China syndromeU.S. research universities subject to sustained cyberattack campaign by China

For more than a decade now, Chinese government agencies have been engaged in a broad and sustained cyberattack campaign against U.S. government agencies, private companies, and U.S. critical infrastructure.

The goal of the first two components of the Chinese government’s cyber campaign – attacks on U.S. government agencies and private companies – is to steal intellectual property and industrial secrets (from weapon designs to chemical formulas) and give them to Chinese companies to copy and produce. This will save Chinese companies billions of dollars in research, and years of testing, thus smoothing and accelerating China’s path to a position of global economic and military hegemony.

The purpose of attacks on U.S. critical infrastructure – attacks accompanied by leaving behind Manchurian Candidate-like “sleeper malware,” to be activated when needed – aims to give China the ability to disrupt, even paralyze, key sectors of the U.S. economy if a direct conflict erupts between the two countries.

China’s has now added a fourth component to its relentless cyber campaign against the United States: cyberattacks on leading U.S. research universities.

The New York Times reports that leading U.S. research universities have been subject to millions of hacking attempts weekly. University officials acknowledge that they often learn of break-ins only much later, if ever, and that even after discovering the breaches they may not be able to tell what was taken.

The Chinese are aware that universities, and the professors who do research under the schools’ auspices, receive thousands of patents each year in areas such as prescription drugs, computer chips, fuel cells, aircraft, medical devices, food production, and more.

“The attacks are increasing exponentially, and so is the sophistication, and I think it’s outpaced our ability to respond,” said Rodney Petersen, who heads the cybersecurity program at Educause, a nonprofit alliance of schools and technology companies, told the Times. “So everyone’s investing a lot more resources in detecting this, so we learn of even more incidents we wouldn’t have known about before.”

Analysts note that hackers, in order to make it difficult, if not impossible, to track them and identify where they are located, often route their hacking attempts by using a daisy chain of computers located in multiple countries. U.S. government officials, security experts, and university and corporate officials, however, say that China is clearly the leading source of efforts to steal information.

David Shaw, chief information security officer at Purdue University, noted that the growing hacking threat may force research universities to reconsider their open academic style and the structure of their computer networks. “A university environment is very different from a corporation or a government agency, because of the kind of openness and free flow of information you’re trying to promote,” he told the Times. “The researchers want to collaborate with others, inside and outside the university, and to share their discoveries.”

James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS), said that a growing number of schools, emulating the practices of leading technology companies, no longer allow their professors to take laptops and smartphones to certain countries. “There are some countries, including China, where the minute you connect to a network, everything will be copied, or something will be planted on your computer in hopes that you’ll take that computer back home and connect to your home network, and then they’re in there,” he said. “Academics aren’t used to thinking that way.”

Many do not have an appreciation of the magnitude of the Chinese hacking campaign. Bill Mellon of the University of Wisconsin told the Times he was stunned by the sheer volume of hacking attempts. “We get 90,000 to 100,000 attempts per day, from China alone, to penetrate our system,” Mellon said. “There are also a lot from Russia, and recently a lot from Vietnam, but it’s primarily China.”

The Chinese government-sponsored cyberattacks on American research universities are an expansion of efforts by China to steal information that has commercial, political, or national security value. The Times reported in January that a 60-page report by security company Mandiant offered incontrovertible evidence of the Chinese government agencies’ orchestration of this hacking campaign.