Feeds

China, Russia called out as cyberspy hotbeds

The spy who hacked me

Reducing security risks from open source software

Russia and China are using cyber-espionage to steal the US's tech and economic secrets, according to a government report.

COLD WAR INTELLIGENCE REPORT (click to enlarge)

The Office of the National Counterintelligence Executive (ONCIX) presented the report (PDF) to Congress on Thursday, which claimed that both "adversaries" and "partners" were sticking their nose into government and business computers.

"Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security," the report said, eschewing any attempts at modesty.

The report, which was titled Foreign Spies Stealing US Economic Secrets in Cyberspace and covered 2009 to 2011, singled out China as a place where cyber intrusions often originated, although it didn't specifically finger the country's government.

"Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the intelligence community [or the IC as the report offhandedly acronyms it]* cannot confirm who was responsible," the office said.

Russia was another country to be named and shamed by ONCIX for pervasive cyber threats.

"Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets," the report pointed out.

However, "US allies and partners" weren't above a bit of pottering about in US networks looking for the odd tidbit either.

"Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence [another lovely acronym – HUMINT] tactics. Some of these states have advanced cyber capabilities," ONCIX said.

The office rather obviously pointed out that stealing secrets in cyberspace was a lot easier than attempting to sneak out of offices carting folders, and as a result the US was suffering millions of dollars in losses from thieved classified information.

And it is not predicting that things will get much better either. Cloud computing and the proliferation of devices connected to the internet are both a concern, and "the IC anticipates that China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies".

The report said China would continue to be driven to espionage by its policy of "catching up fast and surpassing Western powers".

It said an "emblematic" programme in this drive was Project 863, which according to China is intended to "boost innovation capacity in the high-tech sectors, particularly in strategic high-tech fields, in order to gain a foothold in the world arena", and according to the report "provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information".

ONCIX also points to possible future risks from different countries "as a function of international economic and political developments" and the risks from non-state actors such as terrorist groups, hacktivists and hackers for hire.

Bootnote

* In case you're wondering why the US might need an acronym for the intelligence community, it might be because of the dizzying array of groups that make it up. To put this report together, ONCIX gathered inputs and reports from "many US government agencies, including the Air Force Office of Special Investigations (AFOSI), Army Counterintelligence Center (ACIC), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), Defense Security Service (DSS), Department of Energy (DoE), Department of Health and Human Services (HHS), Department of State (DoS), Federal Bureau of Investigation (FBI), National Geospatial-Intelligence Agency (NGA), National Reconnaissance Office (NRO), National Security Agency (NSA), and Naval Criminal Investigative Service (NCIS)". And that's just the ones it's happy to name... ®

Mobile application security vulnerability report

More from The Register

next story
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Microsoft: You NEED bad passwords and should re-use them a lot
Dirty QWERTY a perfect P@ssword1 for garbage websites
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
Crooks fling banking Trojan at Japanese smut site fans
Wait - they're doing online banking with an unpatched Windows PC?
NIST told to grow a pair and kick NSA to the curb
Lrn2crypto, oversight panel tells US govt's algorithm bods
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.