Signs Point to China in US Research Facility Hack

The research vessel Knorr operated by Woods Hole Oceanographic Institute and equipped with Office of Naval Research-sponsored ScanEagle unmanned aerial vehicles prepares to get underway in support of Trident Warrior 2013 (TW12).

U.S. Navy photo by John F. Williams

AA Font size + Print

The research vessel Knorr operated by Woods Hole Oceanographic Institute and equipped with Office of Naval Research-sponsored ScanEagle unmanned aerial vehicles prepares to get underway in support of Trident Warrior 2013 (TW12).

Woods Hole Oceanographic Institution sustained a “sophisticated, targeted attack” according to the organization's general counsel.

Tech companies, healthcare giants, defense contractors, top universities, the US government—you name it, Chinese cyber-spies have probably hacked it. And now, it seems likely, we can add one of the world’s preeminent marine research groups to the list.

Woods Hole Oceanographic Institution sustained a “sophisticated, targeted attack” that looks to have originated from China, according to Christopher Land, the organization’s general counsel and leader of its internal investigation.

If the perpetrator is indeed from the People’s Republic, it marks the latest in a series of high-profile hacks that US officials say has resulted in theft of US commercial secrets, potentially sensitive government information, and military data. With the US threatening sanctions, Chinese president Xi Jinping recently vowed not to commit commercial cyber-espionage—a pledge US officials are watching closely for signs of follow-through.

WHOI isn’t a company or a government agency, but given its close ties with the US military and the National Science Foundation, it’s not exactly a regular research institution, either. Its vast cache of research holds data on everything from bowhead whale habitats and plankton to hydrographic surveys and oceanic oxygen levels—as well as classified work WHOI does with the Navy and the US defense department.

The organization’s cyber-security team first noticed suspicious activity in late June of this year. But the breach turns out to have started back in February 2013, based on what Land learned from Mandiant, a cyber-security firm that WHOI brought in to investigate the attacks and help plug the breaches.

The attack bears the hallmarks of an APT group—that stands for “advanced persistent threat,” meaning, a long-term, covert hack—based out of China, according to Mandiant’s report to Land. Though the forensic investigation is still underway, it appears that the hackers focused on data and emails, and not personal information.

So far, there’s no sign that the hackers stole any datasets, Land says, adding that the classified research WHOI does for the Navy and the US defense department was stored on a different network from the one that was breached.

Still, the question remains: If Chinese hackers were rummaging around WHOI, what would they have been looking for? Land declined to speculate, and the breadth of WHOI’s marine-science research makes it hard to narrow things down.

However, the range of China’s commercial and strategic interests in the ocean is no less extensive—and is growing fast. China’s leaders are increasingly intent on making the nation a “maritime power” capable of defending its “maritime rights and interests.”

In June, China’s cabinet broadened the focus of its naval strategy to include not only territorial waters but also “open seas protection.” Meanwhile, a new “Maritime Silk Road” plan is meant to facilitate regional maritime economic development.

China’s high-seas fishing fleet is the planet’s largest (paywall), making international waters a source of increasing strategic importance, according to a recent World Bank report (pdf, p.42). Far to the north, China seems to view the Northern Sea Route—the shipping shortcut to Europe via the Arctic that global warming has helped open up—as a strategic priority. China now boasts the world’s biggest conventionally powered icebreaker (pdf, p.36); a second is under construction. Those will also be of use at the opposite pole—China now has four Antarctic stations and is investing rising sums into research there (paywall).

Then, of course, there are the country’s territorial claims—notably China’s claim to more than four-fifths of the South China Sea, water that teems with valuable fish and is thought to sit atop even more valuable deposits of oil and natural gas.

Interestingly enough, recent reports of a cyber attack on an international court in The Hague came in the midst of a hearing on the Philippines’ contest of China’s South China Sea claim. As you might have guessed, security experts are saying the attack came from China.

Close [ x ] More from DefenseOne