While it’s well known that China and the US are tied for the most hacked countries of all, it turns out that the real master hacker might be China. According to the National Security Agency’s (NSA) director Mike McConnell, China has been at the helm of many US security breaches. McConnell talked about China’s role during a speech at the University of Missouri in March 2015, stating that Chinese hackers have access to malware that lets them tap and take key information from a number of US businesses. A May 2014 indictment which claimed Chinese hackers were stealing data from a steel plan, nuclear power plant and solar energy company in the US is what first tipped off this China hacking scheme to many US citizens.
McConnell says, “The Chinese have penetrated every major corporation of any consequence in the United States and taken information. We’ve never, ever not found Chinese malware.” To date, “Chinese hackers” have been cited for a number of major US data breaches including the August 2014 Community Health Systems medical records breach which impacted millions of patients. At the end of 2014, China allegedly hacked into the USPS system which made 800 million employees vulnerable. While these numbers are massive, McConnell cautions that the full impact of such breaches might not be fully understood for years.
This isn’t a random, rag tag team of hackers that happen to be from China creating these kinds of breaches. According to McConnell, the Chinese government actually employs full fledged hackers, and during the Bush Administration the number was around 100,000. For comparison, that’s about how many US spies the US has. McConnell has claimed China is committed to getting US “planning information for advanced concepts, windmills, automobiles, airplanes, space ships, manufacturing design and software.” The Chinese culture as a whole has an interesting relationship and history with “cheating”, considering the education system is rife with it—and it often isn’t considered “stealing” or “cheating” in those environments.
“Several hacking experts who consult companies on cybersecurity backed up the idea that Chinese hacking is widespread,” says McConnell. “But they doubt every single major US company has been broken into by Chinese government operatives. For example, since 2012, consulting firm EY has found evidence that China hacked into several well-known companies, including a major US medical research facility that conducts clinical trials and a large heavy equipment manufacturer. But EY consultant Chip Tsantes said the Chinese haven’t burglarized every firm.”
It seems clear another area where the Chinese are likely excelling is with data mining, regardless of how they got that data. It’s also unclear exactly what they’re doing with the stolen information. It’s possible that the data might be discarded or stored in a veritable dust-laden “storage room” never to be looked at again if it’s not beneficial to Chinese plans. Tsantes told McConnell that, “I can’t say that’s true for every single one (of the US businesses). If that was true, the Chinese would have the formula for Coke, and they don’t.” Of course, the Coke recipe might not be piquing the interest of the Chinese government right now.
What is the US doing about this situation? There’s already a proposal being considered post- China hacking of numerous IT companies such as Apple and Cisco. There are also new bank regulations which demand that Chinese banks dealing with tech products classify 75 percent as “secure and controllable” by the time 2019 rolls around.