Login  |  Register  |  Contact

Yes Virginia, China Is Spying and Stealing Our Stuff

Guess what, folks – not only is industrial espionage rampant, but sometimes it’s supported by nation-states. Just ask Boeing about Airbus and France, or New Zealand about French operatives sinking a Greenpeace ship (and killing a few people in the process) on NZ territory.

We’ve been hearing a lot lately about China, as highlighted by this Slashdot post that compiles a few different articles. No, Google isn’t threatening to pull out of China because they suddenly care more about human rights, it’s because it sounds like China might have managed to snag some sensitive Google goodies in their recent attacks.

Here’s the deal. For a couple years now we’ve been hearing credible reports of targeted, highly-sophisticated cyberattacks against major corporations. Many of these attacks seem to trace back to China, but thanks to the anonymity of the Internet no one wants to point fingers.

I’m moving into risky territory here because although I’ve had a reasonable number of very off the record conversations with security pros whose organizations have been hit – probably by China – I don’t have any statistical evidence or even any public cases I can talk about. I generally hate when someone makes bold claims like I am in this post without providing the evidence, but this strikes at the core of the problem:

  1. Nearly no organizations are willing to reveal publicly that they’ve been compromised.
  2. There is no one behind the scenes collecting statistical evidence that could be presented in public.
  3. Even privately, almost no one is sharing information on these attacks.
  4. A large number of possible targets don’t even have appropriate monitoring in place to detect these attacks.
  5. Thanks to the anonymity of the Internet, it’s nearly impossible to prove these are direct government actions (if they are).

We are between a rock and a hard place. There is a massive amount of anecdotal evidence and rumors, but nothing hard anyone can point to. I don’t think even the government has a full picture of what’s going on. It’s like WMD in Iraq – just because we all think something is true, without the intelligence and evidence we can still be very wrong.

But I’ll take the risk and put a stake in the ground for two reasons:

  1. Enough of the stories I’ve heard are first-person, not anecdotal. The company was hacked, intellectual property was stolen, and the IP addresses traced back to China.
  2. The actions are consistent with other policies of the Chinese government and how they operate internationally. In their minds, they’d be foolish to not take advantage of the situation.
  3. All nation-states spy, includig on private businesses. China just appears to be both better and more brazen about it.

I don’t fault even China for pushing the limits of international convention. They always push until there are consequences, and right now the world is letting them operate with impunity. As much as that violates my personal ethics, I’d be an idiot to project those onto someone else – never mind an entire country.

So there it is. If you have something they want, China will break in and take it if they can. If you operate in China, they will appropriate your intellectual property (there’s no doubt on this one, ask anyone who has done business over there).

The problem won’t go away until there are consequences. Which there probably won’t be, since every other economy wants a piece of China, and they own too much of our (U.S.) debt to really piss them off.

If we aren’t going to respond politically or economically, perhaps it’s time to start hacking them back. Until we give them a reason to stop, they won’t. Why should they?

—Rich

Previous entry: Incite 1/13/2010: Taking the Long View | | Next entry: Pragmatic Data Security- Introduction

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By Robert Mannal  on  01/13  at  03:41 PM

Rich,

Good post, but what information does China have they we want?  They are getting all of DoD stuff, all our IP from Google, Intel, Microsoft, etc.  What should we hack…how to build vases for Home Goods, next year’s jeans designs for Wallmart?

I agree it needs to stop, but we will have to find another reason to make them stop.

bob

By Rich  on  01/13  at  05:23 PM

Bob,

It isn’t something we as civilians can do. I suspect just some general mucking around by random intelligence agencies could get them thinking a little more.

By James  on  01/25  at  02:45 PM

Bob,

Military (nuclear?), political and economic intelligence from China is all stuff other nation-states and some corporate entities would be happy to have.

Rich, great article - “includig” in point 3 above should be “including”

By Jon L  on  01/26  at  08:58 AM

Good article but I do have a question. It is easy to verify that the source IP address for the attack on Google (or any attack for that matter) by simply parsing the logs. What is not easy to prove is that the computer assigned that IP address has not been compromised and used to attack Google. Any attacker worth his or her fee would want to conceal their identity and would not attack Google from their assigned IP address.

In short how can we be sure that a US citizen or organization did not compromise a Chinese computer and then use the compromised host to attack Google? It is too easy to point the finger at the Chinese government especially if there is something to be gained by Google such as getting the US government to pressure China which would ultimately benefit Google. 

Sure would be nice to see more details regarding this breach.

By Rich  on  01/27  at  04:17 PM

We aren’t always sure… that’s the problem, and (to be honest) one reason I think we use the term “APT” a lot, as opposed to just saying “China”.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?