Chinese cyberspies have hacked most Washington institutions, experts say

“I’ve yet to come across a network that hasn’t been breached”

From Craig Timberg and Ellen Nakashima, Washington Post:  Start asking security experts which powerful Washington institutions have been penetrated by Chinese cyberspies, and this is the usual answer: almost all of them.

The list of those hacked in recent years includes law firms, think tanks, news organizations, human rights groups, contractors, congressional offices, embassies and federal agencies.

The information compromised by such intrusions, security experts say, would be enough to map how power is exercised in Washington to a remarkably nuanced degree. The only question, they say, is whether the Chinese have the analytical resources to sort through the massive troves of data they steal every day.

“The dark secret is there is no such thing as a secure unclassified network,” said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies, which has been hacked in the past. “Law firms, think tanks, newspapers — if there’s something of interest, you should assume you’ve been penetrated. . . .”

[J]ournalists, lawyers and human rights workers often have access to political actors whose communications could offer insight to Chinese intelligence services eager to understand how Washington works. Hackers often are searching for the unseen forces that might explain how the administration approaches an issue, experts say, with many Chinese officials presuming that reports by think tanks or news organizations are secretly the work of government officials — much as they would be in Beijing.

“They’re trying to make connections between prominent people who work at think tanks, prominent donors that they’ve heard of and how the government makes decisions,” said Dan Blumenthal, director of Asian studies at the American Enterprise Institute, which also has been hacked. “It’s a sophisticated intelligence-gathering effort at trying to make human-network linkages of people in power, whether they be in Congress or the executive branch. . . .”

The former head of cybersecurity investigations for the FBI, Shawn Henry, said his agents used to alert dozens of companies and private institutions about breaches every week, with Chinese hackers the most common suspects.

I’ve yet to come across a network that hasn’t been breached,” said Henry, president of CrowdStrike Services, a security company. “It’s like having an invisible man in your room, going through your filing cabinets.”

The rise of pervasive cyber-espionage has followed broader technological shifts: More and more information is gathered and conveyed online. Rising computing power, meanwhile, has made more of it vulnerable to hackers almost anywhere in the world. This has dramatically lowered the cost of spying — traditionally a labor-intensive pursuit that carries the risk of arrest or worse — and made more institutions viable targets.  (graphic: Brain Track)

Image: brain%20track%203%204%2013%20cyber%20think%20tanks.jpg