Chinese companies are gaining an unfair advantage with the state’s backing, according to
[PDF] the US-China Economic and Security Review Commission’s 2012 Report to Congress.
Released yesterday, the federally-mandated annual assessment of Sino-American relations and the associated national security implications maintains that "Chinese actors are the world’s most active and persistent perpetrators of economic espionage," which has created "a growing and persistent threat to US economic security."
While the Commission’s report covers a range of issues, there appears to be particular concern over China’s "increasingly creative and resourceful" cyber spying -- which could also affect the US military’s "readiness and ability to operate."
"Although most China-based activity observed over the past year relied on basic and straightforward techniques, a series of new developments suggest Chinese exploitation capabilities are improving significantly,” the report says. “Irrespective of sophistication, the volume of exploitation attempts yielded enough successful breaches to make China the most threatening actor in cyberspace.”
Though the Commission says “it is unclear whether the Chinese state directs all of this activity,” the “theft of industrial secrets through cyber espionage is apparently Chinese state policy.”
As the state controls “up to” 50% of the Chinese economy -- and designates seven so-called “strategic” industries, including armaments, power generation and distribution, oil and petrochemicals, telecom, coal, civil aviation, and shipping -- the Commission believes cyber attacks from China targeting these industries have “a particularly high likelihood of state sponsorship.”
Some incursions have been particularly effective. “Deliberate targeting” by Chinese hackers in 2009 “totally compromised” six to eight subcontractors working on the F-35 Joint Strike Fighter program, according to Lockheed Martin
(NYSE:LMT) officials. The program’s three prime contractors -- Lockheed Martin, Northrop Grumman
(NYSE:NOC), and BAE Systems
(LON:BA) -- were “repeatedly” targeted by hackers identified by reports as Chinese. And just last month, Cisco
(NASDAQ:CSCO) released excerpts from a confidential report regarding patent infringement by Huawei, a Chinese competitor. One reads, “The exactness of the comments and spacing [in an evaluated Huawei product] not only indicate that Huawei has access to the Cisco code but that the Cisco code was electronically copied and inserted.”
“Most companies -- and countries -- are too willing to turn a blind eye to this and just not acknowledge it; it’s too politically fraught,” Jarrett Kolthoff
, a former US counterintelligence agent and the current president and CEO of cyber counterintelligence
firm SpearTip, told me recently. “But civilian entities are finally waking up to the fact that businesses don’t play nice. Whether that’s an insider that didn’t receive the promotion or bonus they wanted, or a competitor overseas, there are no rules of engagement.”
Hard Answers Difficult to Get
A 2012 study from Akamai Technologies
(NASDAQ:AKAM) cited by the Commission claims that 16% of Internet "attack traffic" originates in China, “more than any other country in the world.”
And, as former Vice Chairman of the US Joint Chiefs of Staff James Cartwright testified earlier this year, "[T]he clear paths back into servers and other mechanical devices inside of the Chinese sovereign domain remain a constant problem for us."
Dr. Craig Labovitz, co-founder and CEO of DeepField Networks
(and a former Microsoft research scientist) says, “[T]his is not hype.”
“There are real issues here,” he tells me. “Large sections of the North American Internet are scanned multiple times a day from boxes overseas. Usually, the scanning is a handful of packets (i.e., negligible traffic) looking for commonly exploitable services.” In some networks where DeepField is deployed, “every single possible host is scanned every day,” Labovitz says. “This is tens of millions of individual users/devices.” However, he points out that “there has always been scanning on the Internet.”
“What is different today,” he continues, “is the industrial level scale of the scanning activities.”
However, Labovitz says he has “no idea of the source” of the scans.
“Many come from boxes in Asia, but this may bear no relation to the actual location of the attackers,” he tells me.
This is part of the difficulty in establishing a definitive culprit in any hacking attempt; according to Labovitz, “In the cloud today, geography does not matter much.”
“For example, as part of our commercial cloud mapping activities, we regularly spin up dozens and sometimes hundreds of machines across Asia,” he explains. “[It] just takes a keystroke and pennies per hour to rent servers in Asia/Europe/US/etc. from commercial cloud providers. And then there are thousands of companies selling cloud servers. All very cheap."
“If you don't want to leave a paper trail, then there are millions of compromise[d] machines around the world. Like the ‘legitimate’ cloud providers, you can rent time on these millions of compromised office and home computers from hundreds or thousands of underworld brokers.”
The Economic Effect
The Commission’s report notes that in June, the Assistant Director of the FBI’s Counterintelligence Division, C. Frank Figliuzzi, testified to the House Committee on Homeland Security, revealing that the Bureau’s estimate of “economic espionage losses to the American economy” for the fiscal year exceeded $13 billion. Indeed, this includes all economic espionage, not just Chinese cyber espionage -- which independent Internet researcher Collin Anderson
says is, in fact, hardly limited to China.
“It would be hard to deny that China conducts these sorts of cyber operations,” Anderson tells me. “China uses hacking and other forms of intrusion to further their goals -- just like any other state with an interest in its political posture naturally does."
From China’s point of view, the US-China Economic and Security Review Commission is "indulging in cold war mentality."
"We hope they will stop their prejudice, respect facts, and stop interfering in China's internal affairs and hurting China-US relations," Foreign Ministry spokesman Hong Lei said at a briefing
on Wednesday. "China is firmly opposed to cyber attacks and has enacted laws on this issue."
Strident as Mr. Hong may be, Collin Anderson reiterates: “To say China isn’t engaging in this sort of stuff would be implausible.”
But he says he sees the report overall as “noncontroversial.”
“It’s like, okay sure -- we’ve known about all these things, we’ve heard it all before,” Anderson says. “At the same time, what’s next? What’s the recommendation? What are we trying to do about it?”
Follow Justin Rohrlich on Twitter: @chickenalaking