US goes public with spying frustrations
In accusing China and Russia of conducting widespread and effective economic espionage against America, the US intelligence establishment on Thursday brought into the public domain what many in government, the private sector and the media have been saying for years.
The 31-page document directly blames the governments of the two rival powers for campaigns to steal American technology, reflecting what analysts said was a deep feeling of frustration at being unable to stop the spying through either diplomatic talks or technological defences.
The incidents mentioned in the report include the attack on Google’s network in 2010, where the company later claimed part of its source code may have been taken, and a 2011 study by McAfee that described an intrusion it called “Night Dragon” which took data from the systems of energy companies and which was traced back to an address in China.
It also lists the cases of three ethnic Chinese employees of American companies who were arrested for stealing proprietary information which they had allegedly planned to sell to new employers in China.
The incidents described in the paper released to Congress had been reported previously in isolation, yet at the time government officials refused to assert on the record that they were part of major strategic thrusts, especially by China.
Officials had kept quiet so as not to jeopardise ongoing negotiations or to reveal exactly what they knew about specific Chinese actors and their methods. Most companies that have been victims of such cyber-spying have also sought to avoid putting the blame on China.
Google was a rare exception, when in January of last year it claimed that an intrusion it suffered was directly linked to the Chinese government. The company, which has vested voting control in just three individuals, partially withdrew from the country as a result.
“We believe that more information sharing and dialogue around security is a positive trend for the industry. This is a topic that people should take very seriously,” Jay Nancarrow, a Google spokesman, said on Thursday.
But even as an understanding of the pattern has become more prevalent, other companies have declined to follow suit. RSA, the security company owned by EMC that admitted a breach earlier this year, blamed an unnamed government, though people familiar with the case said it was obviously China.
Even big technology security concern McAfee, now owned by chipmaker Intel, has pulled punches. A report it issued in August documented a spying effort that targeted defence contractors, nonprofits, manufacturers and Olympic committees noted that the evidence pointed to one country, but did not say which. Both EMC and Intel do substantial business in China and were reluctant to offend their hosts and business partners, according to people briefed on internal discussions.
Many companies do not disclose breaches at all, the new government report observes. They are often unaware of what has occurred, or lack the ability to pin the thefts conclusively on one group of actors. In other cases, they fear adverse customer and investor reaction.
One security expert said increased openness was the right thing for customers and shareholders. But he said he did not know what it would mean for the US relationship with China. “I just don’t know the end game,” he said. “Possibly it even helps China to be a more responsible world power.”
The Google incident last year contributed to a sharp deterioration in US relations with China, which also included disputes about US arms sales to Taiwan, Tibet and climate change. While some of these disagreements have been patched up this year, the public accusations in the report run the risk of fanning new diplomatic tensions.
Indeed, the Chinese government wasted little time in denouncing the report. “China’s economic development and prosperity is the result of an effective national development strategy and the hard work of the Chinese people,” a spokesman for the Chinese embassy in Beijing said. The allegations in the report were “unwarranted and irresponsible”.
A western government official added: “This report is very direct and unusual in its tone. This issue is very sensitive and Russia and China have not responded well when people have tried to make these accusations in the past.”
While the report attempts to demonstrate a pattern of behaviour behind individual acts of internet espionage, it admits that it is difficult to conclusively prove that they were all government-directed. Indeed, the evidence against Russia in the report is relatively thin, with one of the few specific cases being the much-derided spy ring that was arrested last year. Intelligence experts say that it is almost impossible to get a perfect “smoking gun” of government involvement in such cases.
Additional reporting by James Blitz in London
By on 08/11/2011