This accelerating theft of information, at a time when the American economy is suffering, has prompted U.S. officials to single out countries that conduct online spying for economic advantage. While hackers come from scores of countries and range from foreign intelligence services to corporations to criminals, the source of U.S. concern mainly has been China and Russia.
“Chinese actors are the world’s most active and persistent perpetrators of economic espionage,” said the report, “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace,” which was based on the work of 14 U.S. intelligence agencies. The report also notes that “Russia’s intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets.”
Robert “Bear” Bryant, the national counterintelligence executive, said at a news conference that online spying is “a quiet menace to our economy with notably big results. . . . Trade secrets developed over thousands of working hours by our brightest minds are stolen in a split second and transferred to our competitors.”
Chinese Embassy spokesman Wang Baodang rejected the U.S. contentions, saying that China opposes “any form of unlawful cyberspace activities.” In a 2009 survey of Chinese computer security professionals, 89 percent said they were most worried about the United States penetrating their networks, but the U.S. government says its policy is not to conduct such espionage.
A Russian Embassy spokesman declined to comment on the report.
Experts say the data loss occurs in part because companies have not shored up their defenses effectively and because the government cannot easily share threat information that it considers secret. Most companies do not share details of intrusions into their systems with U.S. officials, making it hard for the government to warn others or to build defenses.
The trend also illustrates a truism of cyberspace: Defense is more difficult than offense. Whether in cyberwar or cyber-espionage, the advantage lies with the attacker or hacker.
Bryant said the government’s unusual candor in naming particular countries was driven by the severity of the threat and a desire to foster solutions, including deeper partnerships between the public and private sectors.
With the domestic and world economies lagging and U.S. unemployment above 9 percent, cutting-edge technology is key to U.S. economic growth. But it is that very technology that is being targeted by countries such as China, as part of a broader strategy to build its own economy and become a global powerhouse.
Since at least the early 2000s, hacker groups in China have carried out a series of computer intrusions against U.S. and foreign government computer networks, as well as those belonging to international groups, including human rights organizations, according to diplomatic cables obtained by the anti-secrecy group WikiLeaks.
Last year, Google announced that proprietary data were stolen by hackers in China in what experts said was part of a vast campaign of economic espionage.
Foreign intelligence agencies, corporations and individual hackers increased their efforts to steal proprietary technology in between 2009 and 2011, the report said. Some of the thieves are allies — the Israelis and the French have targeted U.S. commercial secrets, former officials have noted.
“The computer networks of a broad array of U.S. government agencies, private companies, universities and other institutions — all holding large volumes of sensitive economic information — were targeted by cyber espionage,” the report said. “Much of this activity appears to have originated in China.”
Indeed, “the Russians are very quiet and very good” at cyber-espionage, said Joel F. Brenner, the former national counterintelligence executive whose new book, “America the Vulnerable,” discusses the threat. “But for relentlessness and sheer volume, the Chinese are in a class by themselves.”
The report comes as other U.S. officials have increasingly spoken out about the massive transfer of wealth taking place through computer networks.
“This is definitely the golden age of cyber-espionage,” said Steven Chabinsky, deputy assistant director of the FBI’s cyber division. “Foreign states are stealing data left and right from private-sector companies, nonprofit organizations and government agencies.”
Rep. Mike Rogers (R-Mich.), chairman of the House Intelligence Committee, recently accused China of “waging a massive trade war” on the United States and its allies that has reached “intolerable levels.” He has urged the United States to join with allies to apply diplomatic pressure on the Chinese to stop.
The head of the military’s U.S. Cyber Command, Gen. Keith Alexander, said one U.S. company recently lost $1 billion worth of intellectual property over the course of a couple of days.
Establishing the total dollar value of the data lost through cybertheft is so difficult as to be almost “meaningless,” Bryant said. Nonetheless, the report noted that the value of U.S. research and development is $400 billion. And credible estimates of the value of the data stolen generally range into the tens of billions of dollars annually.
A senior intelligence official, briefing reporters on the condition of anonymity, noted a few cases in which estimates were given in economic espionage prosecutions over the past six years: $100 million worth of insecticide research from Dow Chemical, $400 million worth of chemical formulas from DuPont, $600 million of proprietary data from Motorola, $20 million worth of paint formulas from Valspar.
Of seven insider theft cases prosecuted under the Economic Espionage Act in fiscal year 2010, six involved a link to China, the report said.
The threat is not just to the economy but also to national security, the report said. The illicit transfer of technology with military applications to a hostile state such as Iran or North Korea could endanger the lives of U.S. and allied military personnel.
To aid industry, intelligence officials are considering a proposal to share threat data with the private sector through a cyber version of the National Counterterrorism Center, which gathers and analyzes terrorism data from intelligence and law enforcement sources. Another model under consideration is a Pentagon project to help secure defense companies’ computers through the sharing of classified threat data with the firms that provide Internet service to the companies. Initial results are promising, officials said, and defense and homeland security officials are studying how they might expand it to other industries.
Where corporate America’s assets were once mostly tangible, today they are intangible — in the form of business plans, contract data, research and development, Bryant said.
“It’s time to have a national discussion” on how to protect that data, he said. “I’m tired of admiring the problem.”