James Fallows, “Update on Backups, Passwords, and Chinese Hacking,” The Atlantic, 26 August 2011.
… As for the “smoking cursor” video from the Chinese military that appears to show them in the middle of launching a hacking attack on U.S. sites, I encourage you to follow Andrew S. Erickson’s ongoing reports and analyses, which go into this in very great depth and are based on original Chinese-language sources. Here is the most comprehensive one, by Erickson and Gabriel Collins, in PDF form.
They explain what there is to worry about — and also the reasons to think that the video now getting so much attention is at least ten years old. Nonetheless:
>>However modest, ambiguous–and, from China’s perspective, defensive–this is possibly the first direct piece of visual evidence from an official Chinese government source to undermine Beijing’s official claims never to engage in overseas hacking of any kind for government purposes. Clearly, Washington and Beijing have much to discuss candidly here if they are to avoid dangerous strategic tension.<< …
For full text of the report referenced and quoted here, see Andrew Erickson and Gabe Collins, “A Smoking Cursor? New Window Opens on China’s Potential Cyberwarfare Development: CCTV 7 program raises new questions about Beijing’s support for hacking,” China SignPost™ (洞察中国), No. 46 (24 August 2011).
Also, the U.S. Department of Defense has just released the following content regarding PRC cyberwarfare capabilities:
Cyberwarfare Capabilities. In 2010, numerous computer systems around the world, including those owned by the U.S. Government, were the target of intrusions, some of which appear to have originated within the PRC. These intrusions were focused on exfiltrating information. Although this alone is a serious concern, the accesses and skills required for these intrusions are similar to those necessary to conduct computer network attacks. China’s 2010 Defense White Paper notes China’s own concern over foreign cyberwarfare efforts and highlighted the importance of cyber-security in China’s national defense.
Cyberwarfare capabilities could serve PRC military operations in three key areas. First and foremost, they allow data collection through exfiltration. Second, they can be employed to constrain an adversary’s actions or slow response time by targeting network-based logistics, communications, and commercial activities. Third, they can serve as a force multiplier when coupled with kinetic attacks during times of crisis or conflict.
Developing capabilities for cyberwarfare is consistent with authoritative PLA military writings. Two military doctrinal writings, Science of Strategy, and Science of Campaigns identify information warfare (IW) as integral to achieving information superiority and an effective means for countering a stronger foe. Although neither document identifies the specific criteria for employing computer network attack against an adversary, both advocate developing capabilities to compete in this medium.
The Science of Strategy and Science of Campaigns detail the effectiveness of IW and computer network operations in conflicts and advocate targeting adversary command and control and logistics networks to impact their ability to operate during the early stages of conflict. As the Science of Strategy explains, “In the information war, the command and control system is the heart of information collection, control, and application on the battlefield. It is also the nerve center of the entire battlefield.”
In parallel with its military preparations, China has increased diplomatic engagement and advocacy in multilateral and international forums where cyber issues are discussed and debated. Beijing’s agenda is frequently in line with the Russian Federation’s efforts to promote more international control over cyber activities. China has not yet agreed with the U.S. position that existing mechanisms, such as International Humanitarian Law and the Law of Armed Conflict, apply in cyberspace. China’s thinking in this area is evolving as it becomes more engaged.