US takes aim at China and Russia over cyber-attacks

 La Chine et la Russie utilisent l'espionnage informatique pour dérober aux États-Unis des informations confidentielles concernant le commerce et la technologie, selon un rapport des services de renseignement américains publié hier.         

Les réseaux informatiques contiennent une telle quantité d'informations que des intrus peuvent se procurer des volumes impressionnants de données rapidement et sans grand risque du fait de la discrétion dans laquelle ils peuvent agir.

Extrait de: US takes aim at China and Russia over cyber-attacks, By Geoff Dyer in Washington and Joseph Menn in San Francisco, FT, November 3, 2011

Massive cyber-espionage by China and Russia poses “significant and growing threats” to American economic power and national security, US officials have charged in their most direct warning on the issue.

In an unusually blunt public document, US intelligence officials said the two geopolitical rivals had launched an onslaught of internet-enabled spying on US companies to win bargaining power and trade secrets.

The claims were made in a report to Congress prepared by leading US intelligence agencies.

While US officials and private researchers have frequently talked in private about the threat of cyber-espionage, the report is unusual in that it directly names the Chinese and Russian governments as being behind many efforts to steal technology.

“China and Russia view themselves as strategic competitors of the United States and are the most aggressive collectors of US economic information and technology,” the report said.

While large companies around the world realise that cybersecurity weaknesses are a growing threat, they are not increasing spending to meet the challenge, according to recent surveys

“Both will almost certainly continue to deploy significant resources and a wide array of tactics to acquire this information from US sources, motivated by the desire to achieve economic, strategic, and military parity with the United States,” it said.

The report was published by the Office of the National Counterintelligence Executive, which reports to the director of national intelligence, and was based on the views of 13 different agencies, including the CIA, FBI and the intelligence services of the different branches of the military.

The report noted that “Chinese actors are the world’s most active and persistent perpetrators of economic espionage”. It also added that “Russia’s intelligence services are conducting a range of activities to collect economic information and technology from US targets.”

“It is a fantastic step forward and long overdue,” said Dmitri Alperovich, a prominent security researcher who documented multiple Chinese campaigns against western oil and gas concerns, defence contractors and other industries.

“We need to raise this so we can begin to have diplomatic carrots and sticks to address these issues. “We have significant economic levers within international trade organisations, and we can take unilateral or multilateral actions. Ultimately, it is an economic issue.”

However, despite the strong and direct allegation, the report did not identify specific culprits within the two countries. The governments often use independent hackers to mask responsibility for the intrusions, it said. It also added that “some US allies” use their broad access in the US to acquire information about technologies, although it did not name any countries.

China immediately rejected the charges made in the report. “We believe the allegations made by the US side are unwarranted and irresponsible,” said a spokesman for the Chinese embassy in Washington. “We are against such demonising efforts, just as we are opposed to unlawful cyberspace activities.”

The Russian embassy in Washington refused to comment on the report.

Mike Rogers, chairman of the House committee on intelligence, said: “This report confirms what I have heard time and time again: the Chinese remain the most aggressive and persistent perpetrators of economic and industrial espionage against the United States. Their continued theft of sensitive economic information is a threat to our national security, hurts American businesses and workers, and causes incalculable harm to global economy.”

The report said that such activities were likely to increase in the coming years because of the proliferation of portable devices that connect to the internet and the increase pooling and storage of information by companies.

Foreign economic collection and industrial espionage

Foreign economic collection and industrial espionageForeign economic collection and industrial espionage against the United States represent significant and growing  threats to the nation’s prosperity and security. Cyberspace—where most business activity and development of  new ideas now takes place—amplifies these threats by making it possible for malicious actors, whether they are  corrupted insiders or foreign intelligence services (FIS), to quickly steal and transfer massive quantities of data  while remaining anonymous and hard to detect.

US Technologies and Tr ade Secr ets at Risk in Cyber space

Foreign collectors of sensitive economic information are able to operate in cyberspace with relatively little risk  of detection by their private sector targets. The proliferation of malicious software, prevalence of cyber tool sharing, use of hackers as proxies, and routing of operations through third countries make it difficult to attribute  responsibility for computer network intrusions. Cyber tools have enhanced the economic espionage threat, and  the Intelligence Community (IC) judges the use of such tools is already a larger threat than more traditional  espionage methods.

Economic espionage inflicts costs on companies that range from loss of unique intellectual property to outlays for  remediation, but no reliable estimates of the monetary value of these costs exist.

Many companies are:

·         unaware  when their sensitive data is pilfered,

·         and those that find out are often reluctant to report the loss, fearing potential  damage to their reputation with investors, customers, and employees.

Moreover, victims of trade secret theft  use different methods to estimate their losses; some base estimates on the actual costs of developing the stolen  information, while others project the loss of future revenues and profits.

Pervasive Threat from Adversaries and Partner s

Sensitive US economic information and technology are targeted by the intelligence services, private sector companies, academic and research institutions, and citizens of dozens of countries.

·         Chinese actors are the world’s most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have  originated in China, but the IC cannot confirm who was responsible.

·         Russia’s intelligence services are conducting a range of activities to collect economic information and  technology from US targets.

·         Some US allies and partners use their broad access to US institutions to acquire sensitive US economic and  technology information, primarily through aggressive elicitation and other human intelligence (HUMINT) tactics. Some of these states have advanced cyber capabilities.