From: Bloomberg/BusinessWeek
By Chris Strohm
China-based hackers may target Internet-based e-mail, data storage and other services provided overseas by such companies as Microsoft Corp. (MSFT:US) to spy on the U.S., a congressional commission found.
The Chinese government wages “a large-scale cyber espionage campaign” and “has successfully targeted the networks of U.S. government and private organizations,” the U.S.-China Economic and Security Review Commission concludes in its annual report to Congress released yesterday.
The commission for the first time said cloud computing, which connects Internet services, “represents a potential espionage threat.” The report fails to cite any examples of the Chinese government using the technology in attacks.
“Our focus has been on making sure that Defense Department or State Department data, or other government information, is secure,” William Reinsch, chairman of the commission, told reporters before the report’s release. “To the extent those entities use the cloud as well, we think that they need to get a better grip on who’s actually providing their services and where their data is going.”
President Barack Obama’s administration and lawmakers have used diplomacy and a public shaming campaign to pressure Beijing to stop cyber-attacks that are estimated to cost the U.S. economy as much as $300 billion a year. Their efforts have been overshadowed by revelations since June that the National Security Agency (0053520D:US) eavesdropped on foreign leaders, hacked into the private networks of Google Inc. (GOOG:US) and Yahoo! Inc. (YHOO:US) abroad and spied on Americans and foreigners without warrants.
China Connection
China’s Ministry of State Security, which is the country’s main foreign intelligence collection agency, is “closely connected” to a special cloud-computing zone in the city of Chongqing, the commission wrote. That represents a threat “to foreign companies that might use cloud-computing services provided from the zone or base operations there,” it concluded.
The only U.S. cloud provider singled out in the report as a possible risk for hacks sponsored by the Chinese government was Microsoft because the Redmond, Washington-based company has licensed its products to 21Vianet Group Inc. (VNET:US), a Beijing-based company selling online data center services.
The commission on Nov. 19 backed away from that assertion, saying in a statement it had “been informed of new information and will be reaching out to all involved parties to determine what impact, if any, this has on the findings.”
“If we inadvertently included incorrect information, we will make corrections as appropriate,” according to the statement.
Microsoft Deal
The commission based its conclusions about cloud computing on a Sept. 5 report called Red Cloud Rising that it commissioned from a private U.S. intelligence and security company, Defense Group Inc., based in Vienna, Virginia.
The company was given incorrect information by Microsoft about its relationship with 21Vianet when it wrote the September report, Leigh Ann Ragland, one of the authors, said in an e-mail on Nov. 19. She said the company was contacting the commission to correct the report’s language.
Leave a Reply