SPECIAL REPORT-In cyberspy vs. cyberspy, China has the edge

The leaked State Department cables have surfaced as Reuters has learned that the U.S. is engaged in quiet, proxy-led talks with China over cyber issues.

Chronic computer breaches have become a major source of tension in U.S. relations with China, which intensified after the major Google hack was disclosed in January 2010, according to U.S. officials involved in the talks. Even before the Google hack, Chinese officials had recognized the problem as well.

In mid-2009, representatives of the China Institutes for Contemporary International Relations, a nominally-independent research group affiliated with China's Ministry of State Security, contacted James A. Lewis, a former U.S. diplomat now with the Center for Strategic and International Studies.

Lewis said that in his first meeting with his Chinese counterparts, a representative of the China Institutes asked: "Why does the Western press always blame China (for cyber-attacks)?" Lewis says he replied: "Because it's true."

There was no response to request for comment on the talks from the Chinese embassy in Washington.

Preliminary meetings at CSIS have blossomed into three formal meetings in Washington and Beijing over the last 14 months. According to two participants, the talks continue to be marked by "a lot of suspicion." Attendees have focused on establishing a common understanding of cyber-related military, law enforcement and trade issues. Cyber-espionage isn't being discussed directly, according to one participant, because "the Chinese go rigid" when the subject is raised.

One reason: for China, digital espionage is wrapped into larger concerns about how to keep China's economy, the world's second largest, growing. "They've identified innovation as crucial to future economic growth -- but they're not sure they can do it," says Lewis. "The easiest way to innovate is to plagiarize" by stealing U.S. intellectual property, he adds.

There have been a few breakthroughs. U.S. and Chinese government officials from law enforcement, intelligence, military and diplomatic agencies have attended in the wings of each discussion. "The goal has been to get both sides on the same page," says Lewis. "We're building the groundwork for official discussions."

A former senior national security official who has also attended the talks says, "Our reports go straight to the top policymakers" in the Obama administration.

Chinese participants have sought to allay U.S. concerns about a Chinese cyber-attack on the U.S. financial system. With China owning more than $1.1 trillion in U.S. government debt, Lewis says China's representatives acknowledged destabilization of U.S. markets would, in effect, be an attack on China's economy, itself.

Despite the talks, suspected Chinese cyber-espionage has hardly tapered off. Documents reviewed by Reuters show that CSIS itself recently was the target of a spear-phish containing malicious code with a suspected link to China.

On March 1, an email sent from an address on an unofficial U.S. Armed Forces family welfare network called AFGIMail was sent to Andrew Schwartz, chief spokesman for CSIS. Attached to the message was an Excel spreadsheet labeled "Titan Global Invitation List."

An analysis conducted for Reuters by a cyber-security expert who asked not to be identified shows the email may have been sent from a compromised AFGIMail email server. The Excel spreadsheet, if opened, installs malicious code which searches for documents on the victim's computer. The code then communicates to a Web-site hosting company in Orange County, California that has additional sites in China. (Reporting by Brian Grow in Atlanta and Mark Hosenball in Washington; additional reporting by Peter Apps in London; editing by Jim Impoco and Claudia Parsons)