Continued from page 1

U.S. government officials have been reluctant to tie the attacks directly back to the Chinese government, but analysts and officials quietly say they have tracked enough intrusions to specific locations to be confident they are linked to Beijing — either the government or the military. They add that they sometimes can glean who benefited from a particular stolen technology.

One of the analysts said investigations show that the dozen or so Chinese teams appear to get “taskings,” or orders, to go after specific technologies or companies within a particular industry. At times, two or more of the teams appear to get the same shopping list and compete to be the first to get them or to pull off the greatest haul.

Analysts and U.S. officials agree that a majority of the cyberattacks seeking intellectual property or other sensitive or classified data are done by China-based hackers. Many of the cyberattacks stealing credit card or financial information come from Eastern Europe or Russia.

According to experts, the malicious software or high-tech tools used by the Chinese haven’t gotten much more sophisticated in recent years. But the threat is persistent, often burying malware deep in computer networks so it can be used again and again over the course of several months or even years.

The tools include malware that can record keystrokes, steal and decrypt passwords, and copy and compress data so it can be transferred back to the attacker’s computer. The malware can then delete itself or disappear until needed again.

Several specific attacks linked to China include:

• Two sophisticated attacks against Google’s systems stole some of the Internet giant’s intellectual property and broke into the Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists.

• Last year, computer security firm Mandiant reported that data was stolen from a Fortune 500 manufacturing company during business negotiations when the company was trying to buy a Chinese company.

• Earlier this year, McAfee traced an intrusion to an Internet protocol address in China and said intruders took data from global oil, energy and petrochemical companies.

A Chinese Foreign Ministry spokesman, Liu Weimin, did not respond Monday to the specific allegations about government-supported cyberattacks but said Internet security is an issue the world needs to address collectively. The international community should “prevent the Internet from becoming a new battlefield,” Mr. Liu said at a daily media briefing in Beijing.

For the first time, U.S. intelligence officials called out China and Russia last month, saying they are systematically stealing American high-tech data for their own economic gain. The unusually forceful public report seemed to signal a new, more vocal U.S. government campaign against the cyberattacks.

The next step, Mr. Cartwright said, must be a full-throated U.S. policy that makes it clear how the U.S. will deal with cyberattacks, including the attackers as well as the nations the attacks are routed through. Once an attack is detected, he said, the U.S. first should go through the State Department to ask the country to stop the attack. If the country refuses, he said, the U.S. will have the right to stop the computer server from sending the attack by whatever means possible while still avoiding any collateral damage.

Associated Press writer Alexa Olesen in Beijing contributed to this report.