Every major company in the United States has already been penetrated by China. So says cyber security expert and former White House counter-terrorism advisor Richard Clarke. In a new Smithsonian Magazine interview, Clarke amplifies what has already been revealed, China is ripping off U.S. and other corporations left and right.
“My greatest fear,” Clarke says, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China....After a while you can’t compete.”
The U.S.-China Economic & Security Review Commission held a hearing, Developments in China’s Cyber and Nuclear Capabilities. Anyone who has ever run a server knows major attacks happen daily from China. It appears there is a new kid on the block, malware campaigns designed to extract specific information by targeting individuals and certain groups.
Nart Villeneuve, a computer security expert, testified:
There has been dramatic increase in targeted malware attacks. Unlike the largely indiscriminate attacks that focus on stealing credit card and banking information associated with cybercrime, these targeted attacks are noticeably different and are better characterized as malware-based espionage. These highly targeted attacks are computer intrusions staged by threat actors that aggressively pursue and compromise specific targets, often leveraging social engineering or the “art of manipulation”, in order to maintain a persistent presence within the victim’s network so that they can move laterally and extract sensitive information.
While government and military networks have long been targets, these highly targeted attacks have spread to the defense industrial base and high tech companies, the energy and finance sectors, telecommunications companies as well as media outlets, civil society organizations and academic institutions.
These types of attacks, geared to obtain sensitive information are called APT or Advanced Persistent Threat.
The USCC also issued a new report, Occupying the Information High Ground (pdf), which analyzes China's Capabilities for Computer Network Operations and Cyber Espionage. This report, by Northrup Grumman paints a not so pretty picture, simply by describing a few cyber security incidents as examples.
The report describes penetration into defense contractor Lockheed Martin as well as the security and encryption software company RSA. Beyond running phishing emails the report concludes:
Recent developments in Chinese CNO applications and R&D point to a nation fully engaged in leveraging all available resources to create a diverse, technically advanced ability to operate in cyberspace as another means of meeting military and civilian goals for national development.
Richard Bejtlich, the Chief Security Officer for Mandiant, did identify the origin of APT attacks as China. Even more amazing, companies are not aware, do not discover they have been compromised or ripped off until it's way too late or a 3rd party lets them know. Here is Bejtlich's breakdown of compromised 2011 targets:
Most of the APT groups we track target the US defense industrial base (DIB). Some of these groups also target US government agencies, think tanks and political organizations, and other commercial or private targets. Our most recent M-Trends research report described our consulting caseload for 2011 in these terms:
- Communications companies: 23%
- Aerospace and defense: 18%
- Computer hardware and software: 14%
- Energy or Oil and Gas: 10%
- Electronics: 10%
- Other, of which the financial sector was the largest component: 25%
The in depth article Inside the Chinese Boom in Corporate Espionage reads like a 1960's cold war movie. Unfortunately it's all real. The article describes what happened to AMSC, a wind turbine manufacturer. The company expanded in China, received orders from China and was then ripped off by China and undercut to the point their profits and stock price tumbled like a Lehman Brother's horror movie. China's ripoff machine is real and any engineer worth their salt is aware of it and how it is done. Unfortunately executives rarely listen to their engineers.
14 U.S. intelligence agencies issued a report describing a far-reaching industrial espionage campaign by Chinese spy agencies. This campaign has been in the works for years and targets a swath of industries: biotechnology, telecommunications, and nanotechnology, as well as clean energy. One U.S. metallurgical company lost technology to China’s hackers that cost $1 billion and 20 years to develop, U.S. officials said last year.
Just today the FBI called combating hackers unsustainable, a war the U.S. has already lost and there isn't one secure unclassified corporate network in the United States.
Here we are, with malware from the manual human to the beyond belief sophisticated Stuxnet, what hit Iran's nuclear facilities. Yet America's corporations continue to expand in China and it's business as usual even when it means losing billions and even their marketplace dominance.