Edward Snowden, in an interview with the Guardian explaining his decision to leak top secret NSA programs to the media, suggested that the U.S. is incorrect and perhaps dishonest to assert that Chinese hacking crosses a line that the U.S. doesn't. Here's the snip from his interview:
Q: What do the leaked documents reveal?
A: "That the NSA routinely lies in response to congressional inquiries about the scope of surveillance in America. I believe that when [senator Ron] Wyden and [senator Mark] Udall asked about the scale of this, they [the NSA] said it did not have the tools to provide an answer. We do have the tools and I have maps showing where people have been scrutinised most. We collect more digital communications from America than we do from the Russians."
Q: What about the Obama administration's protests about hacking by China?
A: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world. We are not at war with these countries."
An initial Guardian story on the leaks, released before Snowden had been named, seemed to underscore this idea. The story paraphrased "an intelligence source" as arguing that "the U.S. complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information."
Cyber security experts certainly seem willing to accept the proposition that the U.S. is conducting its own cyber espionage within China. "My feeling would be, there is no doubt, even before the weekend's revelations, that NSA conducted espionage against China," the Council on Foreign Relations' Adam Segal told National Journal.
But are Chinese and American hacking really as equivalent as Snowden suggests? It's certainly possible but, based on the information he released in his leaks, U.S. cyber espionage does not appear to cross the same lines and with the same frequency as does China.
The two U.S. programs we learned about from Snowden's revelations are (1) Boundless Information, which allows the NSA to examine huge amounts of communication metadata around the world to look for trends, and (2) a secret list of potential targets abroad to hack as a way to preempt some threat against the U.S.
As National Journal's Brian Fung notes, China has repeatedly claimed it has a "mountain of data" proving that a number of cyber attacks against Chinese targets originate from U.S. IP addresses. But these are often unsophisticated DNS attacks – overwhelming a server with lots of load requests – that are a nuisance but cause little actual damage.
Meanwhile, here are the Chinese hacking efforts within the U.S. that we know about:
(1) Infiltrating almost every powerful institution in Washington, D.C., including law firms, think tanks, human rights groups, congressional offices, embassies and federal agencies;
(2) Breaking into major news organizations (imagine Beijing's reaction if they caught the Pentagon hacking the People's Daily);
(3) Stealing sensitive military technology, including missile defense;
(5) Breaking into the e-mail accounts of human rights workers, journalists and other civilian groups;
(6) Stealing so much intellectual property that China's hacking has been called the "greatest transfer of wealth in history."
It's both possible and even plausible that the U.S. could be conducting cyber espionage within China that meets or even exceeds China's efforts. The Obama administration's joint program with Israel to sabotage Iran's nuclear program with a virus called Stuxnet might just be the tip of the iceberg. But Snowden's leaks do not seem to demonstrate that American cyber espionage is near on par with China's when it comes to hacking into civilian and government systems in foreign countries.