China’s Internet espionage capabilities are deeper and more widely dispersed than the U.S. indictment of five army officers last week suggests, former top government officials say, extending to a sprawling hacking-industrial complex that shields the Chinese government but also sometimes backfires on Beijing.
Some of the most sophisticated intruders observed by U.S. officials and private-sector security firms work as hackers for hire and at makeshift defense contractors, not the government, and aren’t among those named in the indictment. In recent years, engineers from this crowd have broken into servers at Google Inc., Lockheed Martin Corp. and top cybersecurity companies, former U.S. officials and security researchers alleged.
The Chinese have often told their U.S. counterparts they don’t condone hacking but also that they can’t police what they don’t control, according to former U.S. officials. While it is possible Beijing makes this claim simply as an excuse for inaction—given its strict control of domestic Internet traffic—experts in the field, including former U.S. officials, say the Chinese hacking landscape is chaotic and hard to follow.
This structure brings “a political gain to being able to say ‘we can’t control all attacks,’ ” said Adam Segal, a China and cybersecurity scholar at the Council on Foreign Relations in New York. “But I think there is a cost when hackers go after targets that are too sensitive or get involved in a crisis and the government can’t control the signaling.”
Sometimes freelancers appear to take orders from the military, at other times from state-owned firms seeking a competitive advantage, U.S. security firms say. It remains unclear how exactly those orders are given, security researchers said.