CINCINNATI (TDB) -- BusinessWeek's cover story today is about China and cyber attacks, or as the magazine describes it in a newly coined word, "e-spionage." But the kicker, perhaps, is an e-mail from the Chinese government to my old reporting partner at The Cleveland Plain Dealer, Keith Epstein. China's government "strongly" suggested on April 9 that he should not have written the story as it "only would serve the purposes of some anti-China forces." The e-mail -- reprinted in full below -- also says China does not engage in cyber warfare and its national defense policy is "unswervingly" non-aggressive:
"From: Wang Baodong
Sent Cc: Tschang, Chi-Chu
Subject: RESPONSE ON CYBER SPACE
Dear Mr. Epstein,
As I told you over phone, I read your questionnaire carefully, and I'm very much concerned about the purpose of your story—if it targets China and is aimed at fanning up a "China cyber threat", I would strongly suggest that you do not do such stories as this would only serve the purpose of some anti-China forces, and is not conducive to increasing mutual understanding and friendship between the Chinese and American peoples.
After saying that, I should say that the Chinese government has on various occasions expounded its position on this global issue of cyber intrusion or hacking. The Chinese Government always opposes and forbids any cyber crimes including "hacking" that undermine the security of computer networks. Chinese laws and regulations are explicit in this regard.
As it is, China's cyber space and internet systems are frequently intruded and attacked by hackers from certain countries. As a victim of hacking attacks, China attaches great importance to cracking down on various cyber crimes including hacking activities.
China follows a path of peaceful development, and unswervingly adopts a national defense policy which is defensive in nature. China would never do anything to harm sovereignty or security of other countries. In conformity with such national policies, the Chinese government has never employed, nor will it employ so-called civilian hackers in collecting information or intelligence of other countries. Allegations against China in this respect are totally unwarranted, which only reflect the dark mentality of certain people who always regard China as a threat. Of course, there are some other people who are misled into believing that China is engaged in hacking activities, which is more than wrong.
China enjoys good cooperation with many countries in counter-cyber crimes, and is willing to enhance communication and collaboration in this field on the basis of mutual respect and objectivity. China hopes that, through joint international effort, cyber space will become more tranquil, harmonious and more effective in facilitating the welfare of the whole human being.
Thank you very much. Please drop me a line to confirm the receipt of this email.
Wang Baodong Press Counselor & Spokesperson Of the Chinese Embassy to the United States"
The BusinessWeek story goes on to note that a conservative think tank in Washington, The American Enterprise Institute, was hacked from China. The White House and the Defense Department both had to sever access:
"A previously undisclosed breach in the autumn of 2005 at the American Enterprise Institute—a conservative think tank whose former officials and corporate executive board members are closely connected to the Bush Administration—proved so nettlesome that the White House shut off aides' access to the Web site for more than six months, says a cyber security specialist familiar with the incident. The Defense Dept. shut the door for even longer. Computer security investigators, one of whom spoke with BusinessWeek, identified the culprit: a few lines of Java script buried in AEI's home page, www.aei.org, that activated as soon as someone visited the site. The script secretly redirected the user's computer to another server that attempted to load malware. The malware, in turn, sent information from the visitor's hard drive to a server in China. But the security specialist says cyber sleuths couldn't get rid of the intruder. After each deletion, the furtive code would reappear. AEI says otherwise—except for a brief accidental recurrence caused by its own network personnel in August, 2007, the devious Java script did not return and was not difficult to eradicate. "