Turning from its previous Indian suspicions, reports have emerged suggesting US authorities now suspect China as the culprit behind a recent cyber attack targeting commission employees' emails.
The hack, which was originally believed to have been mounted by India's "spy service," targeted the email database of the U.S.-China Economic and Security Review Commission - the commission that monitors relations between the US and China.
News of the hack surfaced earlier in January after a "hacktivist" group claiming to operate in India published what appeared to be a memo from an Indian Military Intelligence unit containing extracts from commission emails.
Originally, taking the hacktivists at their word, the attack was believed to have originated from India. However, according to Reuters, a number of unnamed government sources have confirmed that the US authorities now believes the attack to have stemmed from China.
Following the change in suspect, Reuters went on to report that as opposed to the commission itself, the hackers' main target was in fact he US non-governmental pro-trade group called the National Foreign Trade Council (NFTC).
"A large proportion of the raw email traffic downloaded by the hackers consists of messages to and from Reinsch at his NFTC email address. Many of the emails were spam, but some related to the work of the commission, which was set up by Congress to take a critical look at a wide range of U.S. dealings with China," read the Reuters report.
Reuters went on to report that an unnamed Chinese representative had sent a statement denying the allegations. "Hacking is a common problem faced by the international community, and all related parties, with a professional and cooperative spirit, should jointly tackle the problem and avoid groundless criticism and speculation," Reuters reported a Chinese government spokesman as commenting.
Following up China's initial statement, analysts were quick to note that the US' alleged suspicions would be entirely constant with it and China's shaky cyber relations. "There have been plenty of accusations thrown at China of hacking computers in the West before, so it's not surprising to see them being blamed for this hack too." commented Sophos senior technology consultant Graham Cluley to the International Business Times UK.
Despite its consistent claims of innocence, China has found itself faced by numerous accusations of cyber espionage. Most recently the Chinese government was suspected of involvement in numerous high-profile hacks and cyber attacks including the infamous Operation Shady RAT.
Most recently, as reported by The Wall Street Journal, the U.S. Chamber of Commerce allegedly fell victim to a Chinese cyber-attack in 2010. The report went on to allege that the hackers were able to access information about the institution's operations and three million members.
Citing a number of unidentified sources "familiar with the matter" The Wall Street Journal reported that, though the operation had been discovered and "shutdown" in May 2010, the amount and nature of the data compromised in the hack remains unknown.
Despite the lack of confirmed information, the Wall Street Journal went on to report that its sources had clarified U.S. authorities were working under the assumption the attack stemmed from a group with ties to the Chinese government.
Prior to this China was believed to have been behind Operation Shady RAT. McAfee uncovered the alleged Shady RAT network intrusions after researchers stumbled upon logs of the attacks while reviewing a command and control server found during its 2009 investigation into defense company data breaches.
In its subsequent report McAfee highlighted its belief that the intrusions were part of an ongoing campaign going back at least five-years, perpetrated by a "state actor."
The laundry list of victims included the United States, Taiwanese, Indian, South Korean, Vietnamese and Canadian governments. Although McAfee declined to name which foreign power was responsible for the campaign, the word 'China' was quickly on the tip of most security firms and news outlet's tongues.
Despite the widespread suspicions, as noted by Cluley, verifying whether or not the Chinese government enacting the attacks is next to impossible.
"What is very *hard* to prove, however, is who is responsible for a particular attack. Things are made even more complicated by the fact that hackers can use compromised computers around the world to launch their attacks. In other words, you may find a computer in China is accessing your server, but it's hard to tell whether the Chinese computer itself is under the control of, say, someone in Belgium," commented Cluley.
Later adding that even if China is enacting ongoing cyber espionage missions, it's most likely not the only government doing so.
"And it's even harder to tell if an attack is sponsored by an army or intelligence unit rather than a hacker working alone. I don't think we should be naive. I'm sure China does use the internet to spy on other countries. But I'm equally sure that just about *every* country around the world is using the internet to spy. Why wouldn't they? It's not very hard, and it's certainly cost effective compared to other types of espionage," said Cluley.
At the time of writing the Chinese London Embassy had not responded to the International Business Times UK's requests for comment.