But again: What I don't see is any evidence, and without publicly disclosed evidence linking the Chinese government to the crime, I don't see how anyone can justify throwing strong accusations at said government.
Admittedly, I have lots of friends who have better access to classified data, and they assure me that we do have the evidence to pin the rap on China. But to be honest, I'm not really sure if I believe them. If we did have the evidence, why wouldn't we share it? What possible reason would a person, company, or government agency have for not publicly disclosing irrefutable evidence of Chinese government hacking in the face of their strong protestations to the contrary?
I've heard lots of interesting defenses, ranging from "we wouldn't want to make the Chinese government mad" (which is strange considering nothing would make me madder than unsubstantiated accusations on the world stage), to "nation state hackers never, ever, leave hacking trails" (I've never known any government or hacker to do anything perfectly) to "revealing the evidence would reveal our intelligence methods and sources." I can't believe that not one bit of evidence can be revealed to answer the Chinese government's protestations of false accusations.
Most of my friends assume I'm lost in some naïve "innocent until proven guilty" mentality. They say that absolute proof of Chinese government hacking will never come out, that the best we can do is present overwhelming circumstantial evidence that the Chinese government have committed the crime. To be honest, I've never been overly impressed with cases decided by purely circumstantial-evidence. I'm certainly not ready to use it to pass judgment on an entire country.
Suppose for a moment that the Chinese hacking is completely (or even mostly) perpetrated by private Chinese citizens. Certainly this is just as plausible of a scenario, and we have proof of this one in the form of originating IP addresses and other published evidence. By not acting stronger to decrease cybercrime, is the Chinese government somehow responsible for it? I ask here because I truly do not know. I know of other countries that seem to knowingly encourage cyber-hacking through neglectful law setting. But I've not heard of China put into the same category.
Is the Chinese government overly neglectful in cybercrime law or enforcement? Or, as I suspect, is the Chinese government just not doing a super job at it, like my own government? I mean, we passed the CAN-SPAM Act in 2003, yet since then, spam has escalated to the point that it constitutes more e-mail traffic than does legitimate email. We also certainly have dozens of state and federal laws against cybercrime, yet millions of our citizens fall victim to exploits and malicious hacking each year. We prosecute almost no one (for a variety of reasons).
The bottom line here for me is, until I see irrefutable evidence that the Chinese government has knowingly involved in sponsoring foreign cyber-hacking, I can't help but presume the government is innocent of this particular wrongdoing. Too many falsely accused people, companies, and even countries have been found innocent of the early charges in a fully functioning, open justice system for me to think otherwise.
And if someone has evidence, why not release it to end the debate? Until then, I'm going to suspect that China has the same problem as all the other countries around the world in controlling malicious hacking by its citizens. ?? (Zai jian, "good-bye" in Mandarin)
This story, "Is the Chinese Government Really Behind Cyberattacks?" was originally published by InfoWorld.