Report on Chinese Government Sponsored Cyber Activities

Today's Wall Street Journal features the following story:

China Expands Cyberspying in U.S., Report Says by Siobhan Gorman.

I've reprinted an excerpt below and highlighted interested aspects. I can vouch for the quality of the Northrop Grumman team that wrote this report and for their experience in this arena.

Congressional Advisory Panel in Washington Cites Apparent Campaign by Beijing to Steal Information From American Firms

WASHINGTON -- The Chinese government is ratcheting up its cyberspying operations against the U.S., a congressional advisory panel found, citing an example of a carefully orchestrated campaign against one U.S. company that appears to have been sponsored by Beijing.

The unnamed company was just one of several successfully penetrated by a campaign of cyberespionage, according to the U.S.-China Economic and Security Review Commission report to be released Thursday. Chinese espionage operations are "straining the U.S. capacity to respond," the report concludes.

The bipartisan commission, formed by Congress in 2000 to investigate the security implications of growing trade with China, is made up largely of former U.S. government officials in the national security field.

The commission contracted analysts at defense giant Northrop Grumman Corp. to write the report. The analysts wouldn't name the company described in the case study, describing it only as "a firm involved in high-technology development."

The report didn't provide a damage assessment and didn't say specifically who was behind the attack against the U.S. company. But it said the company's internal analysis indicated the attack originated in or came through China.

The report concluded the attack was likely supported, if not orchestrated, by the Chinese government, because of the "professional quality" of the operation and the technical nature of the stolen information, which is not easily sold by rival companies or criminal groups. The operation also targeted specific data and processed "extremely large volumes" of stolen information, the report said.

"The case study is absolutely clearly controlled and directed with a specific purpose to get at defense technology in a related group of companies," said Larry Wortzel, vice chairman of the commission and a former U.S. Army attaché in China. "There's no doubt that that's state-controlled."

Attacks like that cited in the report hew closely to a blueprint frequently used by Chinese cyberspies, who in total steal $40 billion to $50 billion in intellectual property from U.S. organizations each year, according to U.S. intelligence agency estimates provided by a person familiar with them.


H. Carvey said…
Given the state of the victims, is this really a surprise?
Gunnar said…
Heavens to Betsy! I hope the US would never do anything like this.

Well, except for when Alexander Hamilton gave a free US citizenship to anyone who stole intellectual property from Europe, which led of course to Sutter's Mill and the Industrial Revolution.
Anonymous said…
So, in other words Gunnar -- yes, this is how upcoming super powers accomplish their success. The simple 'good' vs. 'evil' argument doesn't really apply here. Yes, humans are competitive. Tribes and nations will do what they have to do to better their own and their purpose. I think it's called the Human _Race_ for a very good reason. The moralistic argument you seem to raise suggests we should just give up out of historic guilt? Maybe you're making the argument that we should be attacking their 'net infrastructure?

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics