Connect to share and comment

After two decades of relative peace, security experts caution that internet warfare is all but imminent. GlobalPost examines the skirmishes, defenses, and the "calamitous" threat that a small group of hackers could pose to American cities.

Chinese hacking job
Local residents use the computers at an Internet bar in Beijing on Sept. 8, 2011. (LIU JIN/AFP/Getty Images)

Meet Zhang. He hacks for Beijing.

Hacking may be a threat "akin to a nuclear bomb." But the Chinese behind most attacks see it as a dull office job.

HONG KONG — These days, any conversation about hacking and cyber warfare inevitably has to turn to China.

The People’s Republic is, by just about any measure, home to the world’s most relentless, prolific and successful hackers in the world. More cyber-attack traffic comes from China than any other country: over 40 percent of the world total in the last quarter of 2012, according to a new report by Akamai Technologies (Disclosure: Paul Sagan, Akamai’s executive vice chairman, is one of GlobalPost's investors).

And when it comes to spying, China’s preponderance is even more striking. Verizon estimates that 96 percent of all cyber-espionage intrusions in 2012 had Chinese hackers behind them, possibly making them “the most active source of national and industrial espionage in the world today.” Their alleged targets have ranged from Coca Cola and Google to journalists, human-rights lawyers, air-traffic control systems and the Pentagon.  

To many, hackers are a nuisance who clutter their inboxes with poorly crafted spam, but to the US economy, according to Greg Autry of the Coalition for a Prosperous America, it’s a $400 billion problem. The crisis is so great that the White House has begun speaking out publicly against the attacks.

When chairman of the US Joint Chiefs of Staff Martin Dempsey visited Beijing in April, he discussed the matter with Fang Fenghui, chairman of the People’s Liberation Army General Staff. While Fang denied that China was hacking the US, he stressed the gravity of the issue by saying that cyber-attacks could have consequences “no less serious than a nuclear bomb.”

In early May, the Pentagon upped the tension, explicitly accusing the Chinese government of cyber espionage targeting US government computers. “China is using its computer network exploitation capability to support intelligence collection against the US diplomatic, economic and defense industrial base sectors,” a Pentagon report noted.

Chinese officials have long maintained that Beijing has no connection to cyber-espionage, despite mounting evidence to the contrary. Moreover, they argue — with some justice — that they are also victims of cyber-assault.

But who are the hackers behind this threat? Are they quasi-anarchist mobs like Anonymous? Organized crime rings? Or just tech-savvy kids with too much free time?

The answer, according to several anti-malware researchers consulted for this article, is none of the above.

While many details remain unknown, security experts are convinced that China’s most persistent, diligent hackers are inextricably connected to the military and government.  And though Beijing denies they exist, the hackers’ sloppiness — or indifference — has allowed researchers to uncover some of their individual names and identities.

A spate of new reports and discoveries by cyber security firms paint a strikingly detailed composite portrait of some of the individuals behind these attacks. 

Here’s a guide.

How many are there?

Estimates of the number of state-sponsored hackers in China range from hundreds to thousands, given the volume of sustained attacks and the amount of support staff that would be needed to maintain servers and technical infrastructure.

Joe Stewart, director of malware research at Dell SecureWorks, tracks tens of thousands of websites that have been taken over by Chinese hackers. These websites are used by hackers to communicate with machines infected with their malware.

How sophisticated are they?

“Not very,” says Stewart. Compared to mafia hackers in Russia and the Ukraine, Chinese hackers tend to use simpler techniques, he says, and make less of an effort to cover their tracks.

Their primary tactic for penetrating systems is phishing — sending targets malware-filled emails that pretend to be from a trusted colleague or partner. Though simple, it’s undeniably effective. According to the latest Verizon report, this trick is used in 95 percent of state-sponsored espionage attacks. Chinese actors have become particularly ingenious at crafting plausible-sounding emails and attachments. In fact, after Mandiant released its report tying hackers in Shanghai to the People’s Liberation Army, a fake copy of the report was filled with malware and sent to Japanese reporters.  

“Their tools and techniques are not sophisticated but they are very persistent when it comes to targets,” says Cyb3rsleuth, an India-based anti-malware researcher. “[Chinese hackers] are focused. They are best in the business when it comes to hacking.”

What’s their goal?

Unlike Russian criminal syndicates, Chinese groups are not so interested in your credit-card numbers or PayPal password. Their