Two large operations in China account for 90 percent of cyberespionage against US business, one expert says. Research suggests the scope of the operations could be breathtaking.
Ng Han Guan/AP/File
Sneaky Panda. The Elderwood Gang. The Beijing Group.
These are three code names bestowed by US experts on a single cyberespionage organization that, from 9 to 5 Beijing time each day, is at work siphoning the crown jewels of US corporations' proprietary data out of their networks – and into computers in China.
In January 2010, Internet search giant Google disclosed that someone had hacked into its network (not to mention 20 other tech companies). That someone was the Elderwood Gang, says a new report by Symantec, a cybersecurity company.
The Symantec report hints at what other US cybersecurity experts are saying with increasing conviction: that Elderwood is one of two large Chinese economic cyberespionage organizations – employing perhaps hundreds of people – which are working to vacuum business ideas and advanced designs from American computer networks.
For example, these experts are now connecting Elderwood and a second Chinese hacking group to attacks on top cybersecurity company RSA, defense-industry giant Lockheed Martin, and perhaps several US natural gas pipeline companies.
It has long been claimed by US cybersecurity experts that cyberspying to harvest intellectual property, rather than quick cash from online bank accounts, was a practice emanating mostly from China. Plausible deniability remains because attribution is so uncertain in cyberspace. Chinese embassy officials in Washington routinely deny any responsibility for cyberespionage on US targets.
Yet there are signs now that the attribution problem is closer to being solved, US experts say.
Page 1 of 5