China is unquestionably the biggest threat to U.S. cybersecurity according to Greg Hoglund, CEO of U.S. security contractor HBGary, which became famous for being cracked ostentatiously by members of the LulzSec branch of the hactivist group Anonymous.
Why didn't RSA name China?
So, even if the evidence isn't boiler plated, why didn't RSA name China as the likely culprit?
Security companies don't want to lose business opportunities in the world's fastest-growing economy which is led by one of the world's most oversensitive governments.
China has been known to change its decisions on business deals, international trade talks and even treaty negotiations based on what government officials in other countries said or did about one of its pet obsessions – the Dalai Lama, Taiwan or the Falun Gong religious movement.
During the past month, China and South Africa have been at odds over whether South Africa would issue a visa allowing the Dalai Lama to attend a celebration of the 89th birthday for South African civil rights leader Archbishop Desmond Tutu.
The government of South Africa refused to grant the permit for more than two weeks, during which its deputy president traveled to Beijing to confirm a pledge from China that it would make more than $2.5 billion in investments in South African companies. China is South Africa's largest trading partner.
"Most security companies won't come out and say it," Hoglund said during an interview with technology information site Thinq_. "The [US] government won't seem to out them for what they're doing either."
That doesn't mean China or its typical attack method – malware inserted into networks via spear-phished emails, followed by persistent intrusion attempts using both direct cracking methods and other layers of malware, however.