Continued from page 2

He has provided Chinese authorities with a list of 12,000 devices - including webcams, computer routing switches and Internet telephones - that are using a vulnerable version of a special software program called VxWorks.

The program controls the devices. But in the vulnerable version, an attacker can get control and turn webcams into surveillance cameras and Internet phones into eavesdropping devices, Mr. Beresford said.

He said it was difficult to tell exactly which departments or agencies the vulnerable devices were located, but many of them were on networks used by the Chinese military. “You could eavesdrop on any office where a computer that is using one of these devices is located,” he said.

Mr. Beresford said he hoped the impact of his work would encourage Beijing to “tone down its aggression in cyberspace” and improve relations between security researchers in China and the U.S. “Both countries are vulnerable,” he said.

Analysts say there are some signs that the Chinese recognize that, which is why they have begun to explore an international legal framework for cybersecurity.

In mid-2009, China reached out through semiofficial channels to start a dialogue on the issue with Washington specialists and former national security officials, a participant confirmed to The Times.

James A. Lewis of the Center for Strategic and International Studies, the former U.S. diplomat to whom the Chinese originally reached out, said several sessions of exploratory talks had been held. “They are very aware of their vulnerabilities,” he told The Times.

“It’s actually a good thing,” Mr. Lewis said. “Both countries are afraid about cybersecurity, and that shared fear gives us a basis for negotiation.”