Feeds

China, Russia called out as cyberspy hotbeds

The spy who hacked me

Next gen security for virtualised datacentres

Russia and China are using cyber-espionage to steal the US's tech and economic secrets, according to a government report.

COLD WAR INTELLIGENCE REPORT (click to enlarge)

The Office of the National Counterintelligence Executive (ONCIX) presented the report (PDF) to Congress on Thursday, which claimed that both "adversaries" and "partners" were sticking their nose into government and business computers.

"Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security," the report said, eschewing any attempts at modesty.

The report, which was titled Foreign Spies Stealing US Economic Secrets in Cyberspace and covered 2009 to 2011, singled out China as a place where cyber intrusions often originated, although it didn't specifically finger the country's government.

"Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the intelligence community [or the IC as the report offhandedly acronyms it]* cannot confirm who was responsible," the office said.

Russia was another country to be named and shamed by ONCIX for pervasive cyber threats.

"Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets," the report pointed out.

However, "US allies and partners" weren't above a bit of pottering about in US networks looking for the odd tidbit either.

"Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence [another lovely acronym – HUMINT] tactics. Some of these states have advanced cyber capabilities," ONCIX said.

The office rather obviously pointed out that stealing secrets in cyberspace was a lot easier than attempting to sneak out of offices carting folders, and as a result the US was suffering millions of dollars in losses from thieved classified information.

And it is not predicting that things will get much better either. Cloud computing and the proliferation of devices connected to the internet are both a concern, and "the IC anticipates that China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies".

The report said China would continue to be driven to espionage by its policy of "catching up fast and surpassing Western powers".

It said an "emblematic" programme in this drive was Project 863, which according to China is intended to "boost innovation capacity in the high-tech sectors, particularly in strategic high-tech fields, in order to gain a foothold in the world arena", and according to the report "provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information".

ONCIX also points to possible future risks from different countries "as a function of international economic and political developments" and the risks from non-state actors such as terrorist groups, hacktivists and hackers for hire.

Bootnote

* In case you're wondering why the US might need an acronym for the intelligence community, it might be because of the dizzying array of groups that make it up. To put this report together, ONCIX gathered inputs and reports from "many US government agencies, including the Air Force Office of Special Investigations (AFOSI), Army Counterintelligence Center (ACIC), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), Defense Security Service (DSS), Department of Energy (DoE), Department of Health and Human Services (HHS), Department of State (DoS), Federal Bureau of Investigation (FBI), National Geospatial-Intelligence Agency (NGA), National Reconnaissance Office (NRO), National Security Agency (NSA), and Naval Criminal Investigative Service (NCIS)". And that's just the ones it's happy to name... ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
KER-CHING! CryptoWall ransomware scam rakes in $1 MEEELLION
Anatomy of the net's most destructive ransomware threat
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.