Think tanks hit by hackers from China, other nations

Chuck Raasch and Kevin Johnson, USA TODAY | USATODAY

American think tanks are key targets in a "furious wave of cyber-espionage" aimed at U.S. government and business by China and other countries, according to the chairman of the House Intelligence Committee.

Rep. Mike Rogers, R-Mich., told USA TODAY that the hacking is part of a campaign by China and other nations to obtain valuable information on a number of fronts, from policy deliberations and pending litigation to national defense and private product development.

Think tanks provide important research, strategy and support on policy formulation for U.S. leaders in the White House, Pentagon, Congress, State Department and federal agencies. Their ranks of scholars are populated by former and potentially future government officials.

Shawn Henry, the FBI's former top cybersecurity official, said overall cyberattack complaints reported to U.S. authorities were increasing by 20% annually. He said that think tanks, consulting organizations and law firms -- all of which play roles in shaping U.S. policy and strategy -- have long been prized targets of foreign espionage operations.

"These organizations aggregate very valuable data, and that's exactly the kind of information that foreign intelligence services are looking for," said Henry, who left the FBI this year. "Over the past two years, attacks have increased at a substantial rate."

Said Rogers: "The scope of this is breathtaking."

James Andrew Lewis, a senior fellow and director of technology and public policy at the Center for Strategic and International Studies, said that during the transition to the Obama administration in 2008 and 2009 some people moving from think tanks and the private sector into the administration had their e-mail accounts hacked. He said the hackers were looking for information to help build profiles on those who were about to serve in the government.

"If you know a person is going into DoD (Department of Defense) and they are right now working on a crummy unclassified system, that is a great target," Lewis said.

He said his organization, a non-partisan think tank on international affairs, recently had password troubles that he blamed on hackers. "This is fairly routine; it goes through waves," he said.

Lewis said hackers often are "looking for disruption, just making it hard for the place to do business."

He said many of the intrusions are traced to China, either government or "proxies" such as "patriotic hackers" urged on by the government.

Repeated attempts to contact the Chinese Embassy for a response were unsuccessful. After The Wall Street Journal published a story about suspected Chinese hacking of the U.S. Chamber of Commerce last December, Chinese Embassy spokesman Geng Shuang said his country was also a "major victim of hacker attacks" from abroad.

"The Chinese government would like to work with other countries, including the U.S., to explore effective ways to combat cyberattack and protect cybersecurity based on the principle of equality in accordance with Chinese law," Shuang said in a statement then.

The FBI declined comment.

Mike Gonzalez, spokesman for the conservative Heritage Foundation, said his organization had determined that an attack it fended off most likely came from China. He would not say when it happened except that "it was not 10 years ago."

"We dealt with it when we had it, quickly and efficiently," Gonzalez said. Think tanks sometimes consult with each other on such threats, he said.

The Center for American Progress is populated with scholars with ties to the Obama and Clinton administrations and to Democrats on Capitol Hill.

"While we don't comment on any specific incidents, we are continually vigilant about our security and are regularly targeted in cyberattacks that originate both inside and outside the U.S.," said Andrea Purse, the think tank's vice president of communications.

Henry, the ex-FBI cyberofficial who is now a private consultant, said that "vulnerabilities across the network are significant.

"Most major organizations have been infiltrated. The value of data is such that it just makes sense for our adversaries to get involved. There are dozens of countries involved, not just China."

He said the federal government has been working "very hard to combat the problem" but that "the breadth and depth of this is so large that the government doesn't have the capacity" to fully confront the threat.

Follow Chuck Raasch on Twitter @craasch