Ministry spokesman Hong Lei as saying, "The Chinese government opposes hacking in all its manifestations."
Before you accept these assertions by Chinese officials, consider that China has built jindùn gongchéng, the Golden Shield Project (what's commonly called The Great Firewall of China). China has complete control of what IP packets pass in and out of China. And yet, even as recently as a week ago, we know people in China have been conducting attacks against American citizens. I found one in my inbox.
At the end of this article are links to many of my other articles exploring the Chinese cyber-threat. I'm in complete agreement with NCIX that China is a threat. Actually, my research indicates that China may well be America's greatest threat moving into the rest of the 21st Century.
China now owns a tremendous amount of the world's debt. The country has a long pattern of minor attacks and probes against our interests, including a recent possible attack on our satellites.
Most of our computers, phones, and motherboards are built in China (and they may, someday, contain potentially unknown payloads). Now, China is scaling up its game, introducing its own chips and building out its own super-computer.
See also: China steps ups its semiconductor game with homegrown supercomputer effort
My research in How To Save Jobs (free download) showed just how single-minded this nation of 1.3 billion people is in its desire to transform itself into a first-world economy. The difference between China and the United States is that China can execute on its grand plans unfettered by such inconveniences as democratic process or public opinion.
Russia, on the other hand, is a different beast.
Although Russia's political system is once again swinging conservative, we haven't seen as much state-sponsored cyberterrorism as we've seen cybercrime originating from Russian and Eastern Europe-based organized crime units. There is no doubt actors from this region are a threat, but they seem far more motivated by monetary gain than by geopolitical influence.
The bottom line, though, is this.
We are, without a doubt, in a time of increased pressure on our digital homeland security. Whether it's because of Eastern European-based organized crime attempts to spear phish for profit or Chinese citizens supposedly acting on their own to rip off American citizens, or state-sponsored Chinese actors probing America's military and infrastructure defenses, we find ourselves increasingly playing defense on an asymmetric battlefield.
Here are some of my other articles on this topic:
FOR YOUR SAFETY: make sure you update all your computers, including add-ons like Acrobat and Flash (don't just click on random download links, but go to Acrobat.com by typing it into your browser!). Make sure your anti-virus definitions are up-to-date, use caution when clicking on shortened URLs, don't visit "those" sites, and avoid opening attachments and files that could be containing nasty payloads.