China’s government and military appear to be directly involved in cyber-attacks against the U.S., according to a report released Monday by the U.S. Department of Defence.
The conclusion, contained in an annual report evaluating China’s military capabilities, marked another pointed claim by the U.S. government amid rising tensions between the two nations over cyber-space.
The DoD said that, last year, “numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military. These intrusions were focused on exfiltrating information.”
The stolen information is useful to a range of Chinese entities, including its defence and technology industries, U.S. policy makers in China as well as military planners, the report said.
Cyber-warfare capabilities could be used to complicate efforts to respond during a military confrontation, including causing slow response times by constraining the communication and commercial activities of an adversary, the report said.
China has strongly denied that it is coordinating hacking campaigns, but computer security researchers – as well a major companies such as Google – have frequently pointed to the nation when describing intrusions.
The DoD report also said Russia and China were playing a “disruptive role” in international forums aimed at establishing confidence-building measures and transparency in cyber-space.
Both nations are also pushing an Information Security Code of Conduct, which would give governments sovereign authority over content and information on the Internet. The proposal has been widely criticised.
The U.S. has argued that existing international humanitarian law should apply in cyber-space. China doesn’t agree, but “Beijing’s thinking continues to evolve,” the report said.
In March, U.S. President Barack Obama’s national security advisor, Tom Donilon, said U.S. businesses have serious concerns about “cyber intrusions emanating from China on an unprecedented scale.” He called on China to recognise the threat cyber-attacks pose to the two countries’ relationship and trade.
In February, computer security vendor Mandiant released a comprehensive report that named a specific Chinese military unit called “61398” as conducting an extensive, seven-year hacking campaign that struck 141 organisations.
The hacking group, also called the “Comment Crew,” was extremely active in targeting U.S. companies and other organisations despite China’s claims that it does not permit state-sponsored hacking.