[Congressional Record Volume 153, Number 133 (Monday, September 10, 2007)]
[House]
[Pages H10323-H10324]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                CHINESE CYBER SPIES--AN EMERGING THREAT

  Mr. STEARNS. Madam Speaker, my colleagues, the control of information 
is critical to national security. This asset was compromised as 
reported in the London Times AP story in the Washington Post recently, 
last week. It was compromised from a cyber attack against the 
Department of Defense's unclassified e-mail system, which included the 
e-mail accounts of Defense Secretary Robert Gates. While the Pentagon 
does not have sufficient proof to formally make an accusation, China is 
the prime suspect. The responsibility is unclear, because China is home 
to many insecure computers and networks that hackers in other computers 
could use to simply disguise their locations and launch these attacks, 
making proper attribution difficult.
  The Chinese Government replied, ``It has always opposed any Internet 
wrecking crime, including hacking, and crack down on it according to 
their law.'' This is not true. Last June was not the first cyber attack 
that points back towards China. In 2005, a group with ties to China 
compromised secure networks from the Redstone Arsenal Military Base, to 
NASA, to the World Bank. In one case, the hackers stole flight planning 
software from the Army. The files they have obtained are not 
classified, but many are strategically important enough to require U.S. 
Government licenses for foreign use.
  Experts note China's military has openly discussed using cyber 
attacks as a means of defeating a more powerful conventional military 
such as ours. In fact, other governments have also been the targets of 
these vicious cyber attacks. Unidentified officials in Germany and 
Britain reported to the media that government and military networks had 
been broken into by hackers backed by the Chinese Army. The Guardian 
reported that Chinese attackers launched online assaults on the network 
in Britain's Parliament, the Foreign Office, and Defense Ministry. My 
colleagues, last month the German weekly Der Spiegel also reported that 
computers at the chancellery and three ministries had been infected 
with so-called Trojan horse programs, which allowed an attacker to spy 
on information in those computers. The report, which appears on the eve 
of German Chancellor Merkel's visit to Beijing, said Germany's domestic 
intelligence agency believed hackers associated with the Chinese Army 
might have been behind the attacks. Motives for such hacking may range 
from the stealing of secrets or confidential technology to probing for 
system weaknesses and placing hidden viruses that could be activated in 
case of a conflict.
  The reported Pentagon attack was the most flagrant and brazen to 
date, said Alex Neill, an expert on the Chinese military at London's 
Royal United Services Institute. Quoted by the British newspaper, The 
Guardian, Neill said such attacks begin at least 4 years ago, and are 
increasing at an alarming rate.
  Now, this is a substantial threat to the security of the United 
States and its allies. In January 2005, Japanese officials had reported 
that Chinese hackers were routinely attacking web sites and Internet 
services. According to the Korean Information Security Agency, a total 
of 10,628 cases of hacking were reported in the first half of the year 
2004, 30 times higher than for the same period in 2003. In 2005, 
Chinese hackers assaulted South Korean government computers, gaining 
access to information concerning the country's National Assembly, 
Atomic Energy Research Institute, Democratic Progressive Party, and 
even the itinerary of the South Korean president himself.
  Whether or not cyber attacks are government sponsored, China has 
become a growing focus of global antihacking efforts. In a report 
earlier this year, security software maker Symantec Corporation listed 
China as having the world's second largest amount of computer activity. 
Experts say the attacks originating in China often employ standard 
weaponry such as Trojan horses and worms, and many other sophisticated 
techniques. In some cases, hackers slip in after launching viruses to 
distract monitors, or coordinate multiple attacks for

[[Page H10324]]

maximum effects. China denies backing such attacks, and foreign 
governments have declined to openly accuse Beijing. Yet, after the 
threatening test of the Chinese anti-satellite weapon, the reports are 
further illustrations of China's pursuit of new methods of 
unconventional strategy. Chinese military thinkers frequently debate 
these strategies, including the use of attacks on satellites, financial 
system and computer networks. ``In the information age, the influence 
exerted by a nuclear bomb is perhaps less than the influence exerted by 
a hacker,'' a pair of Chinese colonels wrote in a key 1999 work on 
asymmetrical strategies titled Unlimited Warfare.
  We must ensure the legal authority is clear for our government 
agencies in tracking and responding to cyber attacks. It is vital that 
we swiftly detect attacks, accurately identify the source and intent, 
and respond forcefully against all malicious intrusions.
  My colleagues, our enemy needs to know attacking our cyber space is 
the same as attacking our homeland, and we will respond accordingly.

                          ____________________