The Washington Post

Vast majority of global cyber-espionage emanates from China, report finds

Government and business leaders in the United States and around the world are rushing to build better defenses - and prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace. (JulieAnn McKellogg/The Washington Post)

Analyses of hundreds of documented data breaches found that hackers affiliated with the Chinese government were by far the most energetic and successful cyberspies in the world last year, according to a report to be issued Tuesday by government and industry investigators.

Although hackers with financial motives are the most common source of data breaches worldwide, China dominated the category of state-affiliated cyber-espionage of intellectual property, said the 2013 Data Breach Investigations Report. The report was issued by Verizon’s RISK Team and 18 partners, including officials from the United States and several foreign governments.

Of 120 incidents of government cyber-espionage detailed in the report, 96 percent came from China; the source of the other 4 percent was unknown, it said.

“This is a pretty shocking statistic,” said Wade Baker, the managing principal for the RISK Team, which provides security consulting.

The report, issued by Verizon every year since 2008, was the first to break out government-affiliated cyber-espionage as its own category, reflecting the rising numbers of such intrusions and the increasingly sophisticated efforts to determine their origins.

“We don’t think there was a super spike in that kind of [cyber-espionage] activity,” Baker said. “It’s more about our ability to find them.”

Chinese officials have consistently denied allegations that their government is a leading source of cyber-espionage and have said that intrusions that appear to emanate from Internet addresses there actually originate elsewhere. Officials at the Chinese Embassy in Washington did not respond to a query about the report on Monday.

The conclusions of the Verizon report track closely with the findings of the National Intelligence Estimate, a consensus document of U.S. intelligence agencies, and build on numerous other reports singling out China as uncommonly aggressive in cyberspace.

Government officials and outside experts say that several other governments, including those of Russia, Israel and France, also conduct cyber-espionage but not at the scale attempted by China.

“It’s not China alone. Dozens of other countries are involved,” said Shawn Henry, former head of cybersecurity investigations for the FBI who is president of CrowdStrike Services, a cybersecurity company.

The volume of Chinese cyber-intrusions has made identifying them easier because tactics tend to be similar among certain hacking crews, with telltale sections of code sometimes appearing across different pieces of malicious software.

The Verizon report identified 44 million compromised records from 621 confirmed data breaches in 2012, of which 19 percent were the results of government-affiliated espionage. Retail institutions were the most common victims of data breaches, with profit-minded hackers most often based in Romania, the United States, Bulgaria or Russia.

For the cyber-espionage cases, Verizon officials said they named a country only when they could definitively trace the malicious code or tactics of the attack to its origin. Having the intrusion emanate from an Internet address in China, for example, was not sufficient for an attack to be labeled as Chinese, officials said.

Chinese hackers targeted transportation, manufacturing and professional services companies of all sizes, the report said.

Ellen Nakashima contributed to this report.

Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.

Craig Timberg is a national technology reporter for The Post.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Videos curated for you.
Play Videos
Be a man and cry
Deaf banjo player teaches thousands
Sleep advice you won't find in baby books
Play Videos
Drawing as an act of defiance
A flood of refugees from Syria but only a trickle to America
Chicago's tacos, four ways
Play Videos
What you need to know about filming the police
What you need to know about trans fats
Syrian refugee: 'I’m committed to the power of music'
Play Videos
Riding the X2 with D.C.'s most famous rapper
Full disclosure: 3 bedrooms, 2 baths, 1 ghoul
Europe's migrant crisis, explained

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.