China, United States Hold Secret Cyber Talks

Talks resume as Senate report reveals military hacking against U.S. logistics contractors

• September 25, 2014 1:00 pm


Chinese officials held closed-door talks in Washington last week with U.S. cyber security counterparts despite Beijing’s formal cutoff of talks on the subject following the federal indictment of Chinese military hackers.

"We exchanged views with Chinese counterparts on cyber issues in Washington last week," a State Department official confirmed, adding, "We do not read out the contents of our private diplomatic exchanges."

The cyber talks were held as the Senate Armed Services Committee revealed in a declassified report last week that Chinese military hackers conducted cyber attacks against at least 20 U.S. Transportation Command contractors as part of plans for cyber attacks aimed at disrupting U.S. military operations in a future conflict. "Cyber intrusions into operationally critical contractors pose a threat to defense operations," the report concluded.

The committee report, once labeled "Secret/Noforn," said between June 2012 and May 2013, foreign hackers conducted 50 attacks on Transcom contractor networks, including 20 traced to China.

Chinese military hackers obtained emails, documents, user accounts, passwords, and computer source code from the contractors. A commercial ship used for military transport also was hacked by the Chinese military.

A third case involved a Chinese military "spear-phishing" email campaign against a Transcom contractor airline.

Some 90 percent of U.S. military transport, both air and sea, travels through Transcom contractors.

The Senate report quoted an earlier Defense Science Board warning of the impact of cyber attacks against logistics networks: "U.S. guns, missiles, and bombs may not fire, or may be directed against our own troops," and "resupply, including food, water, ammunition, and fuel may not arrive when or where needed."

The State Department official said the cyber talks were held despite China’s suspension of formal talks under a joint U.S.-China Cyber Working Group. "We regularly take opportunities to discuss our concerns and exchange views with Chinese officials about cyber issues in a variety of channels," the official said.

"We remain committed to expanding our cooperation with the Chinese government on cyber matters where we have common ground and to candidly and constructively address differences," the officials said.

The official did not disclose the participants in the talks, but they included officials of the State Department and National Security Council staff. No Pentagon cyber officials took part, a defense official said.

The cyber talks also took place amid preparations for President Obama’s scheduled meeting with Chinese President Xi Jinping in Beijing during the Asia Pacific Economic Cooperation meeting scheduled for Nov. 10 and 11.

White House National Security Adviser Susan Rice traveled to Beijing earlier this month as part of the preparations for the talks. Chinese leaders demanded that the U.S. military halt all surveillance flights of Chinese coasts.

Relations between Washington and Beijing remain strained over the recent aerial intercept of a U.S. Navy P-8 anti-submarine warfare aircraft by a Chinese Su-27 jet the Pentagon described as "dangerous" and "unprofessional."

The Chinese jet flew within 20 feet of the P-8 and conducted several aggressive maneuvers in front and over the aircraft in an apparent effort to drive the jet out of the South China Sea region.

China denied its pilot acted unprofessionally. The Pentagon, however, said if dangerous aerial intercepts in international airspace continue, it will prompt a re-evaluation of military exchanges with China.

The cyber talks included discussion of the federal grand jury indictment issued May 1 against five People’s Liberation Army (PLA) hackers who were charged with cyber attacks against U.S. companies and a labor union.

The hackers are part of a secret PLA military hacking group called Unit 61398 that engaged in economic espionage against the American entities. Those hit by the military cyber attacks included Westinghouse Electric Co., SolarWorld AG, United States Steel Corp., Allegheny Technologies Inc., Alcoa, and the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial, and Service Workers International Union.

China, as it has since charges of military cyber attacks surfaced more than a decade ago, denied its military personnel conducted any cyber attacks and demanded the United States rescind the indictment.

Former State Department official John Tkacik questioned the utility of the recent cyber talks.

"There is literally nothing useful that the United States can get out of cyber ‘exchanges’ with China that will enhance our cyber security," said Tkacik, China affairs specialist.

"The only thing the Chinese want to know is how the U.S. managed to identify five individual PLA warrior-hackers last spring so they can make sure it doesn't happen again – to them," Tkacik added.

Additionally, Chinese authorities last week cracked down on Google business activities in China as part of a campaign of tightened Internet controls. Microsoft also was targeted in the campaign, the New York Times reported.

"China's eagerness for cyber exchanges is driven exclusively by Beijing's strategic goal of information hegemony, and the sad thing is few American companies understand it – with the notable exception of Google itself," Tkacik said.

In August, John Carlin, a senior Justice Department national security prosecutor, said the Chinese has asked the U.S. government to provide evidence of the PLA hacking.

"We heard directly from the Chinese who said, ‘If you have evidence, hard evidence that we’re committing this type of activity that you can prove in court, show us.’ So we did," Carlin said during remarks to a security conference in Aspen, Colo.

The indictment against the PLA hackers is part of a new approach to dealing with cyber attacks. "From our perspective we have to apply the same type of approach that we did to terrorism to the national security cyber threat," he said.

Carlin said the case of the five PLA hackers revealed that Unit 61398 activity was "cutting across the span of different American businesses—nuclear to solar, to steel to labor."

"We will continue to increase the cost of committing this type of activity on American soil where it is occurring, where they are taking the information, until it stops," Carlin said.

Asked if Adm. Samuel Locklear, commander of the U.S. Pacific Command, will limit military exchanges with China in light of the Senate report on PLA hacking defense transportation contractors, spokesman Capt. Chris Sims suggested it would not.

"In the cyber world there are a lot of bad actors," Locklear said, in comments related by Sims. "It's not just China, but specifically, since we look at this, we've known for some time that there has been state-sponsored activity to try to look at and to try to get into defense contractors and then to work that backwards to try to either develop an advantage or to better understand any vulnerabilities that we may have."

Locklear said the U.S. military has "a considerable advantage, compared to the rest of the main actors in the world and that our advantage is only going to increase as we put these capabilities in place."

Disclosure of the cyber talks also comes as new military intelligence reports revealed that a Chinese telecommunications firm linked to the PLA sold U.S.-origin telecommunications equipment to Cuba in apparent violation of U.S. sanctions.

The company, Huawei Technologies, sold U.S. modems, routers, and switches for Cuba’s networks.

A House Permanent Select Committee on Intelligence report in 2012 identified Huawei as a cyber espionage risk and warned U.S. companies not to purchase its equipment over concerns the gear includes "back doors" that allow remote access.

China, for its part, has used disclosures of National Security Agency documents made public through renegade contractor Edward Snowden, to accuse the United States of cyber espionage against Huawei.

NSA documents revealed that the agency penetrated Huawei networks and equipment as a means of spying on governments that use Huawei equipment.

Top-secret briefing slides revealed by Britain’s Guardian show that NSA uses its access to Huawei telecom gear to spy on hard-target countries, such as China, Pakistan, Iran, and others, through cyber penetrations of Huawei equipment used in those countries.

"Many of our targets communicate over Huawei produced products. We want to make sure that we know how to exploit these products—we also want to ensure that we retain access to these communication lines, etc.," one top-secret NSA slide states.

"There is also concern that Huawei’s widespread infrastructure will provide the PRC with [signals intelligence] capabilities and enable them to perform denial of service type attacks."

Chinese Embassy spokesman Geng Shuang did not return emails seeking comment.

Published under: China, Cyber Security