March 11, 2013 10:53 pm

US urges China to crack down on hacking

The White House has called on China to take “serious steps” to stop extensive hacking of US companies and to start negotiating international rules for behaviour in cyberspace.

Thomas Donilon, the White House national security adviser, said on Monday that incidents of hacking of US companies coming from China were reaching “an unprecedented scale” and that the issue was becoming a challenge to the economic relationship between the two countries.

Mr Donilon’s remarks in a speech in New York about US strategy in Asia were the latest effort by the Obama administration to increase the pressure on Beijing over hacking amid rising political anger in Washington.

“The international community cannot afford to tolerate such activity from any country,” said Mr Donilon. “US businesses are speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions from China.”

His comments follow recent reports of Chinese hacking on the New York Times and other leading newspapers, as well as high-profile research from a US security company which for the first time linked extensive cyberattacks on US businesses to a specific unit of the Chinese military in Shanghai.

They come as politicians are beginning to seriously debate what tools the US might have to punish Chinese hackers. Measures being discussed include sanctions on specific companies and denying visas to individuals linked to hacking.

The growing discussion about cyber espionage could become an increasingly delicate issue for the Obama administration. It is under pressure to show it is pushing back against China, but does not want the issue to dominate US-China relations.

In response to the rising tide of criticism from the US, China is also calling for more international “rules and co-operation” on cyber espionage issues, said Yang Jiechi, China’s foreign minister.

Mr Yang rejected the accusations in a recent report by Mandiant about the involvement of the Chinese military in hacking. “Anyone who tries to fabricate or piece together a sensational story to serve their political motive will not be able to blacken the name of others or whitewash themselves,” he said at the weekend.

In a new report to be published on Tuesday, Mandiant said that US companies were becoming better at dealing with cyber threats, but that hackers were also becoming more sophisticated.

Hackers realise that they will have less time until they are detected, so they are going directly to IT administrators in order to get the keys to the kingdom

- Grady Summers, vice-presiden, Mandiant

Mandiant said that the client discovered the intrusion in 37 per cent of cases it dealt with in 2012, against only 6 per cent in the previous year. The average time that attackers were present in the victims’ network also fell from 416 days in 2011 to 243 days.

However, hackers were responding to better security by targeting individuals in companies who would have the passwords and codes for accessing the entire network. “Hackers realise that they will have less time until they are detected, so they are going directly to IT administrators in order to get the keys to the kingdom,” said Grady Summers, vice-president at Mandiant.

Hackers were also increasingly focusing on third-party companies that handle outsourced contracts for businesses in areas such as finance and procurement in order to find easier ways into the systems of targets.

While defence and energy companies have long been favourites for hackers, Mandiant said there had been increased activity last year directed at media, pharmaceuticals and finance companies.

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from FT.com and redistribute by email or post to the web.

NEWS BY EMAIL

Sign up for email briefings to stay up to date on topics you are interested in

SHARE THIS QUOTE