If China wants respect abroad, it must rein in its hackers – Published on The Economist, Feb 23, 2013.
FOREIGN governments and companies have long suspected that the Chinese hackers besieging their networks have links to the country’s armed forces. On February 19th Mandiant, an American security company, offered evidence that this is indeed so. A report, the fruit of six years of investigations, tracks individual members of one Chinese hacker group, with aliases such as Ugly Gorilla and SuperHard, to a nondescript district in residential Shanghai that is home to Unit 61398 of the People’s Liberation Army.
China has condemned the Mandiant report. On February 20th America announced plans to combat the theft of trade secrets.
Mandiant claims that hackers at Unit 61398 have stolen technology blueprints, negotiating strategies and manufacturing processes from more than 100, mainly American, companies in a score of industries (see article). Its report does not name the victims, but a related New York Times investigation has found evidence that hackers targeted a company providing internet security for American spooks. The hackers also gained access to the systems of an American defence contractor. Perhaps most worrying, they broke into networks of a company that helps utilities to run North American pipelines and power grids. Nobody knows how many billions of dollars cybercrime costs businesses. But pretty much everyone has come to believe that China is the most egregious offender.
America is not an innocent in the world of cyber-spying. It does plenty itself, and acknowledges that these operations are a legitimate part of national security. At the same time, however, it should do more to promote the idea that everyone would gain from “cyberarms control” to set the rules of engagement.
The Mandiant report shows China’s definition of national security includes outright theft. One lesson is that all companies need urgently to upgrade their defences. President Barack Obama has announced measures for greater co-operation between American firms and government agencies to share information. Many companies have been too scared to admit they have been hacked, for fear of alarming clients and investors. In their own interests, they need to open up.
America also needs to make it clear to China that state-sponsored crime is unacceptable. Until now the United States has tended to complain about China’s cyberthieves behind closed doors in discussions with Chinese officials. But with more evidence emerging of China’s flagrant abuses, more naming and shaming should be considered.
Control, Alt, Delete: … //
… (full text).