Experts warn Congress of the return of Chinese IP theft
Hackers working for the Chinese government again appear to be conducting economic espionage against private U.S. companies and other American organizations, experts told lawmakers Tuesday during an open Senate Committee on Foreign Relations hearing.
Cybersecurity experts have stated that Chinese cyber espionage operations — hacking activities aimed at stealing trade secrets, intellectual property or other confidential business information — has substantially declined in the wake of an agreement struck between former President Barack Obama and Chinese President Xi Jinping in September 2015.
But at least “anecdotally,” there has been a re-emergence of related economic espionage by Chinese hackers aimed at U.S. entities, according to Samantha Ravich, a current senior adviser to D.C.-based think tank the Foundation for Defense of Democracies. Over the last year, the FDD has established a team to study what it defines as “economic warfare.”
“It seems there was a dip at first but the anecdotes that are coming in — because of a lack of a comprehensive database on cyber incidents against our private sector is not there — it now looks like business as usual, meaning that the wholesale theft of IP on the private sector side,” said Ravich.
Security analysts that specifically track Chinese hacking operations tell CyberScoop that economic espionage by the Chinese is now a rarity, although it is also possible that the hackers themselves are harder to track.
“There is a little bit of ‘what we don’t know, we don’t know,’ but again anecdotally it looks like they are back to business,” said Ravich, a former deputy national security adviser for former Vice President Dick Cheney.
British insurance company Lloyds estimates that the annual costs of trade secret theft in the U.S. ranges from $180 billion to $540 billion.
“The U.S. government is inadequately structured to properly and comprehensively detect, evaluate, and address cyber-enabled economic threats,” Ravich wrote in a prepared testimony submitted to the committee. “The U.S. government has made great strides in organizing itself to protect and defend the .gov and .mil realms. But our nation‟s greatest vulnerability may lie with adversarial attacks on the U.S. private sector. And in this regard, the private sector believes it is on its own, a position that is untenable when the adversary is a state actor such as China.”
Lawmakers met Tuesday in an open hearing to discuss the continuously changing cyber threat landscape influencing both U.S. government operations and private businesses. Multiple governmental agencies and groups, including the Department of Homeland Security and National Counterintelligence and Security Center, are tasked with helping private enterprises stop hackers from stealing valuable information.
In addition to DHS and NCSC’s own efforts, the State Department is home to a “Office of the Coordinator for Cyber Issues,” which is led by Christopher Painter. The office’s core mission is to effectively coordinate the U.S. government’s “global diplomatic engagement on cyber issues,” including the formation of international rules, laws and norms.
Painter’s team in the past has spoken with Chinese government officials about the issue of cyber-enabled economic espionage — a discrete focal area under the Obama administration. But according to Eric Rosenbach, former chief of staff to Secretary of Defense Ashton Carter, those conversations never got far.
“I hate to sound cynical but Chris Painter and I were the two representatives to go and negotiate with the Chinese on issues like this back in the day and they would tell us every single time that we met with them that they weren’t doing economic espionage. That it wasn’t the Chinese and that there was no way to know that,” said Rosenbach.
He continued, “So I don’t want to sound cynical but I just now believe that they are better at doing what they were doing before and they’ve found new ways and their leadership has told them ‘Don’t you dare get caught again.’ ”
FireEye, a U.S.-based cybersecurity firm, is among those closely tracking Chinese cyber espionage activity, globally.
Since mid-2014, FireEye has observed an overall decrease in successful network compromises by China-based groups against organizations in the U.S., FireEye analyst manager Ben Read told CyberScoop.
“These shifts have coincided with ongoing political and military reforms in China, widespread exposure of Chinese cyber activity, and unprecedented action by the U.S. government,” said Read. “[However], recently we have seen multiple instances of Chinese groups targeting law and investment firms. These firms host valuable information on transactions such as mergers, acquisitions and investment deals. One such instance of targeting by APT19 was detailed in our blog.”
Between September 2015 and June 2016, FireEye observed 13 active China-based groups conduct multiple instances of network compromise against corporations in the U.S., Europe, and Japan, Read said. During this same timeframe, other China-based groups targeted organizations in Russia and the Asia Pacific region.