Chinese cyberspies have hacked most Washington institutions, experts say

Not long after the Wall Street Journal reported last month that its systems had been infiltrated, the chief executive of its parent company, Rupert Murdoch, tweeted, “Chinese still hacking us, or were over the weekend.” The New York Times and The Washington Post have also reported being victims of cyber-intrusions probably conducted by the Chinese.

The former head of cybersecurity investigations for the FBI, Shawn Henry, said his agents used to alert dozens of companies and private institutions about breaches every week, with Chinese hackers the most common suspects.

“I’ve yet to come across a network that hasn’t been breached,” said Henry, president of CrowdStrike Services, a security company. “It’s like having an invisible man in your room, going through your filing cabinets.”

The rise of pervasive cyber-
espionage has followed broader technological shifts: More and more information is gathered and conveyed online. Rising computing power, meanwhile, has made more of it vulnerable to hackers almost anywhere in the world. This has dramatically lowered the cost of spying — traditionally a labor-intensive pursuit that carries the risk of arrest or worse — and made more institutions viable targets.

The Chinese government has consistently denied having the kind of aggressive cyber-espionage campaign often described by Western officials and security experts, calling such allegations ­irresponsible and unsupported by evidence.

This week, Chinese officials disputed a report by Mandiant, an Alexandria-based security company, detailing the Chinese military unit allegedly responsible for stealing hundreds of terabytes of data from 141 organizations in 20 industries in the United States and around the world.

But official Washington expresses little doubt about the source of the problem. “The Chinese government’s direct role in cybertheft is rampant, and the problems have grown exponentially,” said Rep Mike Rogers (R-Mich.), chairman of the House Intelligence Committee. “It is crucial that the administration begin bilateral discussions to ensure that Beijing understands that there are consequences for state-sponsored economic espionage.”

‘Spearphishing’ at The Post

The reported hack into The Post’s computer systems happened in a typical way: An employee fell for what experts call a “spearphishing” scam, hitting a bogus link that downloaded a ­malicious program, infecting the company’s information-technology server, said people familiar with the incident who spoke on the condition of anonymity to discuss details not released publicly by the company. (Post Co. officials have confirmed the hack only in general terms.)

That initial intrusion, which happened in 2009, allowed the hackers to gain access to The Post’s directory of user names, passwords and computers that use Windows-based operating systems. People with knowledge of the infiltration said the company learned of it when Mandiant discovered the breach in 2011.

The Post hired Mandiant to expel the hackers and installed advanced monitoring systems to prevent a recurrence. Experts say it’s difficult for any company to know definitively what information hackers steal while they have access to computer systems — especially if the theft happened months or years before it was discovered.