Is the Chinese Government Really Behind Cyberattacks?
Even since reports emerged about Chinese cyber-attacks on several companies, including Google, the media has been full of stories accusing none other than the Chinese government (or its agents) of the dirty deed. For those of us inside the computer security industry, there's nothing new about suspecting the Chinese government of malicious hacking. What's missing in this case, however, is evidence, and until that proof materializes, I refuse to point the finger at Beijing.
I'll readily admit that the Chinese government has a dubious track record when it comes to malicious hacking. The first public allegation of Chinese military hacking was back in 2005 with the Titan Rain project. Today, we have many well-documented cases of hacking originating from China (just use an Internet search engine to be overwhelmed). There are plenty of public whitepapers about Chinese government hacking programs. Among the most recent respected papers are Northtrop Grumman's "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation," and the 2009 "U.S.-China Economic and Security Review" report to Congress.
Moreover, I'm personally familiar with many cases where government and military secrets have been hacked and sent to Chinese-originated IP addresses. It's the world I have lived in for the past two to three years. Chinese hacking of government and military information is rampant.
But, I've yet to see a shred of evidence that the Chinese government is involved in any of these incidents!
Let me clear here that I am speaking on behalf of myself, not my employer or any company I've consulted. Also, let me say that I haven't had access to classified data on the issue.
Additionally, I'm not defending China for such actions as blocking free access to any information (with the notable and understandable exceptions of child pornography, classified information, etc.). I can't understand any society tolerating filtered search queries. Moreover, I certainly believe that the Chinese government is capable of sophisticated hacking. I even believe it's likely that the Chinese government would engage in that sort of activity.