U.S.-China tensions have risen recently over suspicions of Chinese nationals infiltrating U.S. company computer systems. In late May, the U.S. Justice Department accused five Chinese military officers of allegedly hacking several U.S. companies, marking the first time the Obama administration has publicly accused China of cyber spying. The indictments came amid a string of U.S. security breaches tied to hackers in China. Here are some of the most notable cyber security breaches tied to China from the last several years.
How a Chinese National Gained Access to Arizona’s Terror Center
ProPublica and The Center for Investigative Reporting, August 2014
Lizhong Fan worked for five months at the Arizona Terrorism Center with access to sensitive information on 5 million Arizona drivers — then disappeared without a trace. U.S. officials still don’t know exactly what data he took back to China. We explore how the computer engineer was allowed to work at “one of the best-run and most effective” intelligence facilities in the U.S. without the standard security vetting.
Chinese Hackers Pursue Key Data on U.S. Workers
New York Times, July 2014
Unnamed U.S. officials told the New York Times that Chinese hackers breached computer networks of the Office of Personnel Management, which manages data for federal employees in March 2014. The Times noted the attack was “particularly disturbing” because the agency oversees a system containing employees’ sensitive financial information. Four months after the attack, a spokeswoman for the Obama Administration said that no personally identifiable information had been compromised.
China’s Cyberspies Outwit Model for Bond’s Q
Bloomberg Businessweek, September 2013
Defense contractor QinetiQ, which has developed drones, satellites and software used by the U.S. military, found its research had been compromised over the course of three years by members of a Chinese military hacking unit (Businessweek has a timeline of events). “We found traces of the intruders in many of their divisions and across most of their product lines,” Christopher Day, who was hired twice by QinetiQ to investigate the intrusions. “There was virtually no place we looked where we didn’t find them.”
Chinese Army Unit Is Seen as Tied to Hacking Against U.S.
New York Times, February 2013
A Shanghai-based hacking group tied to the People’s Liberation Army in China has orchestrated more than 140 attacks on U.S. companies including Coca-Cola and Lockheed Martin, according to a 60-page study on the group by security firm Mandiant. Embassy officials denied that China’s government was involved with hacking, and an official with the Chinese Ministry of Foreign Affairs called the allegations “unprofessional.” But Rep. Mike Rogers (R-Mich.) told the Times said Mandiant’s findings were “completely consistent with the type of activity the Intelligence Committee has been seeing for some time.” The story features a graphic breakdown of the types of industries apparently targeted by the hacking collective over time.
Hackers in China Attacked The Times for Last 4 Months
New York Times, January 2013
The Times reported that Chinese hackers allegedly infiltrated their networks over four months, beginning in September 2012, setting up back doors to user computers and eventually obtaining access to usernames and passwords for every Times employee. The initial breach coincided with the newspaper’s publication of a story about the relatives of Chinese prime minister Wen Jiabao.
According to the Times, Bloomberg News computers were targeted (though not breached) under similar circumstances in 2012. After the Times report, the Wall Street Journal and The Washington Post also reported having been targeted by suspected Chinese hackers.
Chinese Hackers Hit U.S. Chamber
The Wall Street Journal, December 2011
A group of hackers in China compromised computer networks at the U.S. Chamber of Commerce, according to the WSJ. Chamber officials told the newspaper “internal investigators found evidence that hackers had focused on four Chamber employees who worked on Asia policy, and that six weeks of their email had been stolen.” The “complex operation” was detected and shut down in May 2010, the newspaper reported.