The truth is, it's hard to know where one stops and the other begins. Better to just assume that the government, military and private sector have been under more or less constant attack since sometime in the late 1990s.
For most of that time, the U.S. government and military's official response has been "no comment." Those who, like Carpenter, stated explicitly that the attacks were linked to the Chinese government and military were hushed. When attacks did make headlines, officials who spoke (always off record) about their devastating impact were countered by others (also off record) who poo-pooed such statements.
This back and forth from Bradley Graham's 2005 article on Titan Rain were pretty typical of the he-said/she-said denial game that went on for much of the early part of this century:
"It's not just the Defense Department but a wide variety of networks that have been hit," including the departments of State, Energy and Homeland Security as well as defense contractors, the official said. "This is an ongoing, organized attempt to siphon off information from our unclassified systems."
Another official, however, cautioned against exaggerating the severity of the intrusions. He said the attacks, while constituting "a large volume," were "not the biggest thing going on out there."
Let the record show that "Another Official" - whoever he or she is - won the battle, but lost the war. Unit 61398 and others like it turned their beachheads on unclassified and classified networks into landing zones and, then, full-fledged ports.
In the meantime, DC lawmakers (and their lobbyists) obsessed about movie and video game piracy in The Middle Kingdom, while Pentagon brass and the defense industrial base adopted the euphemistic term "APT" - or "advanced persistent threat" - to muddy the water and deflect attention from the obvious source of the malicious activity.
The disconnection between what the U.S. government knows and how it acted on what it knows continues to this day, despite the heated rhetoric from The White House and Pentagon.
Take the recent reports from Bloomberg on the years'-long compromise of the UK-based defense technology contractor QinetiQ. Those reports quoted Christopher Day, a former vice president of Verizon's Terremark security division, which was hired to investigate the intrusions. Day said that QinetiQ's corporate network had been wholly owned by Chinese spies for a period of years.
"We found traces of the intruders in many of their divisions and across most of their product lines," said Day. "There was virtually no place we looked where we didn't find them."
Evidence of wholesale theft of QinetiQ technology was also evident - including a Chinese bomb disposal robot that looks suspiciously similar to Dragon Runner, a QinetiQ-developed product, Bloomberg.
Sign up for Computerworld eNewsletters.