Another episode in our weekly series, EXPOSED! where we reveal the most blatant examples of corporate malfeasance and government corruption.
“The difference is the Russians don’t get caught as often as the Chinese. But hackers from both countries are going after American intellectual property on a grand scale that goes beyond individual larceny to national strategy.”
--David Smith, director of the Potomac Institute’s Cyber Security Center.
With both governments and companies always on the lookout for a technological or competitive advantage, industrial espionage is becoming more and more prevalent. This is not limited to simply stealing trade secrets but can also include blackmail, bribery and hi-tech surveillance. Sabotaging ones competitors can also be considered as a form of industrial espionage. China is very much in the spotlight nowadays when it comes to the theft of intellectual property, this being not just for commercial use but to gain military technological superiority as well.
David Smith’s opinion is alarming:
“What you have right now is systematic espionage against the United States. This is not intelligence agencies stealing this or that secret, this is not industrial espionage where some company in another country wants to get the process for something or other. We’re talking about a systematic effort to equalize the technology edge that the United States enjoys over every other country in the world by stealing US intellectual property….This is strategic”.
For years, the Chinese government has engaged in cyber-enabled economic espionage and other covert and clandestine activities to strengthen China’s economic competitiveness and strategic position. China is estimated to be responsible for 50 to 80 percent of cross-border intellectual property theft worldwide. Various study groups have estimated that Chinese intellectual property theft could cost over $300 billion annually to the US economy. The US-China Economic Security and Review Commission has concluded that Chinese espionage:
“comprise the single greatest threat to US technology.”
Chinese espionage has not only damaged US companies, but has also helped China save on research and development expenses while catching up in several critical industries. Perhaps most worryingly, China is reversing many of the US military’s technical and industrial advantages and creating potential vulnerabilities should a conflict arise.
The resources China devotes to cyber activities are massive. The Chinese campaigns are of such large scale that most experts believe they require, and so probably receive, some type of state sponsorship. The FBI estimates that China has more than 30,000 military cyber spies, plus an additional 150,000 private sector cyber experts whose mission is to steal American military and technological secrets. Although Chinese officials frequently dispute foreign accusations that the PRC is involved in malicious cyber activities, there is robust evidence that specific actors within China – and within the Chinese government – have often been responsible. China’s cyber groups operate partially at the behest of the PLA through a dual civil-military command structure and the state has consolidated control over some private cyber actors. Differentiating military from civilian groups is often difficult; the line itself may be blurry, since Chinese writings highlight the importance of civil-military integration for cybersecurity.
Frequently invoked is former National Security Agency Director Keith Alexander’s comment that theft of economic information is:
“the greatest transfer of wealth in human history.”
It is ironic that this is the same Keith Alexander who lied to congress under oath in 2012, claiming that the NSA didn’t spy on US citizens. And on the subject of spying and data harvesting, it is of note that Alexander joined the Amazon board in September of 2020. That prompted the following tweet from Edward Snowden:
“It turns out ‘Hey Alexa’ is short for ‘Hey Keith Alexander’. Yes, the Keith Alexander personally responsible for the unlawful mass surveillance programs that caused a global scandal.”
Former FBI Director James Comey has made a scathing comment about the Chinese when it comes to their hacking activities:
“There are two kinds of big companies in the United States; there are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese.”
US allies and partners also suffer considerable damage because of Chinese cyber attacks. South Korea estimated in 2008 that foreign economic espionage cost its companies $82 billion. The effect in Germany has been particularly significant, given that Made in China 2025 is modeled on Germany’s Industrie 4 plan. In the context of this competition, German experts suggest that China has conducted industrial espionage against the country’s car manufacturing, renewable energy, chemistry, communications, optics, x-ray technology, machinery, materials research and armaments industries. In just one month, a single German telecommunications firm reported over 30,000 Chinese cyber attacks. Estimates indicate that German firms lose $28 to $71 billion annually as a result. Several cases of Chinese espionage have reached courts, yet most incidents do not reach the press because companies do not wish to expose their vulnerabilities or risk business opportunities in China.
Unless US and European leaders prioritize Chinese cyber-enabled economic espionage, Beijing is unlikely to curb these activities. Better data provided directly by victims as well as through public reporting would provide decision makers with a fuller understanding of the threat landscape.
The extent to which the Chinese go to spy on companies was reflected in a report from the Nikkei Asian Review. It claimed that companies are worried:
“that China could be spying on them using power cords and plugs...”
“...have asked their Taiwanese suppliers to shift production of some components out of the mainland.”
Tien Chin-Wei, a deputy director at the Cybersecurity Technology Institute told the Nikkei Asian Review that the concerns were “totally reasonable,” because:
“technically, it is doable and not difficult for hackers to use the power supply system or power cords to retrieve data stored in servers...”
“...every interface between components, or between motherboards and power supply systems could be a loophole for malicious implants. You only reduce or manage the risks, but it is no possible to entirely eliminate the threats.”
You have been warned!