Feeds

China, Russia called out as cyberspy hotbeds

The spy who hacked me

Internet Security Threat Report 2014

Russia and China are using cyber-espionage to steal the US's tech and economic secrets, according to a government report.

COLD WAR INTELLIGENCE REPORT (click to enlarge)

The Office of the National Counterintelligence Executive (ONCIX) presented the report (PDF) to Congress on Thursday, which claimed that both "adversaries" and "partners" were sticking their nose into government and business computers.

"Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security," the report said, eschewing any attempts at modesty.

The report, which was titled Foreign Spies Stealing US Economic Secrets in Cyberspace and covered 2009 to 2011, singled out China as a place where cyber intrusions often originated, although it didn't specifically finger the country's government.

"Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the intelligence community [or the IC as the report offhandedly acronyms it]* cannot confirm who was responsible," the office said.

Russia was another country to be named and shamed by ONCIX for pervasive cyber threats.

"Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets," the report pointed out.

However, "US allies and partners" weren't above a bit of pottering about in US networks looking for the odd tidbit either.

"Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence [another lovely acronym – HUMINT] tactics. Some of these states have advanced cyber capabilities," ONCIX said.

The office rather obviously pointed out that stealing secrets in cyberspace was a lot easier than attempting to sneak out of offices carting folders, and as a result the US was suffering millions of dollars in losses from thieved classified information.

And it is not predicting that things will get much better either. Cloud computing and the proliferation of devices connected to the internet are both a concern, and "the IC anticipates that China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies".

The report said China would continue to be driven to espionage by its policy of "catching up fast and surpassing Western powers".

It said an "emblematic" programme in this drive was Project 863, which according to China is intended to "boost innovation capacity in the high-tech sectors, particularly in strategic high-tech fields, in order to gain a foothold in the world arena", and according to the report "provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information".

ONCIX also points to possible future risks from different countries "as a function of international economic and political developments" and the risks from non-state actors such as terrorist groups, hacktivists and hackers for hire.

Bootnote

* In case you're wondering why the US might need an acronym for the intelligence community, it might be because of the dizzying array of groups that make it up. To put this report together, ONCIX gathered inputs and reports from "many US government agencies, including the Air Force Office of Special Investigations (AFOSI), Army Counterintelligence Center (ACIC), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), Defense Security Service (DSS), Department of Energy (DoE), Department of Health and Human Services (HHS), Department of State (DoS), Federal Bureau of Investigation (FBI), National Geospatial-Intelligence Agency (NGA), National Reconnaissance Office (NRO), National Security Agency (NSA), and Naval Criminal Investigative Service (NCIS)". And that's just the ones it's happy to name... ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.