The chairman of the House of Representatives intelligence committee on Tuesday accused China of widespread cyber economic espionage and said many U.S. firms were afraid to come forward for fear their computers would be the targets of even more attacks.
China's economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy, Republican Representative Mike Rogers said at a committee hearing on cybersecurity.
Beijing is waging a massive trade war on us all, and we should band together to pressure them to stop, he said in some of the strongest public accusations by a U.S. official on Chinese government involvement in cyber espionage.
The senior Democrat on the intelligence committee, Representative C.A. Dutch Ruppersberger, agreed. We basically feel very strongly ... that we are being attacked in an aggressive way by China, possibly Russia, other countries, he said.
Internet giant Google partially pulled out of China last year after concerns of censorship and a hacking episode that it said originated from China.
A growing list of firms have faced cyber attacks, including Sony, Lockheed Martin and Citigroup Inc.. But it is often unclear where the hacking originated.
Rogers said companies that reported cyber attacks were just the tip of the iceberg.
There are more companies that have been hit that won't talk about it in the press, for fear of provoking further Chinese attacks, he said.
Behind closed doors, however, companies describe attacks that originate in China, he said.
While U.S. officials and firms point the finger at China for many cyber attacks, China says it is one of the world's biggest victims of hacking.
Former CIA Director Michael Hayden told the committee that the odds were greater of China quickly developing effective defenses to cyber attacks than the United States doing so, in part because China's political culture is so different.
Attributing this espionage isn't easy, but talk to any private sector cyber analyst, and they will tell you there is little doubt that this is a massive campaign being conducted by the Chinese government, Rogers said.
NATION STATE PRIME SUSPECT
The representative of a company targeted by a recent cyber attack told the intelligence committee that it must have been committed by a nation state -- but did not name it.
Our conclusion, especially in our discussions with law enforcement, is that this could not have been perpetrated by anyone other than a nation state, said Arthur Coviello Jr., executive chairman of EMC Corp's RSA security division.
Another witness, Kevin Mandia, told lawmakers that so much data was being taken from companies that the infrastructure involved had to be large and the activity was likely condoned by a nation state. Mandia is the chief executive officer of Mandiant, which helps companies respond to cyber attacks.
He said generally two regions were involved in cyber attacks: Eastern Europe and the Asia Pacific.
The Eastern Europeans, generally it feels criminally motivated, it's to make money the short way. The Asia-Pacific intrusions seem to be more low and slow, very sophisticated, very persistent, harder to remediate. And we do see commonalities between those attacks, Mandia said.
After the hearing Rogers told reporters he was very concerned about plans by General Electric to have a joint venture with a Chinese aviation company, given the (Chinese) track record on intellectual property theft.
(Additional reporting by Tabassum Zakaria; Editing by Xavier Briand)