Obama to press Xi on cyber attacks

In January 2010, when Google accused Chinese hackers of infiltrating its network to track emails of human rights activists, the Obama administration didn’t disclose what U.S. diplomats in Beijing believed: China’s Politburo had directed the attack.

Today the White House no longer shies from publicly accusing Beijing of launching a sophisticated range of cyber attacks on U.S. computer networks to steal corporate and government secrets -- including those of naval propulsion systems and gas pipeline technology -- worth billions of dollars.

The dispute will take center stage when President Obama meets China’s new president, Xi Jinping, on Friday for a two-day informal summit at the Sunnylands retreat in Rancho Mirage. White House aides say Obama will call for Beijing to take strong action against cyber attacks originating from its soil.

Obama has elevated cyber security to rank with economic and defense issues as a “constant focus” in relations with China, a White House official said. The flood of digital break-ins “threatens to damage U.S.-China relations, as well as potentially damage the international economy and China’s reputation.”


The official, who spoke on condition of anonymity in briefing reporters, said every nation has “a responsibility to seriously investigate what may be happening within its own borders, including its virtual cyber borders, and make best efforts to put a stop to activities.”

Washington and Beijing agreed in April to hold high-level talks to try to set international rules for cyber security. Aides said Obama and Xi will discuss the agenda for the first meeting of the so-called cyber working group on the sidelines of an Asian economic summit in July.

Despite the diplomatic effort, U.S. officials have made no secret of their anger about the continuing cyber assaults. The name-and-shame campaign hasn’t persuaded Chinese leaders to halt the daily barrage of hacking, including those from a secretive military unit in Shanghai that allegedly has stolen data from scores of U.S. companies.

In the latest broadside, Defense Secretary Chuck Hagel said at a high-level security conference in Singapore on Saturday that cyber attacks against American businesses “appear to be tied to the Chinese government and military.”


China has largely denied responsibility, or argued that it is the victim, not the instigator, of such attacks. No one has provided “hard evidence” of Chinese involvement in cyber intrusions, said Cui Tiankai, Beijing’s new ambassador in Washington.

“A huge number of Chinese computers, Chinese companies, and Chinese government agencies have also been attacked by hackers,” he told Foreign Affairs magazine in May, according to a transcript posted on the Chinese Embassy website. “If we trace these attacks, maybe some of them, or even most of them, would come from the United States.”

That same month, Beijing reacted angrily when the Pentagon issued a report that accused the Chinese government and military of trying to steal secrets from U.S. federal agencies.

“As we all know, the United States is the real ‘hacking empire,’ ” said a commentary in the People’s Daily, a Communist Party newspaper.


Led by the National Security Agency, the U.S. government is a prolific practitioner of cyber espionage around the globe. But official U.S. cyber spies are supposed to focus only on national security concerns, such as nuclear development in Iran or arms shipments to Syria, and not on the digital looting of corporations to help American businesses.

In China, in contrast, most large industries are owned by the state or by the military, so going after foreign trade secrets and intellectual property is considered fair game, analysts say.

“The problem is we’re not talking about the same things,” said Adam Segal, an expert on China and cyber security at the nonpartisan Brookings Institution. “We’re trying to make a distinction between cyber economic espionage and normal political-military espionage. The Chinese don’t make that same distinction.”

Google was the first major company to publicly accuse China of a vast cyber intrusion. The company blamed the Chinese military for a 2009 attack that also reportedly targeted Adobe Systems, Yahoo, Symantec, Northrop Grumman, Morgan Stanley and Dow Chemical. According to a State Department cable obtained by the WikiLeaks anti-secrecy website, U.S. diplomats in Beijing were told that Politburo Standing Committee members oversaw the attacks, but Obama administration officials never said so publicly.


In 2011, reports by Dmitri Alperovitch, a researcher who was then at the software company McAfee, documented what he said were China-based cyber attacks against oil, energy and other companies since 2006.

In February this year, a Virginia-based computer security firm, Mandiant Corp., said it had traced attacks against 141 U.S. and Canadian companies to a Shanghai office building that housed a clandestine computer hacking unit run by the Chinese military.

The extent of the problem is difficult to gauge. Many U.S. companies are reluctant to publicly acknowledge loss of trade secrets. In some cases, sensitive data are secretly copied from servers but not removed so that the theft goes undetected. In others, computer networks are bombarded with requests and crashed from afar in so-called denial-of-service attacks, causing costly damage.

This year, Obama signed an executive order that calls for better information sharing on cyber threats and improved security practices by the government and the private sector. The administration also has called on Congress to pass legislation that allows higher standards for cyber security.


Others have recommended barring known foreign hackers from visiting or freezing their U.S. assets, among other efforts to penalize digital thefts from abroad. But analysts say such measures are unlikely to win support, in part because they could trigger costly retaliatory steps from China.

“You can only go so far with such an important trading partner,” said Irving Lachow, a technology expert at the nonprofit Center for a New American Security in Washington. “The U.S. can clearly indicate that it’s unhappy. That may buy a little bit of a reprieve. But I don’t think the U.S. government alone can do enough.”



Bengali reported from Washington and Dilanian from Brussels and Singapore.