Cyber espionage

A weary smile - that is the extent international security experts have for recent headlines that Chinese cyber-spies allegedly infiltrated overseas networks and stole massive amounts of data from US companies, media and think tanks.

The discovery of the Ghostnet cyber spying operation in 2009 made it abundantly clear years ago that Chinese hackers not only possess the ability to launch large-scale espionage attacks - they also put those skills into practice. Ghostnet, which is believed to be operated from China, infiltrated political and economic locations in about 100 countries. That makes it one of the largest-scale cyber espionage attacks ever.

Much more crucial than reports about recent Chinese hacker attacks are the circumstances of the announcements and the political consequences, experts say. In a 78-page report released in February, the American cyber-security company Mandiant details how a group of hackers operating from Shanghai has spied on at least 141 US companies since 2006, stealing several hundred terabytes of data.

Massive amounts

By comparison: the 2006-2010 Twitter archives at the US Library of Congress - the world's largest library - encompass about 170 billion tweets, that is about 130 terabytes. According to Mandiant, the trail of the attacks leads to the People's Liberation Army's Shanghai-based Unit 61398.

It is not the conclusion that makes the Mandiant report so significant, Herb Lin says. "The extensive documentation is much more important," the chief scientist at the Computer Science and Telecommunications Board at the National Academy of Sciences in Washington adds.

Michael Waidner, head of the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt, agrees: blaming China for cyber espionage is no news. What is surprising, however, is the Mandiant report's unambiguity. "To date, no one has dared claim so clearly that they can prove the source of the attacks," Waidner told DW.

While both experts concede it is impossible to be 100 percent sure who the attackers are, they say Mandiant's investigation and documentation is convincing. Beijing may have denied involvement, but China has made no effort to disprove or investigate the allegations, they say. Which is no wonder, according to Nazli Choucri, a professor of political science at the Massachusetts Institute of Technology (MIT) and author of "Cyber Politics in International Relations.""When the hand is in the cookie jar and the top gets jammed onto your fingers it’s pretty obvious."

Published, complete evidence intelligible even to people not familiar with IT issues - that is the novelty.

As a rule, reports about cyber espionage stay under wraps because companies affected fear for their reputation and publication complicates the monitoring of future attacks. Mandiant explicitly mentions these concerns in its report and explains that after much consideration, they decided that for political reasons, it is more important to make this particular case public.

A real danger

The Obama administration has not expressly confirmed the Mandiant report, but it is hardly a coincidence that the government published its new 140-page strategy to combat the theft of US trade secrets shortly afterward. Beijing is mentioned more than 100 times in the official document. It is also no coincidence that a week before Mandiant released its findings, on the very day he gave his State of the Union Address, President Barack Obama also signed a presidential executive order on cyber security. In the address, he devoted more time to cyber security than to the Iranian nuclear program. Earlier this week, the chair of the Senate Intelligence Committee and Democratic Senator Dianne Feinstein publicly affirmed the Mandiant report.

"We always used to think of the virtual, or the cyber world as separate from the traditional physical, kinetic world we are familiar with," Choucri says. "But this most recent incident and the fact that the government is naming names for the first time marks the beginning of possible cross-domain-diplomacy, that is, an unfriendly act in the cyber domain can lead to a response in a different domain."

Wild West scenario

Washington takes this virtual danger seriously: In late 2012, then-Defense Secretary Leon Panetta warned the United States was facing the possibility of a Cyber-Pearl Harbor, pointing out there is no comprehensive protection from cyber attacks, not even for a leading IT nation like the US.

"The only safe computer is in a locked box, with no cables going in or out," says Lin. The US government is prohibited from engaging in economic espionage for the benefit of American companies, so Washington is now considering economic sanctions as a last resort, although a trade war is by no means in the United States' interest.

Experts suggest introducing generally accepted norms based on international regulations instead: cyber attacks should be condemned like any other foreign attack with conventional weapons. Right now, political scientist Choucri says, cyber space is like the Wild West, but without a sheriff.