Allegations of hacking US websites 'false and unprofessional'

China on Tuesday denied allegations that its government and military are behind cyber attacks against websites in the United States.

"The Chinese army has never supported any hacking," the Ministry of National Defense said in a statement. Such accusations are unprofessional and false, it added.

The ministry's remarks were in response to a report by US-based Internet security firm Mandiant Corp on Monday that claimed China's army controls some of the most prolific hackers in the world, and that a host of cyber attacks had been traced to a building in Shanghai. According to Mandiant, the attacks were made against 141 companies, including 115 in the US, dating back to 2006.

Some academics and experts in computer security said verifying the firm's claims would be difficult, as hackers' origins are transnational and anonymous. In addition, these people said, the report could be intended to raise the specter of a China threat.

Tracing the alleged attacks to the Shanghai building, if true, would also mean that Mandiant had hacked into that facility, the observers said.

China bans all forms of cyber sabotage, including hacking, and the government always strongly fights any such activities, the ministry said.

China, like other countries, also faces a severe threat of cyber attacks and is a major victim of them, it added.

In 2012, about 73,000 overseas Internet protocol, or IP, addresses controlled more than 14 million computers in China and 32,000 IP addresses remotely controlled 38,000 Chinese websites, Foreign Ministry spokesman Hong Lei said at a regularly scheduled news briefing on Tuesday.

Attacks originating from the United States rank first among these hacking incidents, Hong said.

The Chinese army is also one of the top targets. Between January and March 2012, the websites of the Ministry of National Defense and China Military Online suffered 240,000 cyber attacks, according to the defense ministry.

Wen Weiping, a professor at the School of Software and Microelectronics at Peking University, said cyber sabotage targeting China is rising rapidly, but Beijing has seldom accused other countries of launching the attacks.

Zhu Zhiqun, a professor of political science and international relations at Bucknell University in Pennsylvania, said allegations like those in the Mandiant report reveal the level of distrust between the US and China.

"If mutual mistrust isn't dispelled, more hostile and damaging actions from either side are expected in the future," Zhu said.

"In this information age, the international community has not established a common protocol on cyber behavior. Establishing such a protocol is an area the US and China can actually cooperate so as to protect their respective national interests from being compromised by cyber attacks," he said.

Some experts said recent allegations could be part of an effort by lobbying groups and private companies that would likely benefit if Congress were to pass legislation and increase funding in the area of cyber security.

"The allegation that China's military is somehow involved in cyber attacks is not entirely new. The motivations of Mandiant's report are unclear, and the timing is questionable," said Zhu.

"What is not disclosed or discussed in such reports is the reason why China allegedly spies so systematically on the United States and vice versa," he added.

Recent claims of attacks by US-based news organizations - the New York Times, the Washington Post, and the Wall Street Journal - against their networks didn't include solid evidence of Chinese government involvement.

Currently, two members of the House of Representatives, Republican Mike Rogers of Michigan and Democrat Dutch Ruppersberger of Maryland, are pushing for passage of the Cyber Intelligence Sharing and Protection Act. The bill was introduced in 2011 but got stalled in the Senate last year.

While the legislation would help the US government probe cyber threats and ensure the security of networks, it has been criticized by Internet-privacy and civil-liberties groups.

Since the announced return of the bill a week ago, a number of advocates, including the American Civil Liberties Union, launched petitions against CISPA. On Feb 14 the groups Demand Progress and Fight for the Future delivered more than 300,000 signatures to the House Intelligence Committee to protest the proposed legislation. More than 1 million Americans have signed anti-CISPA petitions so far.

US President Barack Obama last week signed an executive order on cyber security. Unlike legislation, however, presidential executive orders can't force compliance by private companies.

A day after Obama's announcement, the US Chamber of Commerce expressed opposition to his order.

"The US Chamber believes that executive action is unnecessary and opposes the expansion or creation of new regulatory regimes," Ann Beauchesne, the chamber's vice-president of national security and emergency preparedness, said in a statement.

Besides accusing China of cyber attacks, the US has accused Russia and Iran of engaging in similar activities. While Iran was blamed for a spate of cyber attacks against US banks in late 2012, the Gulf nation charged that the US and Israel were behind cyber attacks on Iranian oil and nuclear facilities through the spread of the Stuxnet computer viruses.

International rules could seek to rein in hacking but can't eradicate them or allegations thereof, said Cui Baojiang, an expert on information studies at Beijing University of Posts and Telecommunications.

Contact the writers at zhaoshengnan@chinadaily.com.cn and chenweihua@chinadailyusa.com

(China Daily 02/20/2013 page1)