WASHINGTON —
While a U.S. computer security company links China’s government to scores of cyber attacks in the United States, there are fears in Washington that the U.S. risks losing a cyber-war. Analysts say computer hackers are attacking more often, and in more sophisticated ways.
President Barack Obama has ordered government agencies to share information about cyber-threats with private companies, and Congress is considering new laws to increase protection for vulnerable firms.
Officials have been investigating and prosecuting computer hackers around the world for years.
On Tuesday, Mandiant, a U.S. cyber-security company, linked scores of attacks to a specific Shanghai building, the headquarters of a Chinese military unit blamed for cyber-spying. Mandiant says the group it calls APT1 has hundreds of hackers working within a few blocks of one another.
Taking action
Map of the APT1 hacking headquarters in Shanghai, China.
Even before the latest revelations, U.S. Congressman Mike Rogers, chairman of the House Intelligence Committee, said it’s time to get tough.
“We are in a cyber-war. Most Americans don’t know it. Most folks in the world probably don’t know it. And, at this point, we are losing,” said Rogers.
The U.S. government warns that hackers could cause chaos by damaging the electrical grid, disrupting air traffic, fouling up the financial system or stealing trade secrets. Mandiant says that over the past few years, APT1 hackers increasingly have been probing those systems.
China’s Foreign Ministry rejects the accusations.
“We have stressed many times that hacking attacks are transnational and anonymous. Determining their origins is extremely difficult. We don't know how the evidence in this so-called report can be tenable,'' said Hong Lei, China's foreign ministry spokesman.
Congressman Rogers is sponsoring a bill to help U.S. companies protect their computer systems by cutting barriers to sharing information among companies and with the government.
Mandiant's Report Finding on Chinese Cyber Attacks
Key findings of Mandiant's report:
Links hacker group APT1 to secretive unit of the People's Liberation Army (PLA)
Says group is responsible for stealing data from at least 141 global organizations since 2006
Tracks dozens of cyber attacks to neighborhood surrounding PLA building in Shanghai
Says attackers commonly used emails containing malicious attachments to inflitrate networks
Privacy concerns
But Michelle Richardson of the American Civil Liberties Union said this could allow companies to collect information that has nothing to do with security.
"Right now, [it] would eviscerate all the current privacy laws on the books, and allow companies that collect our very sensitive and personal information share with each other and with the government, without making any efforts to protect privacy or limitations on how it could be used,” said Richardson.
Charles Renert, vice president of the security company Websense, told VOA via Skype that it's possible to balance privacy and security.
“We have to scan the attacks. We have to understand the nature of the attacks, and those rarely compromise the privacy of the individual if properly executed," said Renert.
While Rogers’ bill failed to pass a previous Congress, there is growing concern in Washington about the threat of cyber attacks - both military and economic. So pressure may be building for action.
Mandiant's Report Finding on Chinese Cyber Attacks
Key findings of Mandiant's report:
Links hacker group APT1 to secretive unit of the People's Liberation Army (PLA)
Says group is responsible for stealing data from at least 141 global organizations since 2006
Tracks dozens of cyber attacks to neighborhood surrounding PLA building in Shanghai
Says attackers commonly used emails containing malicious attachments to inflitrate networks
