Washington has not had much success persuading Beijing to rein in its hackers even though American officials and security experts have long known that China is the main source of cyberattacks on the United States. Two recent developments, however, should raise the political costs for China and may cause it to alter its calculus. Refusal to change its conduct could make its relations with the United States even more difficult than they are.
On Tuesday, a new report from Mandiant, an American computer security firm, publicly documented an explicit link between Chinese hackers and the People’s Liberation Army. The report cites a growing body of digital forensic evidence that most of the attacks on American corporations, organizations and government agencies originate in and around a 12-story office tower on the outskirts of Shanghai that is the headquarters of P.L.A. Unit 61398.
Mandiant tracked individual members of the most sophisticated of the Chinese hacking groups, known as “Comment Crew” or “Shanghai Group,” to the headquarters of the military unit, which is central to China’s computer espionage operations. It followed “Comment Crew” for six years, monitoring 141 attacks by looking at Web domains, malware, Internet protocol addresses and embedded codes.
Reporters for The Times confirmed the evidence contained in the report with American intelligence officials who say they have tapped into the activity of the army unit for years.
Chinese officials denounced the report, but their reaction was hardly a denial. “Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don’t know how the evidence in this so-called report can be tenable,” said Hong Lei, a Foreign Ministry spokesman.
In a second development that could further raise the stakes for Beijing, Washington decided to share with American Internet providers and antivirus vendors information about the unique signatures of the largest of the Chinese groups, including those originating from the area where Unit 61398 is based. The government warnings will not link the hackers and their computers to the Chinese Army per se, but the effects will be felt when the hackers and computers are denied access to American networks, as many of the Internet providers and antivirus vendors are expected to do.
American officials are increasingly concerned about cyberattacks intended not just to steal corporate secrets but also, as President Obama said in his recent State of the Union address, to “sabotage our power grid, our financial institutions, our air traffic control systems.”
As a defensive measure, Mr. Obama last week signed an executive order promoting increased information-sharing about cyberthreats between the government and private companies that oversee the country’s critical infrastructure, including its electrical power grid, gas lines and waterworks. Congress still has not acted on legislation setting minimum requirements for how this infrastructure should be protected. A reasonably strong bill offered in the Senate last summer has been stymied by objections from some legislators that it would be too intrusive. So far, Mr. Obama has chosen not to have a public collision with China. He and his aides have largely raised their concerns in private. But patience is wearing thin as China-emanated attacks have grown and the administration pursues a more aggressive response.
China and the United States have to cooperate on numerous international security issues. But that won’t happen if they end up in a cyberwar. Publicizing China’s transgressions and blocking Internet access to hackers should be a warning to Beijing. Washington is right to defend its interests. But the two nations need to take the lead in negotiating new international understandings about what constitutes cyberaggression and how governments should respond.
Nenhum comentário:
Postar um comentário