On Monday, the Financial Times reported that unnamed U.S. military officials told reporters that the Chinese military had hacked into Pentagon computers in June, in what they characterized as "the most successful cyberattack" to date on Department of Defense computers. The report come a week after German news magazine Der Spiegel alleged that the Chinese had hacked into German government computers. Both governments expressed a high degree of confidence that the information breaches led back to operations run by China's military, the People's Liberation Army (PLA).

Chinese officials vehemently denied the allegations.

"The Chinese government has always opposed any Internet-wrecking crime, including hacking, and cracked down on it according to the law," Chinese Foreign Ministry spokeswoman Jiang Yu said in a statement carried by China's news agency, Xinhua. "Some people are making wild accusations against China and wantonly saying the Chinese military attacked the Pentagon's computer network. These are totally groundless and also reflect a Cold War mentality."

Increasingly, nations are calling China to account for computer espionage and network breaches emanating from the world's most populous nation and directed at sensitive targets.

In 2005, SecurityFocus reported that security firms and government response agencies had warned that e-mail messages carrying malicious code were targeting specific individuals at large corporations and sensitive government agencies. Two months later, an article in Time Magazine revealed that a network-security manager at Sandia National Laboratories, Shawn Carpenter, had worked with U.S. government officials for nearly two years to track such attacks back to China. The U.S. even had a codename for the attacks: Titan Rain.

"Our intellectual property is being systematically looted," said Carpenter, now a principal forensics analyst at NetWitness, a maker of digital forensics tools. "If you can steal this stuff and gain an advantage in the economic or intelligence world -- or even militarily -- why not leverage that. I think this is the new battlefield."

Economic espionage connected to China has increased dramatically in the last decade. A German official estimated that two-thirds of the economic espionage cases currently being investigated by the country's law enforcement are linked to China, according to Der Spiegel. In the U.S., the FBI has estimated that a third of all economic espionage cases are linked to the Chinese and have boosted the number of agents assigned to combat Chinese espionage to 350, from 150 in 2001, according to USA Today.

It's natural that such activity has moved online, said Mikko Hyppönen, chief research officer for antivirus firm F-Secure. As the information of interest to spies has increasingly become digital and stored in locations more accessible to remote users, the act of spying has changed as well, he said.

"What is spying? It is the act of collecting information, and that information used to be in files and binder, but now its in laptops and hard drives and can be more easily moved," Hyppönen said. "The espionage guys would be stupid not to take advantage of the fact that information has changed, and they no longer have to travel to get access to it."

Hyppönen believes the cases of hacking are linked to each other and emanate from a single source, likely within China.

Yet, tracking the attacks back to China is not a simple matter.

Attackers regularly use multiple servers and botnets to hide the true origins of their activities. For example, current data shows that nearly half of all spam comes from servers based in the North America, but that does not mean that the U.S. is spamming other countries, said Matt Sergeant, senior antispam technologist for e-mail security firm MessageLabs.

"Certainly, there is a lot of what we call -- in the spam world -- bulletproof hosting in China," Sergeant said. "But saying that the source of the attacks coming from those servers is in China is not straightforward. Using that naive viewpoint, most of spam is coming from the U.S."

NetWitness's Carpenter agreed.

"I don't think you can really 100 percent say" it's coming from China, said Carpenter. "Unless you have boots on the ground and someone kicks down the door in Beijing and you catch someone at the keyboard, you can never say it."

Still, a growing amount of evidence, outside of the location of servers used in the attacks, has pointed to China.

For example, attacks on U.S. agencies and other Taiwan political groups in the United States have steadily increased in the past year.

In January 2006, exploit code attached to an e-mail that appeared to be a weekly newsletter sent by the U.S.-Taiwan Business Council, a private organization that seeks to improve business between the United States and Taiwan, went to addresses at U.S. government agencies and Taiwanese groups. The e-mail posed as a copy of the previous week's legitimate newsletter with minor changes, including appending a malicious Word document rather than the PDF file typically sent by the group, said Lotta Danielsson-Murphy, vice president of the U.S.-Taiwan Business Council.

The attacks, which started in December, have become more frequent every week. In the latest, which happened over Labor Day weekend, another newsletter clone was sent to specific people touting the U.S.-Taiwan Business Council's Defense Industry conference. The e-mail appeared to come from a Taiwanese official and contained a ZIP file that downloaded malicious code from the hacked server of a construction company in Illinois, Danielsson-Murphy said.

"We have seen an onslaught," she said. "The e-mail messages are always very up-to-date, and we are getting more and more."

The content sought out by attackers also seems to indicate a connection to China. A similar e-mail allowed hackers to infiltrate computers at the U.S. State Department a year ago. The attachments established a beachhead in the State Department's systems, which the attackers used to search for information on China and North Korea.

Moreover, the People's Liberation Army (PLA) has publicly talked about recruiting people serving their national service into hacking squads, said Marcus Sachs, director of the SANS Internet Storm Center. If they are trained and then not selected for the permanent hacking teams, many of the people will likely use their skills for patriotic hacking, he said.

"Those that don't make the cut are still really good at hacking," Sachs said. "A few of them still want to be patriotic, so they form their own little clubs and hacking groups and do what they would have done if they had served with the military."

Earlier this year, the Naval Network Warfare Command warned that Chinese hackers were "constantly waging all-out warfare against Defense Department networks," according to a report in Federal Computer Weekly.

For now, China continues to deny involvement and has vowed to go after whoever is attacking other countries' systems.

"The Chinese government attaches great importance to the hacker attack on the German government networks," Chinese Premier Wen Jiabao said, according to Xinhua.

Member of Congress have already taken the leaders of the Departments of State, Homeland Security and Commerce to task for lax computer security, as part of a general investigation by the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology into the security of federal systems.

"I would think that all governments should be concerned and protected against this type of thing," MessageLabs' Sergeant said. "Because it is so targeted, it is something that regular antivirus protection is not going to pick up on."

However, ISC's Sachs, for one, believes the problem will get better quickly. Pointing at next year's Olympic games, the security expert predicts that China will have to clean up its act, likely meaning the hacking will subside for some time or at least become much stealthier.

"It is only a while before the hacking, which has gotten the tacit wink and nod, will get shot down because it is bad for China," Sachs said. "It will only take one government official in Beijing to have the light go on and say that this hacking is bad for the country -- it is no different than Chinese dog food killing pets or lead in toys."

If you have tips or insights on this topic, please contact SecurityFocus.