Northwest Arkansas Democrat-Gazette
Chinese cyberthefts fewer since ’15 deal, but tech still a target
SHANE HARRIS
China continues to steal intellectual property and trade secrets from U.S. companies for its own economic advancement and the development of its military but “at lower volumes” since the two countries forged an agreement in 2015 meant to curb the practice, according to a report published Thursday by American intelligence agencies.
The assessment, which also incorporates the findings of private sector security experts, comes as trade tension roils between the U.S. and China and has spawned dueling tariffs on billions of dollars worth of goods. It is unlikely to quell concerns from the White House that China continues to pose a significant threat to American companies. The report shows that China mounts a multifaceted approach to stealing secrets, which include computer software source codes, chemical formulas, and technology that can be used in weapons systems. Though it relies on computer hacking, China also acquires technology and knowhow through joint ventures and purchases of companies, academic and research partnerships, and front companies meant to “obscure the hand of the Chinese government” in order to acquire technologies governed by U.S. export controls, the report found.
The findings were published by the National Counterintelligence and Security Center, part of the Office of the Director of National Intelligence, which oversees all U.S. spy agencies.
In 2015, after President Barack Obama’s administration threatened to impose sanctions on China, both countries agreed to refrain from conducting cyber operations for economic advancement.
The report shows that while some progress has been made curbing Chinese economic espionage, its cyber operations continue and are focused on defense contractors or information technology and communications companies that provide products and services to support government and private sector information networks.
“We believe that China will continue to be a threat to U.S. proprietary technology and intellectual property through cyber-enabled means or other methods,” according to the report. “If this threat is not addressed, it could erode America’s long-term competitive economic advantage.”
Intelligence officials are increasingly concerned about an emerging threat in which attackers target software manufacturers and distributors, rather than individual users. In these so-called “supply chain” attacks, software is manipulated — perhaps to install a back door for hackers to enter later — before it is installed or updated on a computer. The attacks can affect millions of people who download the software, often from sources they trust.
“Hackers are clearly targeting software supply chains to achieve a range of potential effects to include cyber espionage, organizational disruption, or demonstrable financial impact,” the report said.
Among the most notable incidents cited by intelligence officials is one that affected a popular tool used to delete unwanted and potentially dangerous files from personal computers. More than 1 million computers downloaded an infected version of the program, CCleaner, which hackers then used to target technology companies, including Samsung, Sony and Intel, according to researchers.
Security analysts have found evidence they think links the attack to Chinese hackers, whom they believe broke into a British software-maker to corrupt the popular CCleaner program.
The report warns that new laws and inspection methods in foreign countries pose a risk to American firms.
Last year, China began requiring foreign companies to submit communications technology to a governmentadministered national security review. Companies that operate in China also must store their data there, which exposes it to government influence, the report noted.
The report also points to Russia and Iran as malign actors intent on penetrating U.S. computer systems and critical infrastructure.
Russia aims to use cyber espionage “to bolster an economy struggling with endemic corruption, state control, and a loss of talent departing for jobs abroad,” the report said. Russian hackers have stolen intellectual property from U.S. health care and technology companies, and last year compromised operational networks at energy companies, the report found.
Iran targets American firms as part of what the report calls “a subset” of offensive cyber operations mostly focused on Israel and Saudi Arabia.
For instance, an Iranian hacker group called Rocket Kitten “consistently targets U.S. defense firms, likely enabling Tehran to improve its already robust missile and space programs with proprietary and sensitive U.S. military technology,” the report said. Iranians are also targeting aerospace and civil aviation firms, financial institutions, and energy sector companies.