US panel warned of economic and national security threat posed by Chinese hackers

PUBLISHED : Tuesday, 16 June, 2015, 5:56pm
UPDATED : Tuesday, 16 June, 2015, 6:07pm

Cyberespionage by hackers linked to China poses a severe threat to companies in the United States, as well as a risk to national security, a US congressional panel heard on Monday.

Speaking at a hearing called by the US-China Economic and Security Review Commission, experts outlined to lawmakers how Chinese hackers have targeted US companies to steal intellectual property and trade secrets. 

"The Chinese government has engaged in a systematic programme of commercial cyber espionage designed to advance [its] economic and industrial goals," said Paul Tiao, a partner at Washington DC-based law firm Hunton and Williams who specialises in cybersecurity issues. 

Hacking groups tied to China’s People's Liberation Army are "systematically stealing vast stores of intellectual property, business sensitive information, and personal information from US companies,” he added. 

In May 2014, the US Department of Justice officially indicted five senior PLA officials on charges of commercial cyberespionage. It accused them of hacking into a number of American companies, including nuclear power company Westinghouse and renewable energy firm SolarWorld. 

The targeting of companies focusing on nuclear and renewables is common, one witness told the panel, as China seeks to diversify its energy supply and reduce its reliance on coal in a bid to tackle endemic pollution issues. 

READ MORE: Chinese hackers ‘target US defence, finance firms’ after Forbes cyberattack

"Breakthrough renewable technologies are all but guaranteed to top Beijing's list of technology acquisition priorities," said Jen Weedon, threat intelligence manager at cybersecurity firm FireEye. 

This week, the White House said that hackers linked to China had gained access to sensitive background information submitted by intelligence and military personnel for security clearance purposes, following an attack on the Office of Personnel Management.

"If the Chinese have done half of the things attributed to them by cybersecurity companies, the Federal government, and private individuals like myself, they are the most active cyber thieves in the world," said Dennis Poindexter, author of The Chinese Information War.

Beijing has consistently denied accusations that it engages in cyberespionage or hacking.

Speaking at a regular press briefing on Monday, China's foreign ministry spokesman Lu Kang refused to comment on "rumours" regarding the OPM attack. 

Instead, Lu pointed the finger at the US. He referenced Edward Snowden’s leaks of National Security Agency information, which exposed widespread US government surveillance of foreign nationals and US citizens. 

READ MORE: US cybersecurity firm claims to be 'first' to successfully stop Chinese hackers mid-attack

Lu urged Washington to answer the relevant accusations directed at it "before groundlessly blaming others".

Meanwhile, commission members expressed frustration at the lack of action being taken by US authorities to deter future attacks. 

"Apparently, we are naked in the face of Chinese cyber espionage," said commissioner Jeffrey Fielder. 

"If we can't defend against it and we're unwilling to offensively come up with a game plan, we're cooked." 

In April, president Barack Obama issued an executive order declaring a national emergency due to the threat posed by cyber attacks. 

The order empowers the US Treasury to use financial sanctions against foreign actors who threaten critical infrastructure, seek to seal financial data or trade secrets, or launch denial-of-service (DOS) attacks. 

Last week, Obama vowed to boost US cyber defenses in response to the growing threat from China. 

"This is not a technical problem, it is a political one," said Poindexter.