Global articles on espionage, spying, bugs, and other interesting topics.

Cyber-spying poses economic threat to U.S., firms

We know in general about hacking and cyber-espionage that comes out of China and, to a lesser extent, Russia. But rarely have U.S. intelligence agencies so bluntly and publicly pointed the finger directly at those countries’ governments.

A report presented to Congress Thursday accuses them of targeting, over the past three years, “a broad array of U.S. government agencies, private companies, universities and other institutions – all holding large volumes of sensitive economic information.”

“Driven by its longstanding policy of ‘catching up fast and surpassing’ Western powers,” China, says the report, is “the world’s most active and persistent perpetrator of economic espionage.” But Russia is increasingly getting into the game.

“Moscow’s highly capable intelligence services are using (human intelligence), cyber and other operations to collect economic information and technology to support Russia’s economic development and security,” states the report, compiled by the Office of the National Counterintelligence Executive.

All this should be of great interest, and concern, to the Bay Area. Not only because much of the spying is aimed at the high-tech and clean-tech sectors, but also because companies here are looking to do more business with the two countries whose governments, says the report, “will remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace.”

Night Dragon, Operation RAT: Although the tone is severe, there is not much new information in the report, which focuses primarily on China.

For example, there’s a reference to the 2009 hacking of Google and 30 other companies, first discovered by McAfee, a leading computer security company based in Santa Clara, the source identified by VeriSign as “a single foreign entity consisting either of agents of the Chinese state or proxies thereof.”

The report also makes mention of another cyber “intrusion” dating to 2009, this one stealing information about “proprietary operations on financing of oil and gas field bids and operations.” McAfee, which discovered it, labeled it “Night Dragon” and in a February report referred to “strong evidence suggesting that the attackers were based in China.”

Chinese officials have consistently denied charges of government involvement in such incidents, and on Friday took umbrage at the U.S. intelligence agencies’ report.

“Making inferences about the attackers is both unprofessional and irresponsible,” a foreign ministry spokesman is quoted as saying. “I hope the international community can abandon prejudice and work hard with China to maintain online security.”

Curiously, the report does not make mention of a more recent case uncovered by McAfee – “Operation Shady RAT” (acronym for “random access tools”), a five-year operation “by one specific actor,” in McAfee’s words, aimed at 71 targets in 14 countries, including U.S. government agencies, defense contractors, a “Northern California county government,” think tanks, nonprofits, the International Olympics Committee and the World Anti-Doping Agency.

Unlike with “Night Dragon,” McAfee did not name the specific actor’s country of origin, but did note: “The interest in the information … in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks.

“The presence of political nonprofits, such as a private western organization focused on promotion of democracy around the globe or a U.S. national security think tank is also quite illuminating.”