We get it: among the usual suspects of global hackers, no one hacks quite like China hacks. Chinese hackers have hit Fortune 500 companies like Coca-Cola, Halliburton, ArcelorMittal, and last year, managed to break into the White House’s network. GhostNet, that massive spyware network, originated from IP addresses on the island of Hainan, China – home to the People’s Liberation Army signals intelligence department. So what? What about all those unscrupulous Russian hackers, or the world’s “hacker superpower,” the United States? Just how bad is China?
A panel mandated by the U.S. Congress has tried to offer some clarity in a new report, obtained by Bloomberg, concluding that China’s hacking habit is not only widespread but also wildly dangerous. According to the U.S.-China Economic and Security Review Commission, China is “the most threatening actor in cyberspace." And they’re getting better. The report says that Chinese hackers are developing “increasingly advanced types of operations or operations against specialized targets” and their “persistence, combined with notable advancements in exploitation activities over the past year, poses growing challenges to information systems and their users.” That’s a sort of stilted way of saying that Chinese hackers are good, and they’re getting better.
Hacking is turning into a major national security risk, and about half of the activity seems to be stemming from China. “What the general public hears about — stolen credit card numbers, somebody hacked LinkedIn — that’s the tip of the iceberg, the unclassified stuff,” Shawn Henry, the former head of the FBI’s cyber division, told Bloomberg earlier this year. “I’ve been circling the iceberg in a submarine. This is the biggest vacuuming up of U.S. proprietary data that we’ve ever seen. It’s a machine.”
How big is the iceberg? Statistics show that about 15 percent of all Internet traffic is a cyber attack. Okay, but how much of that is coming from China. Well, when most of the country went on holiday on China’s National Day on October 1, attacks globally dropped to about 6.5 percent. That figure suggests that China is responsible for half the hacking in the world.
So now that we know Chinese hackers are horribly prolific, is there anything we can do about it? It’s unclear, mostly because it’s unclear exactly who these hackers are. Some groups have been linked to the Chinese military, but there’s not much hard evidence to suggest that the government is behind all of this. Cyber security expert Bruce Schneier thinks that, like hacking communities elsewhere in the world, it’s probably just a bunch of bored nerds, and because China’s so big, all those nerds really add up. In a leaderboard at the tech recruiting website InterviewStreet, China holds five spots in the top ten, while the U.S. only claims three.
In the event that it’s not just a bunch of nerds, though, the Obama administration is doing everything it can to boost the country’s cyber defenses – including scaring everybody to death with worst case hacker scenarios. Consider that, for all the concerns about China, there’s another cyber army in According to a report released last July by British security firm NCC, from April-June 2012, China was responsible for 15.8% of all recorded unauthorized network attempts around the world, up from up 13.7%. Russia claimed 13.3%, up from 12.4%.
Global unauthorized hack attacks, via NCC.
But 22.5% of all recorded unauthorized network attempts originated in the United States, 49 million more than January-March, when the U.S. was responsible for 17.4% of global hacks. The report, like many cyber reports before it, doesn’t appear to mention America’s stealthy cyber arsenal and its Ferraris of cyberwar. After all, loose lips sink ships – and the Chinese are coming.