Google Inc. and Intel Corp. were logical targets for China-based hackers, given the solid-gold intellectual property data stored in their computers. An attack by cyber spies on iBahn, a provider of Internet services to hotels, takes some explaining. iBahn provides broadband business and entertainment access to guests of Marriott International Inc. and other hotel chains, including multinational companies that hold meetings on site. Breaking into iBahn’s networks, according to a senior U.S. intelligence official familiar with the matter, may have let hackers see millions of confidential emails, even encrypted ones, as executives from Dubai to New York reported back on everything from new product development to merger negotiations.
More worrisome, hackers might have used iBahn’s system to access corporate networks connected to it, using traveling employees to create a backdoor to company secrets, said Nick Percoco, head of Trustwave Corp.’s SpiderLabs, a security firm.
| China’s industrial espionage a policy choice |
| China has made industrial espionage an integral part of its economic policy, stealing company secrets to help it leapfrog over U.S. and other foreign competitors to further its goal of becoming the world’s largest economy, U.S. intelligence officials concluded in a report released last month. |
| “What has been happening over the course of the last five years is that China — let’s call it for what it is — has been hacking its way into every corporation it can find listed in Dun & Bradstreet,” said Richard Clarke, former special adviser on cybersecurity to U.S. President George W. Bush, at an October conference on network security. “Every corporation in the U.S., every corporation in Asia, every corporation in Germany. And using a vacuum cleaner to suck data out in terabytes and petabytes. I don’t think you can overstate the damage to this country that has already been done.” |
The hackers’ interest in companies as small as Salt Lake City-based iBahn illustrates the breadth of China’s spying against firms in the United States and elsewhere. The networks of at least 760 companies, research universities, Internet service providers and government agencies were hit over the last decade by the same elite group of China-based cyber spies. The companies, including firms such as Research in Motion Ltd. and Boston Scientific, range from some of the largest corporations to niche innovators in sectors like aerospace, semiconductors, pharmaceuticals and biotechnology, according to intelligence data obtained by Bloomberg News.
“They are stealing everything that isn’t bolted down, and it’s getting exponentially worse,” said Representative Mike Rogers, a Michigan Republican who is chairman of the Permanent Select Committee on Intelligence.
Such accusations intensified when a Nov. 3 report by 14 U.S. intelligence agencies fingered China as the No. 1 hacker threat to U.S. firms. While the Obama administration took the unprecedented step of outing China by name, the White House, U.S. intelligence agencies and members of Congress are struggling to assess how much damage is being done during such attacks and what to do to stop them beyond public rebuke.
China has consistently denied it has any responsibility for hacking that originates from servers on its soil. Geng Shuang, a spokesman for the Chinese embassy in Washington, and Wang Baodong, another Chinese government spokesman in Washington, didn’t respond to requests for comment.
For now, the administration is concentrating on raising awareness among company executives and seeking a commitment to improve security against such attacks. Rogers has a bill pending in the House that would permit the government to share secret information that would help companies spot hacker intrusions, such as signatures of malicious Chinese software.
Based on what is known of attacks from China, Russia and other countries, a declassified estimate of the value of the blueprints, chemical formulas and other material stolen from U.S. corporate computers in the last year reached almost $500 billion, said Rogers, a former agent for the Federal Bureau of Investigation.
Calculating the damage depends on hard-to-know variables, such as how effectively and quickly thieves can integrate stolen data into competing products, the senior intelligence official said.
While a precise dollar figure for damage is elusive, the overall magnitude of the attacks is not, said. Scott Borg, an economist and director of the U.S. Cyber Consequences Unit, a non-profit research institute.
“We’re talking about stealing entire industries,” he said. “This may be the biggest transfer of wealth in a short period of time that the world has ever seen.”
