This story first appeared on NBCNews.com.
The U.S. secretly traced a massive cyberespionage operation against the 2008 presidential campaigns of Barack Obama and John McCain to hacking units backed by the People’s Republic of China, prompting high level warnings to Chinese officials to stop such activities, U.S. intelligence officials tell NBC News.
The disclosure on the eve of a two-day summit between the U.S. and Chinese presidents highlights what has become a persistent source of tension between the two global powers: Beijing’s aggressive, orchestrated campaign to pierce America’s national security armor at any weak point – in this case the computers and laptops of top campaign aides and advisers who received high-level briefings.
The goal of the campaign intrusion, according to the officials: to export massive amounts of internal data from both campaigns—including internal position papers and private emails of key advisers in both camps.
“Based on everything I know, this was a case of political cyberespionage by the Chinese government against the two American political parties,” said Dennis Blair, who served as President Obama’s director of national intelligence in 2009 and 2010. “They were looking for positions on China, surprises that might be rolled out by campaigns against China.”
The intrusion into the campaigns’ computer networks and subsequent efforts to penetrate them were highly sophisticated and continued for months after they were first detected by the FBI in the summer of 2008, according to the officials and an Obama campaign security consultant hired to thwart them. The intrusions and some details of what was targeted have been previously reported, but not publicly attributed to government-backed Chinese hackers.
Obama publicly referred to the attacks – in general terms – at a May 29, 2009, White House event announcing a new cybersecurity policy. “Hackers gained access to emails and a range of campaign files, from policy position papers to travel plans,” he said then.
But neither the president nor his top aides publicly spoke about the identity of the hackers, or the depth and gravity of the attack.
Officials and former campaign officials now acknowledge to NBC News that the security breach was far more serious than has been publicly known, involving the potential compromise of a large number of internal files. And, in one case, it included the apparent theft of private correspondence from McCain to the president of Taiwan.
Cyberattacks by the Chinese are expected to be at the top of the president’s agenda this weekend. U.S. officials say that such intrusions – many of them traced to a unit of the People’s Republic of China in Shanghai – have gotten even more brazen since the 2008 campaign.
“There’s been successful exfiltration of data from government agencies (by the Chinese) up and down Pennsylvania Avenue,” said Shawn Henry, who headed up the FBI’s probe of the 2008 attacks as the bureau’s chief of cyberinvestigations. He is now president of Crowdstrike, a computer security firm.
David Plouffe, Obama campaign manager, vividly recalls getting a phone call from Josh Bolton, then President George W. Bush’s chief of staff, in the middle of August 2008 alerting him to the intrusion and that the FBI was investigating the attack. “He said we have reason to believe that your campaign system has been penetrated by a foreign entity,” Plouffe said in an interview.
Within days, the campaign dispatched a computer security team from Kroll Advisory Solutions to Chicago to cleanse the campaign’s infected computers — including the laptops of senior staffers.
In retrospect, the attack seems simple. It was delivered by a “phishing” email – outlining the “agenda” for an upcoming meeting — that circulated among top staffers and contained a zip file attachment with “malware,” a hidden malicious virus.
But it was no ordinary virus, said Alan Brill, the senior managing director of Kroll Solutions. The malware was “as sophisticated as anything we had seen” and was part of what he called “an infection chain” that replicated itself throughout the Obama campaign’s computer system. It also was designed to stay buried in the computers for months, if not years, he said.
He and his consultants were unable to determine precisely what had been compromised, but Brill says the bombardment of viruses by the attackers continued for months. “It was like a firefight,” Brill said. “This was starting every day knowing that you didn’t know what they were going to throw at you.”
Trevor Potter, who served as general counsel to the McCain campaign, said he got a similar warning about the cyberintrusion during a briefing from U.S. law enforcement officials at campaign headquarters.. “They told us, ‘You’ve been compromised, your computers are under the control of someone else. You need to get off network’,” said Potter.
In one incident that caused concern among U.S. intelligence officials, the Chinese hackers appeared to have gotten access to private correspondence between McCain, then the GOP presidential candidate, and Ma Ying-jeou, the newly elected president of Taiwan. On July 25, 2008, McCain had signed a personal letter — drafted on campaign computers — pledging his support for the U.S. –Taiwanese relationship and Ma’s efforts to modernize the country’s military. A copy of the letter has been obtained by NBC News.
But before the letter had even been delivered, a top McCain foreign policy adviser got a phone call from a senior Chinese diplomat in Washington complaining about the correspondence. “He was putting me on notice that they knew this was going on,” said Randall Schriver, a former State Department official who was serving as a top McCain adviser on Asian policy. “It certainly struck me as odd that they would be so well-informed.”
A spokesman for the Chinese Embassy said officials were unavailable for comment because they were busy preparing for this weekend’s summit between President Obama and Chinese President Xi Jinping in California. But in recent weeks, Chinese officials have denied any role in cyberattacks against the U.S. government and private enterprise. “China opposes all forms of cyberattacks,” Zheng Zeguang, assistant Chinese foreign minister, said in a press briefing in Beijing last week.
When the summit does take place this weekend, hacking by the Chinese is expected to be at the top of the president’s agenda.
U.S. officials say that Chinese intrusions have escalated in the years since, involving repeated attacks on U.S. government agencies, political campaigns, corporations, law firms, and defense contractors — including the theft of national security secrets and hundreds of billions of dollars in intellectual property.
A recent report from a U.S. commission chaired by former Intelligence Director Blair and former U.S. Ambassador to China Jon Huntsman Jr., estimated that the theft of intellectual property – mostly from China – was costing the U.S. $300 billion a year.
“It’s stealing of information and there should be outrage,” said Henry, the former FBI executive assistant director.
Previous warnings to the Chinese about cyberattacks have been brushed off. The 2008 attacks, for example, prompted U.S. intelligence officials to sternly warn the Chinese that they had “crossed the line,” says one former senior U.S. official who was directly involved in the investigation.
“We told them we knew what they were up to – and that this had gone too far,” said the former official. Chinese officials listened politely and denied they had anything to do with the attacks on the campaign, the former official said.