US names names – China and Russia – in detailing cyberespionage

Using blunt language, a new report by the Office of the National Counterintelligence Executive singles out China and Russia for cyber economic espionage, saying they are fast-growing threats to US economic and national security. In the past, the US government had largely refrained from naming specific countries as sources of cyberespionage.

Not anymore.

"Chinese actors are the world's most active and persistent perpetrators of economic espionage," according to the report, titled "Foreign Spies Stealing US Economic Secrets in Cyberspace." "Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets."

The report, which was prepared for Congress, in effect puts a government spotlight on threats that had largely gone undeclared until security firms and news media highlighted them over the past two years.

"The evidence has simply become overwhelming," says Joel Brenner, head of US counterintelligence in the Office of the Director of National Intelligence from 2006 to 2009. "It was the gorilla in the room that could no longer be ignored. Not to have named these countries would have yielded a report that would have been irrelevant."

The report also identified allies like France. But China, in particular, was fingered for massive ongoing cyberespionage against American companies in an alleged effort to gather the technological insights needed to make its economy more competitive.

An official spokesman for China vehemently denied any sponsorship of such attacks. But naming China was probably inevitable, intelligence experts say: A number of countries, including Britain, Germany, and South Korea, have already been placing blame.

"One of the biggest challenges America faces is how to deal with countries like China that have been so blatant in their theft of economically important information," says Scott Borg, director of the US Cyber Consequences Unit, a nonprofit think tank.

The report, Mr. Borg adds, appears to be moving the issue of cyberespionage into a more formal realm where diplomats will negotiate the issue. "This is a serious threat to our economy, yet it's so new that government officials don't know what would be an appropriate response,” he says. “This report looks like another step toward putting this on the diplomatic agenda."

The Office of the National Counterintelligence Executive was formed in 2001. Its purpose is better evaluation of counterintelligence threats from foreign nations and nonstate actors, as well as integration of all counterintelligence activities.

Whereas in the past, individual spies might have painstakingly collected and transferred physical copies of secret corporate documents, the ease and anonymity of downloading files from the Internet or copying thousands of documents at a time onto a portable thumb drive have made cyberespionage a crucial threat to the nation, the report says.

Project 863, for instance, is a clandestine initiative launched by China in 1986, the report says, "to enhance China's economic competitiveness and narrow the science and technology gap between China and the West in areas like nanotechnology, computers and biotechnology." Cyberespionage is now a big part of Project 863, it says.

Against that backdrop, the report says, American companies and specifically cybersecurity companies have "reported an onslaught of computer network intrusions" originating from Internet Protocol (IP) addresses in China.

Private security firms in the US have dubbed the trend the "advanced persistent threat." Examples cited by the report include:

• A February 2011 report by the cybersecurity firm McAfee found that Chinese hackers had broken into the computer networks of global oil, energy, and petrochemical companies. Their alleged goal: steal data on sensitive proprietary operations and the financing of bids and operations for oil and gas fields. (The McAfee report substantially corroborated a January 2010 Monitor report that found Chinese links to cyberespionage attacks on three global oil giants – Marathon Oil, ExxonMobil, and ConocoPhillips.)

• The Chinese government sponsored hackers' intrusions into Google’s networks, VeriSign iDefense reported in January 2010. Google later claimed that its source code had been stolen, a claim China denies.

• Last year, computer security firm Mandiant reported secret business information stolen from the corporate network of a Fortune 500 company while that company was in negotiations to buy a Chinese company. The stolen data may have helped the Chinese company in its negotiations.

In his new book "American the Vulnerable," Mr. Brenner amplifies what is contained in the report. What became known as Operation Aurora, he writes, was a "coordinated attack on the intellectual property of several thousand companies in the United States and Europe – including Morgan Stanley, Yahoo, Symantec, Adobe, Northrop Grumman, Dow Chemical and many others. Intellectual property is the stuff that makes Google and other firms tick."

A spokesman for the Chinese Embassy in Washington rebuts the report.

"China's rapid development and prosperity are attributed to its sound national development strategy and the Chinese people's hard work as well as China's ever enhanced economic and trade cooperation with other countries that benefits all," writes Wang Baodong, spokesman for the Chinese Embassy, in an e-mail. "Willfully making unwarranted accusations against China is irresponsible, and we are against such demonization efforts as firmly as our opposition to any forms of unlawful cyberspace activities."

Looking ahead a few years, the study cites a technological shift toward a "proliferation of portable devices that connect to the Internet and other networks, [which] will continue to create new opportunities for malicious actors to conduct espionage." Such devices are expected to double from 12.5 billion in 2010 to 25 billion by 2015.

Another trend that could make the nation more vulnerable is the massive swing toward "cloud computing," which pools information processing and storage. While cheaper than hosting computer services in-house, data sharing will provide new means for cyberspies to do their work, the report warns.

According to the report, key targets of cyberspies going forward will include information and communications technology and military technologies, especially those pertaining to naval propulsion and aerospace. But the focus will also include civilian and dual-use technologies, including clean-energy technologies such as solar, wind, and other "energy-generating technologies" – expected to be the fastest-growing investment sector in many nations.

China's 863 program, the report says, is trying to acquire advanced materials and manufacturing techniques, in particular to boost its industrial competitiveness in aviation and high-speed rail. Meanwhile, Russia and Iran are focusing on advanced materials like nanotechnology.

"Cyberspace makes it possible for foreign collectors to gather enormous quantities of information quickly and with little risk, whether via remote exploitation of victims’ computer networks, downloads of data to external media devices, or e-mail messages transmitting sensitive information," the report says.