Stealing America: China’s Busy Cyber-Spies
Economic and industrial spying by China appears to be more pervasive and egregious than ever, costing America billions of dollars each year, according to a new report by a U.S. government agency. And the report raises an important question: If stolen trade and technology secrets help fuel China’s breakneck growth, then is more espionage required to feed the growing beast?
We have been hearing sporadic reports of Chinese industrial and economic espionage via cyberspace for years. But the report from the Office of the National Counterintelligence Executive is of a different order altogether. The unusually blunt and comprehensive assessment of cyber-spying accuses China of gathering American trade secrets “using removable media devices and e-mail.”
This goes far beyond the China-bashing that seems fashionable in some quarters of Washington these days. “Foreign Spies Stealing U.S. Economics in Cyberspace,” as the report is titled, throws the book at practically everyone — U.S. allies and adversaries alike. But it singles out China for many, if not most, of these offenses, with Russia not far behind. Of seven cases that went to the U.S. courts under the Economic Espionage Act last year, six involved links to China.
“Chinese actors are the world’s most active and persistent perpetrators of economic espionage,” the report says. “U.S. private-sector firms and cyber-security specialists have reported an onslaught of computer network intrusions that have
originated in China, but the intelligence community cannot confirm who was responsible.”
Still, the report — the result of a two-year study by 13 U.S. agencies, including the FBI, CIA, and the Defense Intelligence Agency — finds a disturbing number of cases involving the Chinese. Consider these examples:
- David Yen Lee, a chemist at Valspar Corporation (VAL), a Minneapolis-based manufacturer, used his access to international computer networks to download about 160 secret formulas for the paints and coatings Valspar produces. He was arrested in March 2009 and sentenced a year later to 15 months in prison.
- Meng Hong, also as a chemist, worked at DuPont and downloaded data on organic light-emitting diodes that he intended to transfer to Beijing University. He pled guilty last year and is now also serving a 15-month prison sentence.
- Yu Xiang Dong was a product manager at Ford (F) in China and copied about 4,000 documents onto a hard drive to help him get a job with a Chinese carmaker. He also pleaded guilty and was sentenced last April to 70 months in prison.
While these are just a handful of cases, there appear to be hundreds of others, some of which go undetected even by the companies that are victimized. But as these cases suggest, one of China’s methods is to use ethnic Chinese “insiders” to steal information and funnel it back to companies or universities on the mainland. The report says Chinese intelligence agencies and corporations also exploit Chinese citizens with trans-Pacific family ties when such ties can prove useful.
One of the problems in detecting cyber-espionage cases is that IPs, or internet protocol addresses, cannot always be definitively traced to a specific origin. Equally, some companies that have been victims of Chinese internet spying are reluctant to report their findings for fear of undermining investor confidence.
Google has been a rare exception. Early last year, when it reported a cyber-attack in which part of its source code may have been stolen, it was not shy about pointing the finger not only at China but directly at the Chinese government. Google subsequently stopped operating in China—though it is still active in Hong Kong—because of censorship issues and alleged intrusions into its network by Chinese hackers.
McAfee, an internet security company owned by Intel, is another interesting case. It issued a report titled “Night Dragon” a few months ago documenting cyber-espionage efforts aimed at an array of entities, among them defense contractors, non-governmental organizations, and manufacturers. It cast blame on one country but declined to name it. The crux of the matter here, according to news reports, seems to be that Intel (INTC) does very substantial business in China.
The U.S. government has been in a similar bind. Washington has until now been unwilling to single out China for fear of jeopardizing broader bilateral relations or revealing what it has discovered about Chinese cyber-spying. The report just issued—it was presented to Congress earlier this month—is thus potentially a game-changer. Beijing has so far had no response to it.
What is to be said of all this?
One obvious question is what systematic cyber-espionage on an apparently large scale is costing the U.S. economy. The damage is “large but uncertain,” the report notes on this point. It then elaborates: “Estimates from academic literature on the losses from economic espionage range so widely as to be meaningless—from $2 billion to $400 billion or more a year—reflecting the scarcity of data and the variety of methods used to calculate losses.”
We do have individual cases where the damage can be measured. The thefts of formulas at Valspar, for instance, are estimated to have been worth $20 million in research and development costs. That equals about one-eighth of the company’s annual profits.
Now let’s put all this in context. China is nothing if not eager to join the ranks of global players in every field of advanced technology it can put its hands on. The day the U.S. report was released, Beijing announced that two unmanned Chinese spacecraft haddocked in orbit for the first time. Together with India, China is also venturing into advanced bio-tech medications it has never before produced, putting it in direct competition with high-end U.S. drug manufacturers.
There’s no doubt that China’s strides forward over the past three decades of reform are to be lauded. But how many of those advances have come via stolen or proprietary technology secrets?