Thanks to my colleague Kevin Moulton for pointing out an excellent Yahoo! special report: In cyberspy vs. cyberspy, China has the edge.

According to U. S. investigators, China has stolen terabytes of sensitive data — from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems. And Chinese hackers show no signs of letting up. “The attacks coming out of China are not only continuing, they are accelerating,” says Alan Paller, director of research at information-security training group SANS Institute in Washington, DC.

Private enterprise is also getting hit big time.

The official figures don’t account for intrusions into commercial computer networks, which are part of an expanding cyber-espionage campaign attributed to China, according to current and former U. S. national security officials and computer-security experts. 

In the last two years, dozens of U. S. companies in the technology, oil and gas and financial sectors have disclosed that their computer systems have been infiltrated. 

In January 2010, Internet search giant Google announced it was the target of a sophisticated cyber-attack using malicious code dubbed “Aurora,” which compromised the Gmail accounts of human rights activists and succeeded in accessing Google source code repositories.

The political ramifications of this cyber warfare are huge. The US and China are the world’s two largest economies, both cooperating and competing on the world’s stage.  With China owning more than $1.1 trillion in U. S. government debt, destabilization of U. S. markets due Chinese cyberattacks would, in effect, be an attack on China’s economy itself.

The old Mad Magazine Spy vs. Spy comics were hilarious, with each spy destroying the other through nefarious means, and then getting up quickly to compete another day.   On the other hand, the China vs. USA cyberspy game is serious business – we play this one for keeps. 

IT World Canada reported last week:

Malicious hackers who may be based in China managed to fool Canadian federal IT staff into providing access to government computers, leading to severe Internet restrictions at Treasury Board and the Finance Department. …

In what the CBC described as an “executive spear-phishing” attempt, hackers used bogus e-mails to pass themselves off as senior executives to IT staff at the two federal departments and request passwords, while other staff received e-mails with virus-laden attachments.

Although it appeared that the attacks came from Chinese servers, it was not certain that the cyber-attackers were Chinese.  The attacks could have originated elsewhere and been routed through Chinese servers.  Not surprisingly, Chinese government officials quickly denied any connection to the attacks.

Whether the attacks originated with a foreign government or not, this highlights the vulnerability of people, more than technology.  If indeed people divulged passwords to email requesters and opened attachments infected with viruses, it shows that people, not technology, are the weak link in cyber security.