Feeds

China, Russia called out as cyberspy hotbeds

The spy who hacked me

Using blade systems to cut costs and sharpen efficiencies

Russia and China are using cyber-espionage to steal the US's tech and economic secrets, according to a government report.

COLD WAR INTELLIGENCE REPORT (click to enlarge)

The Office of the National Counterintelligence Executive (ONCIX) presented the report (PDF) to Congress on Thursday, which claimed that both "adversaries" and "partners" were sticking their nose into government and business computers.

"Because the United States is a leader in the development of new technologies and a central player in global financial and trade networks, foreign attempts to collect US technological and economic information will continue at a high level and will represent a growing and persistent threat to US economic security," the report said, eschewing any attempts at modesty.

The report, which was titled Foreign Spies Stealing US Economic Secrets in Cyberspace and covered 2009 to 2011, singled out China as a place where cyber intrusions often originated, although it didn't specifically finger the country's government.

"Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the intelligence community [or the IC as the report offhandedly acronyms it]* cannot confirm who was responsible," the office said.

Russia was another country to be named and shamed by ONCIX for pervasive cyber threats.

"Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets," the report pointed out.

However, "US allies and partners" weren't above a bit of pottering about in US networks looking for the odd tidbit either.

"Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and technology information, primarily through aggressive elicitation and other human intelligence [another lovely acronym – HUMINT] tactics. Some of these states have advanced cyber capabilities," ONCIX said.

The office rather obviously pointed out that stealing secrets in cyberspace was a lot easier than attempting to sneak out of offices carting folders, and as a result the US was suffering millions of dollars in losses from thieved classified information.

And it is not predicting that things will get much better either. Cloud computing and the proliferation of devices connected to the internet are both a concern, and "the IC anticipates that China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies".

The report said China would continue to be driven to espionage by its policy of "catching up fast and surpassing Western powers".

It said an "emblematic" programme in this drive was Project 863, which according to China is intended to "boost innovation capacity in the high-tech sectors, particularly in strategic high-tech fields, in order to gain a foothold in the world arena", and according to the report "provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information".

ONCIX also points to possible future risks from different countries "as a function of international economic and political developments" and the risks from non-state actors such as terrorist groups, hacktivists and hackers for hire.

Bootnote

* In case you're wondering why the US might need an acronym for the intelligence community, it might be because of the dizzying array of groups that make it up. To put this report together, ONCIX gathered inputs and reports from "many US government agencies, including the Air Force Office of Special Investigations (AFOSI), Army Counterintelligence Center (ACIC), Central Intelligence Agency (CIA), Defense Intelligence Agency (DIA), Defense Security Service (DSS), Department of Energy (DoE), Department of Health and Human Services (HHS), Department of State (DoS), Federal Bureau of Investigation (FBI), National Geospatial-Intelligence Agency (NGA), National Reconnaissance Office (NRO), National Security Agency (NSA), and Naval Criminal Investigative Service (NCIS)". And that's just the ones it's happy to name... ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.