Why Global Hackers Are Nearly Impossible to Catch

They're in our computers, reading our files. The Chinese government, that is, according to two U.S. Congressmen who recently accused Beijing of sending hackers to ferret out secret documents stored on Congressional computers. The Chinese deny any involvement, but if they were lying, would we be able to prove it?

The answer, according to computer and security experts, is probably not.

At least, not conclusively enough for a court of law.

"It's very difficult to track hacker attacks and, even if you can track it, you don't always know with 100 percent certainty if you're right," said James Lewis, director and senior fellow of the Technology and Public Policy Program at the Center for Strategic and International Studies in Washington, D.C.

That was the problem faced by the investigators who attempted to figure out who broke into computers used by the staff of Rep. Christopher H. Smith, R-N.J., and Rep. Frank R. Wolf, R-Va. The Congressmen announced on June 11 that they'd been the targets of several attacks, beginning in 2006.

Both Smith and Wolf are high-profile critics of the Chinese government. They told reporters that, among other things, the hackers stole lists of identities of Chinese dissidents and records from Congressional human-rights hearings.

It is possible to track such attackers, to a point. When you use the Internet, you leave the equivalent of digital footprints, Lewis explained. Every message your computer sends to a different computer travels in a series of hops from one router or server to another. Even after the message is received, the record of its path remains. Lewis said authorities can sometimes follow that path back to a hacker's computer.

But not always. For one thing, not all servers and routers save records. Another big problem is that hackers will often conceal their location by creating a fake trail, essentially leading authorities to a computer user who had nothing to do with the attack.

More frustrating, Lewis said, is the fact that even when you can successfully trace a hacker, the information you get doesn't tell you who signed his paycheck. While the attacks on Smith and Wolf were apparently traced to a computer in China, knowing that doesn't necessarily implicate the Chinese government.

"All it gives you is the Internet address of the last computer in the line," he said.

Because of this, Lewis said, the U.S. intelligence services usually have to take circumstantial evidence into account. For instance, in the current case, they might look at who would have had the motivation to make the attack. "The records stolen were secret lists of Chinese human rights activists," he said. "Who else is going to care about that but the Chinese government?"

However, he said, there is one other possible culprit. China is home to a particularly active cadre of patriotic civilian hackers.

Heroes at home

Bruce Schneier, chief security technology officer of the BT Group, an international communications company based in London, said some of these guys are heroes in their home country, thanks to hacks they've made on organizations, media and governments that are pro-Tibet, pro-Taiwan, or otherwise critical of Chinese interests.

While not the same as official government hackers, these cyber-vigilantes are liable to pull stunts that benefit the government and, in some cases, they might even sell information they've gathered to the government. Both Schneier and Lewis said these civilian hackers aren't truly independent, in that they're probably tolerated, if not outright encouraged, by the government.

It's also important to note that China isn't the only government that's up to online shenanigans. Using hackers to conduct espionage is awfully appealing, precisely because it's so hard to conclusively pin on a specific source.

Lewis said there are at least a half dozen other governments, besides China's, that have highly sophisticated hacker capabilities. This includes the United States. In fact, he said, attacks are common enough that they're almost not something to get worked up about. "We shouldn't be outraged at this latest hack," he said. "This is just normal stuff between countries. It you want to be outraged, be outraged that our defenses are so poor."

• Internet Full of 'Black Holes'
• Top 10 Technologies That Will Transform Your Life
• Cutting the Technotether That Ruins Your Life