Pentagon accuses China of cyberattacks on U.S military, business targets

Stolen data is used to ramp up China's military and high tech industries, Defense Department says in report to Congress

Chinese cyber espionage activities are fueling a rapid modernization of the country's defense and high tech industries, the Pentagon said in an unusually candid assessment of China's military and security developments last year.

In a departure from the usually veiled suggestions of Chinese involvement in cyberattacks, the 92-page Department of Defense report, released Monday, openly accused the Asian giant of launching cyberattacks aimed at exfiltrating information from the U.S. government and military as well as from corporate entities.

The stolen information is supporting China's defense industrial base, helping Chinese policymakers and military planners build "a picture of U.S. defense networks, logistics and related military capabilities that could be exploited during a crisis," the report said.

Importantly, the report cautioned, the espionage activities are helping the country build out a sophisticated electronic warfare capability aimed at neutralizing American technological superiority in traditional kinetic warfare and other areas.

"China's investments in advanced electronic warfare systems, counter-space weapons, and computer network operations ... reflect the emphasis and priority China's leaders place on building capability for information advantage," the Pentagon said. "Beijing is investing in military programs and weapons designed to improve extended-range power projection and operations in emerging domains such as cyber, space, and electronic warfare."

Allegations of Chinese involvement in cyberattacks against U.S. interests are certainly not new. Security vendors and private companies in the U.S. have long accused operatives in China of launching countless cyberattacks to steal secret military, government or corporate data.

Earlier this year, security firm Mandiant released a detailed report that said a unit of the People's Liberation Army (PLA) of China was behind a years-long systematic cyberespionage campaign against the U.S. and several other countries. Chinese cyberattackers have breached since 2006 over 140 large companies from 20 major industries considered as strategic by China, the Mandiant report said.

In April, a senior director of Microsoft's Institute for Advanced Technology accused hackers operating out of China of trying to infiltrate the IT vendor's computer systems in a bid to find accounts that were under surveillance by the FBI and other law enforcement authorities.

That effort was apparently part of an elaborate counter-intelligence operation carried out by operatives in China to find out if any of their U.S. based agents had been compromised or were under surveillance in this country.

U.S. lawmakers too have on numerous occasions voiced concerns about cyberattacks originating from China.

Despite the rising rhetoric elsewhere, the U.S. government has long stopped short of openly accusing the Chinese government of launching cyberattacks.

That restraint may finally be wearing thin after the release of the Mandiant report and the public acknowledgment of its accuracy by security experts, DoD officials, intelligence analysts and U.S. lawmakers, said Anup Ghosh, CEO and founder of security firm Invincea.

Since the report was released, "the pressure has been mounting on the [Obama] Administration to not only acknowledge the threat, but also to declare how they will defend U.S. interests against the Chinese cyberthreat," Ghosh said.

"The acknowledgement by the Pentagon is a first step in publicly declaring the threat," he said. "The administration still needs to lay out what steps it will take to both defend against the threat as well as discourage unrestrained attacks against U.S. interests."

According to the Pentagon, China's cyber espionage activities are allowing the country to collect data for intelligence and network attack purposes.

The cyberattacks are also designed to slow down incident response times and disrupt logistics, communications and commercial activities, the report warned.

The report offers little information on capabilities of other countries to launch cyberattcks on U.S. interests.

In the past, security analysts and even the government have noted that China is by no means the only nation focused on ramping up its online spying capabilities.

The U.S. is also no laggard in launching cyberattacks on other nations.

For instance the Stuxnet attacks that disabled centrifuges at Iran's nuclear facilities in Natanz in 2010 are believed to have been carried out by security experts in Israel and the United States.

A 2012 report from the U.S. Department of Defense's Defense Security Service (DSS) entities said East Asia, where China is located, and the Pacific region, accounted for 42% of all attempts to collect sensitive U.S. data illegally. That report considered a range of espionage activities, and not just cyber espionage.

The report said the Near East, comprised of Iran, Israel, Libya, Saudi Arabia and other countries, is the second most active region, with 18% of all reported cyberattacks. Europe accounted for about 15% of the attempted attacks since 2007, while South and Central Asian countries such as India, Pakistan and Bangladesh were said pose a moderate cyber threat over the next few years.

John Pescatore, director of emerging security trends at the SANS Institute, said that while there's little doubt that China is actively engaged in cyber intelligence collection activities, the U.S and its allies are as well.

He noted that China's focus is on stealing industrial and trade secrets to close gaps in its own capabilities. That focus compares to the Soviet Union's effort to steal U.S trade secrets during the cold war.

Pesactore previously worked for the U.S. National Security Agency (NSA).

Traditionally, the U.S hasn't had to widely engage in industrial espionage because its capabilities have been well ahead of countries like China. Instead, its intelligence gathering efforts have been focused more on defense and security related goals, and more recently, counter-terrorism objectives, Pescatore said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is

Read more about cyberwarfare in Computerworld's Cyberwarfare Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and Hackingsecuritycyberwarfare

More about FBIMicrosoftNational Security AgencyNSASANS InstituteTechnologyTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts