China expands cyberspying in US, report says
Wednesday, 4 November 2009
The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing, according to a recent report of Wall Street Journal.
The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report released recently. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.
The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing
trade with China, is made up largely of former U.S. government officials in the national security field.
The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report. The
analysts wouldn't name the company described in the case study, describing it only as "a firm involved in high-technology development."
The report didn't provide a damage assessment and didn't say specifically who was behind the attack against the U.S. company. But it said the company's internal analysis indicated the attack originated in or came through China.
The report concluded the attack was likely supported, if not orchestrated, by the Chinese government, because of the "professional quality" of the operation and the technical nature of the stolen information, which is not easily sold by rival companies or criminal groups. The operation also targeted specific data and processed "extremely large volumes" of stolen information, the report said.
"The case study is absolutely clearly controlled and directed with a specific purpose to get at defense technology in a related group of companies," said Larry Wortzel, vice chairman of the commission and a former U.S. Army attaché in China. "There's no doubt that that's state-controlled."
Attacks like that cited in the report hew closely to a blueprint frequently used by Chinese cyberspies, who in total steal $40 billion to $50 billion in intellectual property from U.S. organizations each year, according to U.S. intelligence agency estimates provided by a person familiar with them.
"Modern-day espionage doesn't involve cloak and dagger anymore," said Tom Kellermann, a vice president at Core Security Technologies, a cybersecurity company.
"It's all electronic." China is among more than 100 countries that have the capability to conduct cyberspying operations.
The bulk of the report describes the growing ambitions of the Chinese military in cyberspace and its efforts to develop the capability to destroy adversary networks with physical and cyberattacks in the event of a crisis.
The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report released recently. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.
The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing
trade with China, is made up largely of former U.S. government officials in the national security field.
The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report. The
analysts wouldn't name the company described in the case study, describing it only as "a firm involved in high-technology development."
The report didn't provide a damage assessment and didn't say specifically who was behind the attack against the U.S. company. But it said the company's internal analysis indicated the attack originated in or came through China.
The report concluded the attack was likely supported, if not orchestrated, by the Chinese government, because of the "professional quality" of the operation and the technical nature of the stolen information, which is not easily sold by rival companies or criminal groups. The operation also targeted specific data and processed "extremely large volumes" of stolen information, the report said.
"The case study is absolutely clearly controlled and directed with a specific purpose to get at defense technology in a related group of companies," said Larry Wortzel, vice chairman of the commission and a former U.S. Army attaché in China. "There's no doubt that that's state-controlled."
Attacks like that cited in the report hew closely to a blueprint frequently used by Chinese cyberspies, who in total steal $40 billion to $50 billion in intellectual property from U.S. organizations each year, according to U.S. intelligence agency estimates provided by a person familiar with them.
"Modern-day espionage doesn't involve cloak and dagger anymore," said Tom Kellermann, a vice president at Core Security Technologies, a cybersecurity company.
"It's all electronic." China is among more than 100 countries that have the capability to conduct cyberspying operations.
The bulk of the report describes the growing ambitions of the Chinese military in cyberspace and its efforts to develop the capability to destroy adversary networks with physical and cyberattacks in the event of a crisis.