China World’s Biggest Cyber Thief: U.S. Intel
By Eric Engleman - Nov 3, 2011 12:47 PM ET
U.S. intelligence officials called China the world’s biggest perpetrator of economic espionage in a report that says the theft of sensitive data in cyberspace is accelerating.
Hackers and illicit programmers in China and Russia are pursuing American technology and industrial secrets, jeopardizing an estimated $398 billion in U.S. research spending, according to the report released today by the National Counterintelligence Executive, the agency responsible for countering foreign spying on the U.S. government.
The report went beyond previous U.S. official assessments in blaming the two countries for stealing sensitive economic and commercial information. Areas cited as most targeted include pharmaceuticals, information-technology, military equipment and advanced materials and manufacturing processes.
“China and Russia view themselves as strategic competitors of the United States and are the most aggressive collectors of U.S. economic information and technology,” according to the findings. The report drew on 2009-2011 data from at least 13 agencies, including the Central Intelligence Agency and the Federal Bureau of Investigation.
The report emphasized the two countries’ use of cyberspace to conduct espionage against U.S. corporations, government agencies and universities. Storage of business records, research results, and economic data in digital form makes it possible for foreign hackers to “gather enormous quantities of information quickly and with little risk,” the report said.
“The nations of China and Russia, through their intelligence services and through their corporations, are attacking our research and development,” Robert “Bear” Bryant, the U.S. National Counterintelligence Executive, said at a news conference unveiling the report. “If we build their economies on our information, I don’t think that’s right.”
Representative Mike Rogers, the chairman of the U.S. House Intelligence Committee, said last month that hacker attacks by China had reached an “intolerable level” and called on the U.S. and its allies to “confront Beijing.”
China’s “continued theft of sensitive economic information is a threat to our national security, hurts American businesses and workers, and causes incalculable harm” to the world economy, Rogers, a Michigan Republican, said in an e-mail today. “This once again underscores the need for America’s allies across Asia and Europe to join forces to pressure Beijing to end this illegal behavior.”
‘Onslaught’ of Intrusions
U.S. corporations and computer security specialists have reported an “onslaught” of network intrusions originating from Internet Protocol addresses in China, according to the findings. The report highlights the technical difficulties in determining whether such attacks were state-sponsored.
“China’s rapid development and prosperity are attributed to its sound national development strategy and the Chinese people’s hard work as well as the ever enhanced economic and trade cooperation with other countries beneficial to all,” Wang Baodong, a Chinese embassy spokesman, said in an e-mail. “We are opposed to willfully making unwarranted allegations against China as firmly as our opposition to any forms of unlawful cyberspace activities.”
A former senior U.S. intelligence official, speaking on the condition of anonymity because intelligence matters are classified, said in a telephone interview that China regards cyberspace as a free-fire zone where it can steal secrets and plant malware, sometimes embedded in computers and other equipment before it is sold to Western companies.
Cloud Computing Vulnerable
The $398 billion in spending on research and development occurred in 2008 by U.S. industry, government agencies, universities and nonprofits, according to National Science Foundation data cited by the report.
The pace of economic espionage will accelerate in the next several years, according to the report by the National Counterintelligence Executive, part of the Office of the Director of National Intelligence. Increased use of technologies such as smart phones and cloud computing, which lets users access data and applications over the Internet, creates vulnerabilities hackers can exploit, the report found.
The new report faults American companies for not taking the threat seriously enough.
Security Proposal Pending
“Only 5 percent of corporate chief financial officers are involved in network security matters, and only 13 percent of companies have a cross-functional cyber risk team that bridges the technical, financial, and other elements of a company, according to a 2010 study,” the authors wrote.
The Obama administration issued a cyber security proposal in May that would require companies to report data breaches, toughen penalties for computer crimes and direct the Homeland Security Department to work with banks, utilities and transportation operators to develop cyber-security plans.
A Republican House task force recommended last month boosting cyber security for the nation’s critical infrastructure through the use of voluntary industry standards, incentives and limited regulation