E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: PC World

Posted on February 15, 2010

Even since reports emerged about Chinese cyber-attacks on several companies, including Google, the media has been full of stories accusing none other than the Chinese government (or its agents) of the dirty deed. For those of us inside the computer security industry, there's nothing new about suspecting the Chinese government of malicious hacking. What's missing in this case, however, is evidence, and until that proof materializes, I refuse to point the finger at Beijing.

I'll readily admit that the Chinese government has a dubious track record when it comes to malicious hacking. The first public allegation of Chinese military hacking was back in 2005 with the Titan Rain project. Today, we have many well-documented cases of hacking originating from China (just use an Internet search engine to be overwhelmed). There are plenty of public whitepapers about Chinese government hacking programs. Among the most recent respected papers are Northtrop Grumman's "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation," and the 2009 "U.S.-China Economic and Security Review" report to Congress.

Moreover, I'm personally familiar with many cases where government and military secrets have been hacked and sent to Chinese-originated IP addresses. It's the world I have lived in for the past two to three years. Chinese hacking of government and military information is rampant.

But, I've yet to see a shred of evidence that the Chinese government is involved in any of these incidents!

Let me clear here that I am speaking on behalf of myself, not my employer or any company I've consulted. Also, let me say that I haven't had access to classified data on the issue.

Additionally, I'm not defending China for such actions as blocking free access to any information (with the notable and understandable exceptions of child pornography, classified information, etc.). I can't understand any society tolerating filtered search queries. Moreover, I certainly believe that the Chinese government is capable of sophisticated hacking. I even believe it's likely that the Chinese government would engage in that sort of activity.

But again: What I don't see is any evidence, and without publicly disclosed evidence linking the Chinese government to the crime, I don't see how anyone can justify throwing strong accusations at said government.

Admittedly, I have lots of friends who have better access to classified data, and they assure me that we do have the evidence to pin the rap on China. But to be honest, I'm not really sure if I believe them. If we did have the evidence, why wouldn't we share it? What possible reason would a person, company, or government agency have for not publicly disclosing irrefutable evidence of Chinese government hacking in the face of their strong protestations to the contrary?

I've heard lots of interesting defenses, ranging from "we wouldn't want to make the Chinese government mad" (which is strange considering nothing would make me madder than unsubstantiated accusations on the world stage), to "nation state hackers never, ever, leave hacking trails" (I've never known any government or hacker to do anything perfectly) to "revealing the evidence would reveal our intelligence methods and sources." I can't believe that not one bit of evidence can be revealed to answer the Chinese government's protestations of false accusations.

Most of my friends assume I'm lost in some na•ve "innocent until proven guilty" mentality. They say that absolute proof of Chinese government hacking will never come out, that the best we can do is present overwhelming circumstantial evidence that the Chinese government have committed the crime. To be honest, I've never been overly impressed with cases decided by purely circumstantial-evidence. I'm certainly not ready to use it to pass judgment on an entire country.

Suppose for a moment that the Chinese hacking is completely (or even mostly) perpetrated by private Chinese citizens. Certainly this is just as plausible of a scenario, and we have proof of this one in the form of originating IP addresses and other published evidence. By not acting stronger to decrease cybercrime, is the Chinese government somehow responsible for it? I ask here because I truly do not know. I know of other countries that seem to knowingly encourage cyber-hacking through neglectful law setting. But I've not heard of China put into the same category.

Is the Chinese government overly neglectful in cybercrime law or enforcement? Or, as I suspect, is the Chinese government just not doing a super job at it, like my own government? I mean, we passed the CAN-SPAM Act in 2003, yet since then, spam has escalated to the point that it constitutes more e-mail traffic than does legitimate email. We also certainly have dozens of state and federal laws against cybercrime, yet millions of our citizens fall victim to exploits and malicious hacking each year. We prosecute almost no one (for a variety of reasons).

The bottom line here for me is, until I see irrefutable evidence that the Chinese government has knowingly involved in sponsoring foreign cyber-hacking, I can't help but presume the government is innocent of this particular wrongdoing. Too many falsely accused people, companies, and even countries have been found innocent of the early charges in a fully functioning, open justice system for me to think otherwise.

And if someone has evidence, why not release it to end the debate? Until then, I'm going to suspect that China has the same problem as all the other countries around the world in controlling malicious hacking by its citizens. ?? (Zai jian, "good-bye" in Mandarin)

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.