China outraged by US cyberspying fingering
'Well, I never!' – indignant Chinese official
China is none too impressed with being fingered by the US as a major source of cyber espionage.
The Office of the National Counterintelligence Executive (ONCIX) reported to Congress yesterday that both China and Russia were home to spies who hacked into US government and business networks to get access to its economic super-secrets.
The report did admit that just because an attack had come from an IP address within a country didn't mean you could necessarily say that country was responsible, but the naming and shaming nonetheless annoyed Beijing.
A Chinese Foreign Ministry spokesman scorned the report in a daily news briefing today and said China wanted to help with cyber-security as much as the next country.
"Online attacks are notable for spanning national borders and being anonymous. Identifying the attackers without carrying out a comprehensive investigation and making inferences about the attackers is both unprofessional and irresponsible," Hong Lei said, according to a Reuters report.
"I hope the international community can abandon prejudice and work hard with China to maintain online security," Hong added.
According to the report, "US corporations and cyber-security specialists" have reported an "onslaught of computer network intrusions originating from IP addresses in China", and they often allege that Chinese companies or the government are behind these attacks.
However, it acknowledges that the "intelligence community has not been able to attribute many of these private sector data breaches to a state sponsor", often because the incident isn't reported until ages after it has happened. ®
The Chinese hacked the PC this report was created
and publicly denounced it's findings before it was official unveiled
If you'd actually bothered to read even the report's table of contents...
You'd have quickly seen that it's a narrowly-scoped report which deals specifically with economic secrets leaking from the US to other countries. It's not about individual countries and governments being responsible for hacking, but about loss of information of economic value from the US.
Hacking between US entities is outside the scope of this particular report because the information remains within the country. Hacking of foreign entities by US entities is out of scope because it would result in information gain, not loss.
So that's why they're not mentioned (and should not be) in this specific report.
I think it's fair to assume that all the attacks coming from Chinese IP addresses are sponsored by the Russian secret service, and all the attacks coming from Russian IP addresses are sponsored by the Chinese secret service. Maybe.