WASHINGTON/BEIJING – The White House announced new efforts Wednesday to fight the theft of trade secrets, in a broad but relatively restrained response to a rapidly emerging global problem that was brought into sharp focus this week by fresh evidence linking online stealing to China’s military.
The Obama administration says indications are that economic espionage is increasing, not only through intrusion over the Internet but also through the recruitment of former employees of U.S. companies with knowledge of inside trade information.
Earlier this week, Virginia-based cybersecurity firm Mandiant accused a secret Chinese military unit in Shanghai of years of cyber-attacks against more than 140 companies, a majority of them in the United States. The accusations and supporting evidence increased pressure on Washington to take more action against Beijing for what experts say has been years of systematic espionage.
China’s government denied being involved in cybertheft. The Chinese Foreign Ministry said the country has also been a victim of hacking, much of it traced to the United States.
The White House report did not target any one violator, but the China problem was evident in the case studies cited. Those examples involved the theft of hundreds of millions of dollars in trade secrets by former employees of U.S. corporations, including Ford, DuPont, General Motors, Cargill, Dow Chemical, Valspar and Motorola.
The report didn’t threaten any specific consequences for theft of trade secrets, and no new fines or other trade actions were announced. It included five actions to protect American innovation:
Applying diplomatic pressure by senior officials to foreign leaders to discourage theft.
Promoting best practices to help industries protect against theft.
Enhancing U.S. law enforcement operations to increase investigations and prosecutions.
Reviewing U.S. laws to determine if they need to be strengthened to protect against theft.
Launching a public awareness campaign.
For state-backed spies, hacking foreign companies can produce high-value secrets ranging from details on oil fields to advanced manufacturing technology.
“This is really the new era of cybercrime,” said Graham Cluley, a British security expert. “We’ve moved from kids in their bedroom and financially motivated crime to state-sponsored cybercrime, which is interested in stealing secrets and getting military or commercial advantage.”Instead of credit card numbers and other consumer data sought by crime gangs, security experts say cyberspies with resources that suggest they work for governments aim at better-guarded but more valuable information. Companies in fields from petrochemicals to software can cut costs by receiving stolen secrets.
For China, advanced technology and other information from the West could help speed the rise of giant state owned companies that are seen as national champions.
“It’s like an ongoing war,” said Ryusuke Masuoka, a cybersecurity expert at the Center for International Public Policy Studies, a private think tank in Tokyo. “It is going to spread and get deeper and deeper.”
Mandiant said it found attacks on 141 entities, mostly in the U.S. but also in Canada, Britain and elsewhere. Attackers stole information about pricing, contract negotiations, manufacturing, product testing and corporate acquisitions, the company said. It said multiple details indicated the attackers, dubbed “APT1″ in its report, were from a military unit in Shanghai.
Target companies were in four of the seven strategic industries identified in the Communist Party’s latest five-year development plan, the firm said.
“We do believe that this stolen information can be used to obvious advantage” by China’s government and state enterprises, said Mandiant, which was founded and is headed by Kevin Mandia.
China’s military is a leader in cyberwarfare research, along with its counterparts in the United States and Russia. The People’s Liberation Army supports hacker hobby clubs with as many as 100,000 members to develop a pool of possible recruits, according to consultants.
Mandiant said it traced attacks to a neighborhood in Shanghai’s Pudong district where the PLA’s Unit 61398 is housed in a 12-story building. Mandiant estimated its personnel at anywhere from hundreds to several thousand.
America and other major nations are developing cyberspying technology for intelligence and security purposes, though how much that might be used for commercial spying is unclear.
“All countries who can do conduct cyber-operations,” said Alastair MacGibbon, former director of the Australian Federal Police’s High Tech Crime Center. “I think the thing that has upset people mostly about the Chinese is . . . that they’re doing it on an industrialized scale and in some ways in a brazen and audacious manner.”
China’s ruling party has ambitious plans to build up state-owned champions in industries from banking and telecoms to oil and steel. State companies benefit from monopolies and other official favors but lack skills and technology.
Last year, a group of Chinese state companies were charged in U.S. federal court in San Francisco in the theft of DuPont technology for making titanium dioxide, a chemical used in paints and plastics.
In 2011, another security company, Symantec Inc., announced it detected attacks on 29 chemical companies and 19 other companies that it traced to China. The attackers tried to steal secrets about chemical processing and advanced materials manufacturing.
In Australia, a report by the attorney general this week said 20 percent of 225 companies surveyed had experienced a cyber-attack in the previous year.
Click to enlarge
