America’s National Security Agency (NSA) has long been certain that the United States is under cyber attack by an army of competent Chinese government hackers. But for retaliating to this aggression, Washington is hamstrung – both by not having a smoking gun to prove guilt and by a shortage of worthwhile options for ending the assault.
After an investigation, James Clapper, director of national intelligence, identified China as the "leading suspect." But the Obama administration has not uttered a word either way.
The breach of the Office of Personnel Management (OPM), conducted by hackers linked to China, which was discovered in June and laid bare the identities, images, banking information, home addresses, family relations and confidential and personal particulars of an estimated 20 million US federal employees, is still ongoing.
It laid bare the formidable extent, depth and power of the cyber invasion of the innermost secret core of the US federal computer system against the US government’s inability to fend it off.
Following engineering and intelligence analysis of the damage caused by the OPM invasion, it is estimated that the Advanced Persistent Attack on the agency’s information technology goes back at least two years. Malware was gradually, cunningly and massively spirited into the PCs, servers and routers at the heart of the OPM computer system over a period of years, during which it spread through the length and width of the system. Hostile software infected 85 percent of this infrastructure as sleepers ready at a remote command from control centers believed employed by China to spill a shower of data directly to the hackers.
Chinese hackers avoid treading again on federal toes
The masters of this assault possess superior technological skills.
They are familiar with the American cyber security systems, and have made themselves at home deeply and invisibly inside the OPM’s data base. They own access to all the data on record of the White House staff, intelligence and law enforcement personnel, drug enforcement agents, military manpower and Pentagon officials.
Yet the US administration is hobbled against a showdown with Beijng – partly by lack of proof against the Chinese government – at least, without “burning” intelligence assets. Economic sanctions against China carry the risk of costly counter-measures by Beijing against American exporters, who depend on the Chinese export market for sustaining employment in major US cities.
Then, too, the hackers, or their principals, are extremely wary not to tread too aggressively again on federal toes in Washington. After their spectacular raid of the OPM, they have kept their hands off the computer systems of US intelligence agencies, the armed forces and security services and stuck to stealing from civilian data bases. But here too they are careful. No real damage has been caused in the wake of these invasions: the data bases affected have not been damaged or jammed or sold to the lawless Dark Net – only stealthily robbed.
According to an NSA map, over 600 successful intrusions were conducted by Chinese hackers against American civilian organizations over a period of five years, the most prevalent in major US industrial locations.
No effective US administration counteraction in sight
According to information leaked from discussions held at the White House Monday, Aug. 3, national intelligence chief James Clapper and NSA Director and commander of US Cyber Command Michael Rogers agree on the absolute necessity to raise the stakes of the cyber war waged by China and pursue pro-active, clear and deterrent steps against the culprits waging cyber war on the USA from its soil.
But they have run into a wall of inertia on the part of administration officialdom and profound reluctance to go to any firm lengths against these cyber foes.
Any ideas thrown out from White House and other official quarters to hold China legally accountable for the cyber attacks tend to be wishy-washy or unfeasible, such as criminally indicting suspects of cyber espionage caught working for China from the United States.
This form of retaliation has never had any effect, although criminal charges were filed in six cases last year. Further pursuit would have incurred long-range critical damage to America’s spy networks.
As matters stand today, the US has not been able to come up with a strong, immediate and effective means of countering the cyber war waged against its vital systems and industries.