NSA cyber spying on China not a surprise, but it's not ho-hum, either

NSA chief says leaks about US cyber spying on China, and techniques for doing it, will impair intelligence-gathering. Others play that down, saying the more significant hit will be to relations with China and to US global work on behalf of a free and open Internet. 

Demonstrators hold signs and a picture of Edward Snowden outside the Consulate General of the United States in Hong Kong Thursday, as they urge the US government to pardon the 29-year-old former contractor and to apologize for their use of surveillance programs.

Kin Cheung/AP

June 14, 2013

International relations and leadership on global Internet policy, not US cyberespionage capability, are what will be compromised most as a result of revelations that the United States spies on computers used by civilians in Hong Kong and China

That's the bottom line of several cyberespionage experts asked to assess the damage from Edward Snowden's most recent disclosures about the secret activities of the US government's National Security Agency (NSA). Mr. Snowden, a former NSA contractor and a self-described whistleblower, outlined for a Hong Kong newspaper this week how the NSA hacks into the Internet's "backbone" routers – the data traffic cops of the information superhighway – to spy on nonmilitary computer users in China. 

Few seemed surprised by the allegations (probably not even the Chinese), but the NSA chief insisted that the leak caused "great harm" and will in fact impair the agency's cyberintelligence-gathering ability.

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

That's not, however, what tops the list of concerns for many experts on global spying. The long-term and more serious impact, they say, could be to weaken the US position in ongoing global talks on the future of the Internet, including free speech, taxation, privacy, and cybersecurity policies. The US hopes to gain international support for its stance that nation states should not spy on their citizens – a position that China, Russia, and some other nations oppose.

“The US wants to rally the rest of world behind it for a free and open Internet – and it could have pointed the finger at China and Russia,” says Jonathan Logan, an independent network security consultant in Europe who has written extensively on global cyberspying. “But this has fundamentally changed now because we now can see that the US doesn’t have clean hands on cyberespionage.”

Snowden leaked what appear to be top-secret NSA documents that show the agency targets China for cybersurveillance, including monitoring data streams flowing through Hong Kong. 

“We [the NSA] hack network backbones – like huge Internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one,” Snowden told the South China Morning Post, according to the newspaper's story published Wednesday. Snowden is in Hong Kong, awaiting expected US criminal charges for leaking classified documents.

Among those targeted, Snowden said, is The Chinese University of Hong Kong, along with Hong Kong businesses, public officials, and students. Documents purport to show, too, that NSA hacking is directed at targets in mainland China, although the newspaper said it could not confirm their authenticity.

Snowden said the documents reveal the agency has been hacking computers in mainland China and Hong Kong since 2009. They show, he said, specific dates and IP addresses of computers in Hong Kong and on mainland China hacked by the NSA over a four-year period – all civilian computers that show no sign of being affiliated with Chinese military systems.

"I don't know what specific information they were looking for on these machines, only that using technical exploits to gain unauthorized access to civilian machines is a violation of law. It's ethically dubious," Snowden said in the South China Morning Post interview published Friday.

Snowden also claimed that the NSA has conducted more than 61,000 hacking operations worldwide, according to Wednesday editions of the South China Morning Post. He disclosed the information, he said, to show “the hypocrisy of the US government when it claims that it does not target civilian infrastructure, unlike its adversaries.”

"The primary issue of public importance to Hong Kong and mainland China should be that the NSA is illegally seizing the communications of tens of millions of individuals without any individualized suspicion of wrongdoing," Snowden elaborated in the Morning Post interview that appeared Friday online. "They simply steal everything so they can search for any topics of interest."

Such revelations come on the heels of talks earlier this month between President Obama and China's President Xi Jinping that focused in part on US concerns about Chinese cyberespionage directed at US businesses. A new US-China cyber working group is expected to urge China to curb its cyberespionage against American businesses and US critical infrastructure. But the US delegation may now find its job much tougher, cyber policy experts say.

“Current leaks are certainly untimely from a US political perspective,” says Mr. Logan. “It certainly puts a big dent in the US position in these new US-China talks on cyberespionage."

Others, however, suggest that US cyberspy tradecraft will sustain a hit at least as severe as that to diplomatic relations.

“The [diplomatic] damage is pretty limited, as most countries assumed we were doing this and many of them do it themselves,” writes James Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. “The damage to [intelligence] collection may take years to rebuild; the damage to the US international position is limited, since no one was surprised.”

The technical details that Snowden divulged concerning the router hacks mean the US ability to conduct cyberespionage using that particular tactic could be lost, or least crimped.

"Great harm has already been done by opening this up," Gen. Keith Alexander, chief of the NSA and head of US Cyber Command, told members of the Senate Appropriations Committee Thursday. "There is no doubt in my mind that we will lose capabilities as a result of this."

Some cyberespionage experts, however, say the NSA's bag of tricks is deep – so the damage to cyberintelligence-gathering may be overstated.

“Look, the NSA has a lot of cyber capability globally, so while this single revelation gives the agency a bruise, no doubt, it doesn’t damage the agency that greatly,” says John Bumgarner, a cyberweapons expert and former intelligence officer who has done work for the NSA. “During the 1970s, the NSA had damaging leaks, but they still kept growing. The NSA has been harvesting information like this for a long time, and will for a long time into the future.”

Logan concurs. “The NSA employs several thousand pretty skilled hackers,” he says. “So I don’t think these disclosures really change that much for them –or for China. The only one that’s wiser after all this is the public at large.”