Chinese Government Accused of Hacking Congress

Alotau writes "Chinese hacking is getting some serious Congressional attention. Two House members said Wednesday their Capitol Hill computers, containing information about political dissidents from around the world, have been hacked by sources apparently working out of China. Virginia Rep. Frank Wolf says four of his computers were hacked. New Jersey Rep. Chris Smith says two of his computers were compromised in December 2006 and March 2007. The two lawmakers are longtime critics of China's record on human rights."

It's all about money.

[yog (19073)]

The U.S. makes a lot of money off doing business with China, something like $386 billion in 2007. Retailers like Walmart and Target, manufacturers of every description, and shippers all have a huge stake in U.S.-China trade, even though China enjoys a growing surplus with the U.S.

Under these circumstances, it's not surprising that some mischievous hacking of Congressional computers is overlooked by the people who are supposed to care about such things. Where it gets more serious is the hacking of Pentagon systems that seems to be originating from sites in China.

China's government today is trying to juggle a growing nationalism among younger Chinese, a nationalism that is not friendly toward the West and the U.S. in particular, despite our close economic ties. They have fostered a hostile attitude toward the U.S. through years of propaganda, and this, too, the Americans have ignored in the interests of making money.

It will be interesting to see what happens come the day that China's huge internal market is affluent enough and their technology level high enough that they no longer need the U.S. as either a customer or investor. But in the meantime, it would be advisable for these Congressmen and other officials like Carlos Gutierrez (whose laptop was compromised during a trip to Beijing) to switch away from easily hacked systems like Microsoft Windows, and maybe keep their systems offline or only on a secured and firewalled intranet.

I also think that the U.S. government should not be using home computers like Dells running Windows. The hardware components are largely manufactured in China these days and who knows what evil back doors might be implanted in ROMs, akin to the compromised printers that were shipped to Iraq from the U.S. in the pre-Gulf War days.

Re:It's all about money.

[zoogies (879569)]

They have fostered a hostile attitude toward the U.S. through years of propaganda, and this, too, the Americans have ignored in the interests of making money.

One thing I'd like to point out is, this is much less due to "years of propaganda", as you say, than the fact that the US has not exactly made friends throughout the world recently. It's viewed as an arrogant superpower trying to police the world.

On the flip side, US media is doing its best to foster a national sentiment that is very unfriendly towards China.

But I do agree with the rest of your post.

Re:hmm.. i think the chinese are doing a good job

[zoogies (879569)]

"Microsoft recall" - search pulls 711k results.

Yeah, Chinese companies are not meeting standards, and they are probably cutting corners. BIG shock.

As far as openly executing executives? I've heard of one case where that's happened, and - I don't have any sources handy - it was for something egregious, like intentionally shipping a product resulting in hundreds of deaths (I'll stop because admittedly, I don't remember the details. I wouldn't say the guy deserved to die, but that's just me). So what are you suggesting with the "kill themselves" in quotes? That the Chinese government is running some secret program whereby company execs who embarrass the name of the country are killed off?

Someone needs to drink less of the Western media kool-aid.

But well, China is clearly a world threat, given its aggressive tendencies...you know, Red China ramping up their military, how dare any country do such a thing. But we're in no position to point fingers here, because we've been the country going around, occupying other countries, for - as time goes by - reasons which become more and more farcical.

There's a much stronger argument that the US is the biggest threat to the world, but thankfully, this could change with a new administration. (+1 for democracy).

But you know what, China's economic and military growth IS a threat to the US's status as a superpower, something which we would very much like to hold on to, so you bet the US government and our "free, independent" media wants us all to think of China as a dangerous, evil "dragon" waiting to rise and destroy us all. That's propaganda.

Re:It's all about money.

[DaedalusHKX (660194)]

Not only that, but the issue at hand isn't just crappy software, or cheap hardware, the issue is that the laptops and desktops used by the "representatives" are truly representative of their base. Built on ignorance.

I will illustrate what they are NOT, instead:

My personal work, and travel abroad laptop, contains CAD software, email RECEIVING software, video watching software, instant messaging software and secure delete software. It does not contain, services, weatherbug type stuff, spyware or other things that should NOT be running on a system that might get stolen or broken into while I'm out sampling the local night life in some third world country.

Does my system contain sensitive info? Depends what you call sensitive. Is it hard to get to? You betcha. Are the federales in the USA (or government agents in ANY country for that matter) as careful with THEIR client info (namely that of their respective people or informants abroad?) All evidence points to the contrary. Trust the government if you wish for a not so swift, painful death at the hands of whomever they willingly or unwittingly sell you out to. As for me, I value my health and wealth enough not to leave my data lying around for others to partake of.

Not because I worry that I will be hacked or my clients will sue me... no, I do this out of RESPECT for those with whom I've done business or with whom I've exchanged information. I respect them enough NOT to sell their info or treat them like trash. As a result, they return the favor. And if they do not, they won't long remain on my contact list. I make it a point not to associate with the stupid or the insane. I safeguard even my tavern mates' information, not because it is financially valuable, but because I respect those individuals and would not subject them to undue privacy violations (other than what the DHS and other spy in the sky types will subject them to regardless of their guilt or innocence in any particular subject). Respect is one of those things that is not valued as much in this world, even if it, along with TRUST are still the most valuable and among the few things one should consider "assets".

Do the government goons and politicians in various countries respect those whose information they access on their computing equipment? Apparently, the answer is not exactly one that encourages me to wish to associate with these individuals, regardless of how much money they make or what titles they are bestowed with.

Re:Windows Again!

[YrWrstNtmr (564987)]

Jebus...can we leave the OS wars out of it? Just this once?

From the line you quoted, it sounds like they had physical access to the machine to do the copying. Any and every OS will fall if you have the thing in your hands.

No, we can't. And we shouldn't, either.

[Ungrounded Lightning (62228)]

Jebus...can we leave the OS wars out of it? Just this once?

No, we can't. And we shouldn't.

People in the government are putting life-critical and national-security-critical information on computers driven by a software system that is notorious for a multi-decade history of being riddled with security holes, some of which are architectural and unfixable.

Doing this - and CONTINUING to do this when they should know better - is a major part of the issue under discussion.

In this case it has resulted in the disclosure of the identities of dissidents to the intelligence agencies of foreign governments who wish them eliminated. This will probably result in a number of incarcerations, tortures, and deaths.

In other cases it may even lead to outcomes as serious as the US losing a war, being conquered, or being destroyed.

This is an important issue. Failing to fix it may result the deaths of multiple millions of people and creating a future consisting of a jackboot on humanity's neck for generations to come.

For us to refrain from discussing it because you're sick of "OS wars" would be beyond criminal. It only lacks a declaration of war to qualify as treason.

Re:Windows Again!

[lgw (121541)]

Whole disk encryption fails if you have physical access to the running machine, as the keys are in memory somewhere, but it's certainly better than nothing.

It's not at all hard to use whole disk encryption with a Windows laptop. The complaint here should be "why wasn't the laptop encrypted", not "why was it running an unfashionable OS".

Re:Windows Again!

[willyhill (965620)]

Windows can be perfectly secure, if you exercise some common sense. My company's XP laptops are all encrypted, and require a password at boot time to work. You can also use BitLocker if you have Windows Vista. Your Solitaire dig is unfunny at best.

In any case, they had physical access to the machine, so unless you're encrypting the HDD, it's game over. Your stock Debian laptop would have been compromised as quickly as the one with Windows XP. Bastille Linux is just the same type of protection that can be had for Windows if you want or need it, and I'm guessing in this case they do want and need it. But it's not Windows' fault, and it's not Microsoft's fault, no matter how much you want that to be the case.

Re:Windows Again!

[lawn.ninja (1125909)]

Bastile-Linux. Great tool. It doesn't prevent you from booting the laptop with knoppix or something of the like, then mounting the drive and dd'ing it. They should be using multi-tier'd security for any system that leaves the premises. With considerations for different types of attack vectors. Physical and virtual. JMO. Also... If they can fry the electronics in a plane with the flip of a switch why can't they make the laptops self destruct when something cracks or penetrates the case? You could easily kill anything that would of had data on it by frying it if someone tries to remove it. Or better yet... Don't carry a laptop with data on it. Get the data via some secure channel and have it armed with a TTL, so it removes itself from existance. But what do I know, all my important stuff lives on the flash drive in my pocket and its encrypted.

Sorry! Physical access!

[Chas (5144)]

Sorry, they could have been running a fully locked down setup that even the legitimate END USER has trouble getting into, and it wouldn't make any difference.

If they were able to get the laptop long enough to copy the system, you're screwed either way.

China's Nationalism problem is tremendous.

[MasaMuneCyrus (779918)]

We have nothing on China. According to the BBC's annual poll of nations [globescan.com] opinions of other nations influence, 90% of Chinese think China has a positive influence on the world. Ninety percent. That's not only provocative, but outrageous. That's surely similar to 1940s-era America, hardly like now, where only 56% of Americans believe that America has a positive influence on the world.

China has an unquestionable horrifying nationalism problem. This can be seen in issues such as Tibet and Taiwan. What's troubling isn't that Chinese want Tibet and Taiwan to be part of China, I can view that as acceptable. What isn't acceptable, however, are such obvious propaganda-induced lines of reasoning such as "Tibet has always been a part of China and forever will be a part of China." Not only is that false -- Tibet was its own country until China marched in there 50 years ago and took it, but that's how it works in war; winner takes all. But then the Chinese government proceeded to educate their entire 1+ billion population that, indeed, Tibet had always been a part of China, and that anyone who questioned otherwise was not Chinese and was siding with the Dalai Lama, who isn't even human.

Another Nationalism-brought issue outlined by the BBC poll is its hatred of Japan. There are only two important countries in the world that hate Japan -- China and South Korea. One might argue that it's because of Japan's war-time atrocities that they never properly atoned for. They have apologized many times, however poorly, and Japan is not elegant in international relations. That said, my argument is, East Asia was hugely and negatively affected by the Japanese Empire. China and South Korea aren't the only countries affected with horrendous atrocities. But why then, have all of the other South-East nations forgiven Japan, but China and South Korea haven't? Only 12% of Chinese carry a positive view of Japan's influence on the world -- not opinion of Japan, but opinion of the positiveness of Japan's influence on the world. Whereas in Taiwan, Japan's very popular culturally, even though many elderly people still speak Japanese from being forced to learn it during occupation!

And my last argument -- Anti-Anti-Chinese protests? VIOLENT Anti-Anti-Chinese protests, with prevalent stalking and death threats of anyone that criticized China? C'mon, that's pitiful.

And to any Chinese that might be reading this, my message would be that there's nothing wrong with being proud to be Chinese. There's nothing wrong with wanting the Chinese people to be united and patriotic. But people and government are separate. Just because you're Chinese doesn't mean you have to defend your government for no other reason than that it's my government, just how Americans don't have to defend President Bush just because he's my President. Nationalism is good in small doses for the morale of a country, but in large quantities like currently present in China, war is almost certainly inevitable. Think about the nationalism of 1940s America, 1940s Japan, 1940s Nazi Germany (hah, Godwin's law strikes again!). Unchecked Nationalism only brings horror and foolish decisions, all for the sake of being Chinese, or being American, or being Japanese, or being German.

Re:China's Nationalism problem is tremendous.

[HungWeiLo (250320)]

If you think SE Asians are not still pissed at the Japanese, talk to older Filipinos sometime. You'll get an earful. Of course people in SE Asia are not as emotional about the Japanese in WW2 - other than the Philippines, SE Asia was relatively untouched compared to northeast Asia. Taiwan had already been fully occupied by Japan for 50 years prior to the war, so most of the populace had been pacified and assimilated by then (my Taiwanese in-laws can speak Japanese much better than Taiwanese).

Japan is not just culturally popular in Taiwan. Its culture is a main driving force all over East Asia, without exception. Japan's plan to wait it out has worked the way it was supposed to - the older people who lived through or have heard about the war are dead or are very old. Young people today hold no such grudges, and slurp up Totoro stuffed animals just as well.

I don't see why it's surprising that Chinese and Koreans are still sore about Japan. To this day, Japan's high-ranking officials have paid both personal and state visits to shrines containing memorials to convicted WW2 war criminals [wikipedia.org]. If a German chancellor was to humbly visit Hitler's birthplace, that would certainly be seen as an unspeakable act. If Nazi Germany was in power today, would you also suggest the Jews of the world to "forgive" them as well?

The interesting thing is - the latest round of negative feelings toward Japan was not instigated by the Chinese government (although they certainly didn't work very hard to calm their citizens). Conversely, the Chinese government would rather not stir up any raw feelings because Japan is now a much more integral trading partner. Ironically, it was the freedom of information which let the average Chinese read about these war criminal shrine visits in Japan, or when naive Westerners shoot their mouths off about China [tmz.com].

People of China != Government of China

[Darkness404 (1287218)]

Having not read TFA but read the summary, it only says that they were working out of China. That could mean that any person in China with access to a computer and *possibly* access beyond the great firewall of China could have done it. The summary sounds like if a US hacker hacked the Chinese government it would have to be the US government and not some ordinary hacker.

Re:People of China != Government of China

[CrazedWalrus (901897)]

I don't really understand why this is such a surprise to people. Countries spy on each other. News at 11. No one is starting a war, it's plain ol' espionage such as has gone on since the beginning of civilizations.

The fact that the US government seems to think that this doesn't apply to computers and the internet is what's appalling, not the fact that China has spies.

It's time that the government wake up and secure their systems. That the Chinese and every other government will look out for their own interests by whatever means they can get away with should simply be assumed.

the proper response by the us govt

[circletimessquare (444983)]

would be to author software to circumvent chinese censorship, and distribute it widely

shouldn't be too hard to distribute, just hack in

So What?

[camperdave (969942)]

So what makes China any different. Lobbyist groups have been "hacking" congress for ages.

Anyone recommend an online Mandarin turorial?

[damburger (981828)]

Because I think its going to be a useful skill given the way the wing is blowing.

Only a few years ago the eclipsing of the US by China was seen as a far off, ad even an unlikely, contingency. Now it is looking almost certain. They've quietly kept their heads down, developing their economy and their military, whilst the US has blown trillions of dollars on a pointless war, fumbled its economy and trashed its international reputation.

What kind of superpower can't do anything in response to such an open violation of its national security? It is the same kind of powerlessness that was demonstrated by the UK when the Russians openly murdered someone in the middle of London and we did nothing of consequence.

We in the west have squandered our soft power and shown our hard power to be just about adequate for securing two barely armed third world shitholes. This fact hasn't been missed by Russia and China.

don't shell out that cash yet...

[je ne sais quoi (987177)]

I know many native chinese and have even been to Beijing. I can say that you should take Mandarin if you want to learn more about Chinese culture or because you want to travel there, not because your afraid of China becoming a super-power. They're not super-powering anywhere yet.

The same cultural factors that cause them to ship lead paint based toys and glycol laced toothpaste [nytimes.com] affects them too. It's called corruption. For one thing, the whole place is an environmental disaster. For another, if you look at building quality there it's the same thing -- buildings in China that have been made 15 years ago look like they were made 50 years ago, with water stains and poor quality maintenance. A good example of this? Look at the school buildings that fell down in the earthquake [timesonline.co.uk], bricks that fell apart like sand, rotten supports, etc. etc. etc. Classic corruption at work. This also extends to their military. [nytimes.com]

Let's put it this way, in the U.S. we have occasional overt corruption of politicians and government officials (notably the current administration and their no-bid contracts to Halliburton in Iraq, etc.), and some institutionalized corruption such as lobbying, but it's nothing like China. Imagine politicians like Bush and Cheney, or the democratic congressman with the $90k in his refrigerator were the norm. from the state to local level. Nothing would work, everyone would be promoted due to loyalty rather than competence. In the U.S. there's been tremendous damage just from seven years of the current adminstration, but think about what the country would look like after 50 years of it: that's China. So yeah, if the Chinese were to suddenly change their culture and make it dishonorable to be corrupt rather than just get caught, we'd have problems but as it is China is going nowhere fast.

Targeting or firehose?

[victim (30647)]

I have a server the size of a double CD case locked in a dark generator shed on a tiny island miles from anywhere that sits alone 9 months of the year reporting battery bank voltages to me.... Chinese hackers attempt to break into it several times a day.

The fact is, there is a metric shitload of Chinese hackers out there. Just because you think you are something special doesn't mean they are targeting you.

(of course the hacker may not be from China, they are just using a machine in China as the most recent hop.)

As much as I think this is important...

[mathfeel (937008)]

Suppose China were found unequivocally guilty by this congressional hearing, what kind of punishment/sanction is our pro-business government (both parties) going to impose? There'll surely be economical retaliation and Walmark are not going to like that.

Just like suppose Windows were found to be running on most of the hacked computer, is our government going to to tough enough to demand replacing all our military computers with something more secure? Not when a multi billion contractor from Redmond has anything to say about it.

This raises another point. Surely our enemies with resource (and computer resource is cheap and abundant) are going to try to hack us. Shouldn't we be more focused on securing our system: something we can do pro-actively. Instead of blaming the attacker, over whom we have to jurisdiction (or unwilling) to punish, shouldn't we punish those people who leave us vulnerable here, at home, when we are paying them shit load of tax money to secure our infrastructure? And if the infrastructure is to blame, should we blame congress?

Working out of China or working for China?

[Drakin020 (980931)]

Does working out of China mean they work FOR the Chinese government? Or is it just speculation?

Still going on

[DynaSoar (714234)]

This has been happening since China first got IP space. Their defense department was the origin of their first (very amateurish) hacks, those against pro-Tibet web sites. Thousands have happened since and have been reported, and it's no more likely to end than any other intrusions.

If the US wanted it to stop they'd put up honey pots with credible but artificial data and then wait for it to get used. This is how you catch the intruder and protect the real data at the same time. And the US knows this. This is first semester psyops. Fact is, they're almost certainly doing it, making this announcement utterly meaningless. And it is, unless you stick around for second semester psyops. That's when they teach you how to craft a story that makes such a big splash that something more important but entirely unrelated gets missed.

The present administration rarely hides its efforts along these lines, or Jon Stewart wouldn't have nearly as much material to work with. It's when something is really threatening to them that they work in the grey. Just as a possible for instance, in how many sources can you find this story, and in how many can you find the story of Kucinich's reading of articles of impeachment? And which is the more important story?

When something gets way too much coverage than it deserves, look around and see what's not getting enough. It'll be there because they can't make it go away. All they can do is tie a bell around the media's neck and wait for the sheeple to follow it.

"Taking the gold"? Hardly.

[John Hasler (414242)]

I wouldn't think that cracking the pc of the average Congressman would be all that challenging. A bit of spearphishing and you're in.

Posting as AC for obvious reasons, but

[by Anonymous Coward]

I work at a place that is routinely attacked. As someone else noted there's a load of hackers in china, most script kiddies, but when you work at a nice juicy target you get thousands more hits. Where I work I've watched the hack attempts come in and regardless of other posts saying "Oh, China's actual government would be more careful", most of the time they are pretty brazen, easily traceable and there isn't a damn thing we can do about it. We tried to run it up the chain once and after a lot of complaining we got sat down and told:

"Even if we confront someone from the Chinese government they'll just look at us and deny it."
but we have the logs.
"They'll say we faked them."
but we'll let them pull the logs themselves.
"They'll say that we are staging the attacks to frame the chinese."
I didn't have a response to this.
"We've done this before. Don't feel bad. Everyone who gets assigned to monitoring thinks they will be the first person to prove the chinese government is allowing its employees to target us. You get used to it after a while. Next year come to the import meeting and we'll let you hear how we are obviously setting up insecure servers just to tempt moral citizens to hack us." said the PHB.

George Bush and his crew of incompetence have NOTHING on the chinese when it comes to flat out lying, ignoring evidence, and blaming the target of the attacks.

Encryption?

[dark_requiem (806308)]

I notice the article doesn't mention if any of the data on these computers was encrypted. It's one thing to hack into a Windows desktop. It's quite another to have to break a 1024-bit AES cipher to actually make use of the data you find. This should be (yet another) wakeup call that any data of any importance should be encrypted with a strong cipher. It's not like it's difficult to do, and it's not like the software is expensive (TrueCrypt, anyone?). I encrypt all my personal data, and if it was compromised, worst case scenario my identity might be stolen. These idiots (sorry, that's Representatives...) are storing personal information about political dissidents and refugees. If THAT data is compromised, worst case scenario people get killed, and entire political movements are quashed by force.