The United States government, in a report to Congress, said China and Russia are attacking U.S. companies to steal intellectual property and technology.
A U.S. government report has directly
accused China and Russia of conducting cyber-espionage campaigns against
Cyber-espionage attempts by China and
Russia are a "pervasive threat" to the United States and surpasses
traditional forms of spying, the Office of the National Counterintelligence
Executive wrote in a report to Congress released Nov. 3.
"Foreign Spies Stealing US
Economic Secrets in Cyberspace" departed from diplomatic language and
directly named China and Russia, instead of accusing unnamed "foreign
nation-states" for backing cyber-attacks. These types of attacks are
expected to grow with the increased adoption of cloud services and mobile
devices, the report said.
China was named the "world's most
active and persistent" perpetrator of economic espionage against U.S.
private sector companies in the report. Chinese- and Russian-supported hackers
breach U.S. enterprise computer networks to gather information, the report
found. The Internet and the growth in technology devices have made it easy for
foreign entities to collect enormous quantities of data quickly and with little
risk, according to the report.
"We judge that the governments of
China and Russia will remain aggressive and capable collectors of sensitive US
economic information and technologies, particularly in cyberspace,"
according to the report.
China predictably denied the report's
accusations. "I hope the international community can abandon prejudice and
work hard with China to maintain online security," Hong Lei, the Chinese
Foreign Ministry spokesman, told a daily news briefing on Nov. 4, according to
Reuters. Hong noted that it is difficult to identify attackers because it is
easy to be anonymous and make it appear the attacks are coming from different
places. "Making inferences about the attackers is both unprofessional and
irresponsible," Hong added.
U.S. Counterespionage Chief Robert
Bryant called cyber-espionage a "national, long-term, strategic
threat" to the country at a press conference where the report was released.
Cyber-spying is efficient, since it can
be conducted with fewer resources and more safely because it is easy for
attackers to hide their tracks. The nation-backed attackers may use malicious
software and Web- and network-based techniques to breach networks.
"Cyberspace makes it possible for
foreign collectors to gather enormous quantities of information quickly and
with little risk, whether via remote exploitation of victims' computer
networks, downloads of data to external media devices, or email messages
transmitting sensitive information," according to the report.
Foreign governments are interested in a
wide range of information, including information and communications
technologies, location of natural resources, and military and civilian technologies
such as clean-energy and medical technology. The stolen information can be used
to aid the other country's economic development, gain a competitive agenda or
promote its own domestic agenda, according to the report. In fact, the report
noted that some U.S. allies are also employing social engineering tactics to
obtain "sensitive U.S. economic and technology information" from
various U.S. institutions, the report found.
The United States "doesn't engage
in economic cyber-espionage like other countries do," Richard Clarke,
former cyber-security czar for President George W. Bush, said recently at a
conference in Washington, D.C.
During the same speech, Clarke accused
China of stealing not just intellectual property from American businesses, but
also "transactional and other business data that gives advantages" to
Chinese companies. China has to "pay" for its cyber-espionage
activities, Clarke said.
The Office of the National
Counterintelligence Executive recommended several security measures for
organizations, including encrypting information, deploying multifactor
authentication to secure network and application access, and conducting
real-time network monitoring.
The report is part of an annual
assessment of industrial espionage and data collection. The Office of the
National Counterintelligence Executive used information from 2009 to 2011
collected by the various military branches, the FBI, the Department of Energy, the
State Department, the National Security Agency, the CIA and other government