This blog entry begins a multi-part series on the rise of foreign economic cyber-espionage.  In October 2011, the U.S. Office of the National Counterintelligence Executive issued a report to Congress entitled “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace.”  The report was significant because it was one of the first formal documents in which the U.S. government took a clear position that elements in China and Russia are actively and intentionally stealing U.S. economic secrets through the use of cyber attacks.  The Chairman of the House Intelligence Committee told the New York Times that “[t]he biggest threat, when it comes to cyber-espionage today, is the sheer volume with which China seeks to steal our intellectual property for its own prosperity.”

The report details the “cyber collection” of information by foreign actors, which can take many forms, like simple visits to a U.S. company’s website for the collection of openly available information, a corporate insider’s downloading of proprietary information onto a thumb drive at the behest of a foreign rival, or intrusions launched by foreign intelligence services or other actors against the computer networks of a private company, federal agency, or an individual.

The report provides examples of how a massive number of computer network intrusions have been used to attack U.S. corporations, primarily in the health care, pharmaceutical, and defense industries.  The report concedes, however, that attribution to a specific country can be difficult because it is often based on circumstantial evidence, such as the fact that the IP addresses for these computer network intrusions originate in that country.

Some examples of cyber-espionage documented in the report include:

  • In a February 2011 study, McAfee attributed an intrusion set they labeled “Night Dragon” to an IP address located in China and indicated the intruders had exfiltrated data from the computer systems of global oil, energy, and petrochemical companies. Starting in November 2009, employees of targeted companies were subjected to social engineering, spear-phishing e-mails, and network exploitation. The goal of the intrusions was to obtain information on sensitive competitive proprietary operations and on financing of oil and gas field bids and operations.
  • In January 2010, VeriSign iDefense identified the Chinese Government as the sponsor of intrusions into Google’s networks. Google subsequently made accusations that its source code had been taken—a charge that Beijing continues to deny.
  • Mandiant reported in 2010 that information was pilfered from the corporate networks of a US Fortune 500 manufacturing company during business negotiations in which that company was looking to acquire a Chinese firm. Mandiant’s report indicated that the US manufacturing company lost sensitive data on a weekly basis and that this may have helped the Chinese firm attain a better negotiating and pricing position.
  • Participants at an Office of National Counterintelligence Executive conference in November 2010 from a range of US private sector industries reported that client lists, merger and acquisition data, company information on pricing, and financial data were being extracted from company networks—especially those doing business with China.

In addition to Chinese economic espionage, the report also cites the June 2010 arrest of ten Russian foreign intelligence service employees who were tasked with collecting economic and technology information.  In certain cases, according to the report, allies and other countries enjoy broad access to U.S. Government agencies and the private sector and conduct economic espionage to acquire sensitive U.S. information and technologies.

Future entries in this series will focus on the cost of these cyber attacks on the U.S. economy and what is being done to limit it.


DISCLAIMER:  The opinions expressed here represent those of Al Saikali and not those of Shook, Hardy & Bacon, LLP or its clients.  Similarly, the opinions expressed by those providing comments are theirs alone, and do not reflect the opinions of Al Saikali, Shook, Hardy & Bacon, or its clients.  All of the data and information provided on this site is for informational purposes only.  It is not legal advice nor should it be relied on as legal advice.