IMF cyber attacks signal new spying era

We don't know who hacked into the International Monetary Fund or whether they got away with anything.

But within weeks, the Pentagon is to announce plans to treat some cyber attacks as an act of war.

A Pentagon spokesman said at the beginning of this month: "A response to a cyber-incident or attack on the US would not necessarily be a cyber-response. All appropriate options would be on the table."

When it comes to sophisticated attacks many think the finger points in one direction: towards China.

I've just stumbled across a fascinating US government report, external on the problem. OK, it's a couple of years old. But I've never read it before so there's a chance some of you might have missed it as well.

It argues that many recent intrusions must be by a state because they are beyond the capability of any criminal enterprise. Moreover, criminals would have not use for the sort of information nicked.

The report is by the US-China Economic and Security Review Commission, external and details more than a decade of China's probable involvement in cyber attacks.

Part of their argument is that the People's Liberation Army would use cyber warfare to knock out an enemy's communications, intelligence and logistics operation before any conventional act of aggression.

China going to war is perhaps a remote possibility. But the report claims they are already masters of high-tech spying. In the old days they would have to have a carefully cultivated agent, an American motivated by money, ideology or blackmail, in place to steal sensitive information. Micro cameras and all that jazz.

Not these days. An innocent employee opens a dodgy e-mail about a real conference he or she is going to, and hey presto, the backdoor to their computer is wide open to a foreign power. One case study of a real event, heavily disguised in the report, claims that a huge amount of information was taken in a matter of hours.

Once access is achieved by one team, another team takes over to plunder the information. They target particular files selected in advance rather than just take everything they can.

The report finds that it is likely China is "conducting a long-term sophisticated, computer network exploitation campaign" against US government and industry characterised by "disciplined, standardised operations, sophisticated techniques, access to high-end software development resources, a deep knowledge of the targeted networks..."

It is fascinating stuff. But it makes me eager for another report, perhaps written by the Chinese, spelling out what the UK and the US are up to and how far they go in cyber-spying.