Slashdot Mirror

← Back to Stories (view on slashdot.org)

Richard Clarke: All Major U.S. Firms Hacked By China

Posted by Soulskill on from the information-liberation-cyberarmy dept.

bdking writes "Former White House cybersecurity advisor Richard Clarke says state-sanctioned Chinese hackers are stealing R&D from U.S. companies, threatening the long-term competitiveness of the nation. He said, 'The U.S. government is involved in espionage against other governments. There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that. ... We hack our way into foreign governments and collect the information off their networks. The same kind of information a CIA agent in the old days would try to buy from a spy. ... Diplomatic, military stuff but not commercial competitor stuff.'"

27 of 311 comments (clear)

  1. You don't say... by betterunixthanunix · · Score: 5, Insightful

    Yeah, it is not as though the US uses its own signals intelligence agency to spy on foreign businesses and pass R&D secrets to domestic firms...

    http://en.wikipedia.org/wiki/ECHELON#Controversy

    --
    Palm trees and 8
    1. Re:You don't say... by wisty · · Score: 5, Insightful

      Also, were it not for western industrial espionage against China, we wouldn't have paper or porcelain or tea.

      The US doesn't steal commercial know-how because they already have plenty. China is decades behind (in some areas), and can benefit a lot from acquiring foreign IP.

      In fact, China's subsidies of industrial inputs (land, energy, water, steel, etc) are there to drag in foreign manufacturing. Want to guess why they want everything made in China? It's so they can figure out how to make it themselves.

      It's a hell of a lot better than invading resource-rich countries to try to build up your industrial base. And if no-one ever stole secrets, we'd still all be in the dark ages.

    2. Re:You don't say... by marnues · · Score: 4, Insightful

      Given the level of understanding you displayed, it'd probably be best to not vote until you've spent more time understanding politics. If someone is telling you political information, it is skewed. Seek it out for yourself, such as both candidates stance on war, specifically Iran. You may find they are both masterfully playing their hands without actually wanting to bomb them.

    3. Re:You don't say... by marnues · · Score: 4, Interesting

      Also, we expect our corporations to do their own espionage.

    4. Re:You don't say... by Dhalka226 · · Score: 5, Insightful

      Does it bother anybody else that the source in question is as bad as it is?

      I looked at the source for the claim that the US has engaged in industrial espionage, which points to a 194 page report from a European commission and which the person who made the claim is clearly hoping was too long for anybody to read.

      The only point relevant to the claim is this:

      The United States readily admits that some of its intelligence service's activities also concern industry. This includes, for example, monitoring of the observance of economic sanctions, compliance with rules on the supply of weapons and dual use goods, developments on commodities markets and events on the international financial markets. The rapporteur's findings are that the US services are not alone in their involvement in these spheres, nor is there any serious criticism of this.

      In other words, the industrial espionage they know about is something they aren't even willing to criticize.

      Further along, under a big heading "Is ECHELON suitable for industrial espionage?" they go on to explain that if it finds any, it was an accident.

      The strategic monitoring of international telecommunications, can produce useful information for industrial espionage purposes, but only by chance. In fact, sensitive industrial information is primarily to be found in the firms themselves, which means that industrial espionage is carried out primarily by attempting to obtain the information via employees

      (their emphasis)

      In other words, they took two paragraphs and three bullet points to say "no, they wouldn't bother using ECHELON for this."

      It is followed by a chart of cases of industrial espionage (with no explanation as to how they arrived at any of the entries), and the only entry that may relate to ECHELON (rather than using an agent or taking photographs) is a 1994 NSA action where they intercepted calls and faxes related to how Airbus was bribing Saudi Arabian officials to win a contract. Those dastardly Americans! It's so rude to use spy on the competition when they're just trying to bribe somebody. Gosh! And yet still, I'm just supposing this entry is in any way related to ECHELON since it makes no such claim.

      I am not claiming the US does not engage in this kind of behavior; they probably do, and for all I know they've been caught red-handed at it too. But this report is not proof of that, even if we were to take Wikipedia as a great source of anything to begin with.

    5. Re:You don't say... by Pulzar · · Score: 4, Insightful

      especially since both men have a history of flip-flopping

      How about saying they "changed their mind", or "made a different decision" instead of "flip-flopping"? Why is it bad that somebody in a position of authority changes their mind in light of new information? Don't you want them to do that? Or do you think that if someone thought that something is bad 4 years ago, they should do everything they can to end it today, even if they now believe it's a bad decision?

      You have to learn and adapt as you go along to be successful. We should be looking for that in leaders, instead of calling them "flip-floppers".

      --
      Never underestimate the bandwidth of a 747 filled with CD-ROMs.
    6. Re:You don't say... by dougisfunny · · Score: 4, Insightful

      Or how about saying "they lied to get elected" since that is the most likely scenario.

      --
      This is not the funny you're looking for.
    7. Re:You don't say... by jdgeorge · · Score: 5, Insightful

      Yes but changing your mind is a slow process, not something that happens in less than a year.

      If a president can't change his mind about something in less than a year, he was not qualified to be president. The chief executive needs to be able to respond to changes, not be blindly attached to an existing policy in the face of new information.

    8. Re:You don't say... by St.Creed · · Score: 5, Insightful

      The Chinese haven't privatized their companies in the sense that they are separate from the state: a lot of companies are part of the state and the army actually runs many companies since they have to create their own budget (and food). A self sufficient army is a big tenet of the Chinese strategy. That's what makes this a bit more unpleasant than otherwise because normally, there would be an independent arbiter reigning in the companies. No such thing in China. The arbiter is playing too.

      --
      Therefore, by the (faulty) logic you're using, you're just a cow with a keyboard - osu-neko (2604)
  2. Having worked for a few firms... by grasshoppa · · Score: 4, Interesting

    Having worked for a few firms in the IT division, I can say this isn't surprising...at all. Between clueless management and the inability to grasp IT's value and contribution to a company, it'd have been news if they HADN'T been cracked wide open.

    When you mix in outsourcing, the argument can almost be made that this is exactly what these firms WANT to happen.

    --
    Mod me down with all of your hatred and your journey towards the dark side will be complete!
    1. Re:Having worked for a few firms... by Billly+Gates · · Score: 5, Informative

      The accountants have a point.

      Sales make money. You cost money.

      Which would you maximize and which would you minimize? A cost center or a profit center? That is business 101.

      I always advice IT people to work in a technology company. Otherwise you will always be undervalued and underpaid. Same is true if you are a financial wizard. You can make a good upper middle class salary at a regular company. However, working at a bank you will be a multi millionaire instead with that background because you add value and contribution to your company MUCH more.

      In the past we were once valued as profit centers and assets as great productivity gains were realized switching to computers then desktops, then spreadsheets, email, and so on and so on. Today, a nerd is not someone who can turn on a PC and use a formula in a spreadsheet. Everyone can do this. Therefore, we do not offer anything of important value except when something blows up.

      Anyway the risk is well worth the effort of massively increased sales and low cost labor. As long as the share price goes up and the CFO and CEO can get their bonuses from the cost savings and profit center increases then all is good even if it does get hacked.

      --
      http://saveie6.com/
    2. Re:Having worked for a few firms... by Red+Flayer · · Score: 5, Interesting

      That's the problem I have with bean counters - the inability to see the bigger integral picture.

      I'm a professional bean counter. I think you're not only wrong about failing to see the bigger picture, I think you're way off on the value of IT.

      IT doesn't drive product. It doesn't drive sales. It supports those functions, just as HR or Finance does. IT is not an asset... it is a cost center than maintains an asset.

      Regardless of the role and scope of a team (such as IT), you set your targets for what you need and what you want, and then you try to get those things done with maximum bang for your buck. Sometimes that means reducing costs, sometimes that means increasing value -- it is management's call on how to maximize cost-benefit (which is what us bean counters help management do).

      What some "big picture" guys (such as you make yourself out to be) miss is that the "big picture" is made up of little pieces, and if you want to affect the big picture, you need to affect the little pieces. The devil is in the details, and if you don't understand that, I don't think I'd want you in my org.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  3. Riiiiight. by cpu6502 · · Score: 5, Insightful

    The government routinely shares information with its defense contractors. Where that information comes from? The corporation does not ask.

    --
    My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
  4. We are spying but.. by Galestar · · Score: 5, Insightful

    ...we don't do the same kind of spying they do. Our spying is okay, theirs is evil.

    --
    AccountKiller
  5. What? by Anonymous Coward · · Score: 5, Interesting

    Did he just admit that his government hacks into other governments computer systems to steal diplomatic and military secrets? Did obama not say that cyber warfare like that is testimount to an act of war? If it's not and its ok for them to do it why are they trying to get that uk civilian hacker Gary Mckinnon for doing the same thing to them and saying its wrong and illegal when he did it to them but not when they do it themselves?

  6. No, we just overthrow elected governments by cjonslashdot · · Score: 4, Informative

    Yeah, we just overthrow governments and set up their elected officials to take the blame: https://en.wikipedia.org/wiki/1953_Iranian_coup_d'%C3%A9tat

  7. Re:Bah by ColdWetDog · · Score: 4, Funny

    We've always been at war with China. Err, Russia, Err, Drugs.

    Hell, we're always at war with somebody! Even if it's just cancer.

    USA! USA! USA!

    --
    Faster! Faster! Faster would be better!
  8. Over-globalization is the problem here. by sethstorm · · Score: 4, Insightful

    This is what we get when we get too friendly with nations that are still despotic in nature, reserving freedom for the few businesses and not the many. They are used to take away freedom from people under the canard of "competitiveness", something that is only used to wash the blood from indefensible actions.

    Shame we can't have a national security directive to kill offshoring - since it is about the only thing that can kill this for good. It may not be the cleanest answer, but it is the one that cuts the lobbyists out of the equation. If we want offshoring, it cannot be in the current form - a form that is only used as retribution for successes and security gained by First World citizens. It must be in a form that clearly prioritizes citizens of all skill levels first for hiring and training (to get rid of the skill-level complaints) for long-term & direct hire jobs (to obliterate the permatemp culture); it cannot be simply a way to exact concessions in the name of Ricardian economics.

    --
    Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
  9. Re:Economic Espionage by Anonymous Coward · · Score: 5, Informative

    There is one documented instance where the CIA 'spied on airbus.'

    The CIA actually was spying on Saudi Arabia. What they found was that Airbus was bribing saudi arabia to get a big contract. So the NSA spilled the beans, the corruption was rooted out, and Boeing ended up getting the contract.

    Do you call that industrial espionage?

    I should also note that in the US, it is illegal to bribe foreign governments. This law is enforced, and executives have gone to jail for it...

  10. Conflict of Interest? by Jim+Buzbee · · Score: 4, Informative

    I don't doubt that a lot of cyber-spying is going on, but also note that Clarke is now CEO of Good Harbor Consulting, which coincidentally makes a boatload of money dong Cyber consulting. The more frenzy he whips up, the more money he rakes in.

    1. Re:Conflict of Interest? by zbobet2012 · · Score: 4, Insightful

      While it is true he makes more money the bigger the frenzy, keep in mind that doesn't necessarily mean he is incorrect or acting immorally. If he believes there is a problem, thinks there is a market for fixing it, and is attempting to raise awareness of the problem he may way be acting in a correct manner. In short conflict of interest is not proof of incorrectness.

      So yes by all means take him him with a grain of salt, but also actually look at the evidence he presents.

  11. Why Hack When We Give It Away by geoffrobinson · · Score: 4, Insightful

    If you want access to China's market, you have to build in China. And if you are building in China, China is figuring out how you build things.

    --
    Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
  12. Oy Vey! by alexborges · · Score: 5, Insightful

    "The U.S. government is involved in espionage against other governments. There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. "

    Here is a hint: start doing it, you dumbasses. Im no expert in chinese culture, but i've been studying their story with reverse engineering and the way they've built their home industry to come to the conclusion that, to the chinese, this is business as usual.

    You may be appalled by it, you may cringe with moral sentiment (and stubborn western-european hypocrisy), but you don't just stand there. Have a strategy to take a blow-by-blow approach to this and counterattack.... and maybe then you will realize all your strict IP laws and magical thinking make no sense at all in this brave new world.

    Snap out of it NOW!

    --
    NO SIG
  13. Re:Economic Espionage by Aviation+Pete · · Score: 4, Interesting

    We don't steal technological information from China because right now, they don't have anything we don't already have. We haven't been solidly behind another nation on that one since the mid 19th century. Tied, maybe; behind, no.

    And in the mid-19th century, we didn't have the slightest qualm about using industrial espionage against British companies to give our domestic industry a leg up. And why should we, for that matter?

    What a load of US-centic jingoism!

    What about jet engines? You had to borrow them from Britain first and then needed Germans to build them in the US (Gerhard Neumann). What about rockets? Same thing here (von Braun and his team). Even such mundane things like butter production were revolutionized after the US learned about all the German technology after 1945.

    I am sure there are some technological gems in some corners in China which are already superior to all US tech. And they get bigger and more numerous, not least because of an attitude like yours.

    --
    You know it's time for the next revolution when your rulers' names end with roman numerals.
  14. I'll try to hit a few points by HBI · · Score: 4, Insightful

    1. To China, US technological superiority in the commercial sector IS a national security issue, so Clarke is just being disingenuous here. If the US were in the same role, we'd steal their commercial secrets, too. The fact that we don't want to just illustrates the advantage.

    2. If we hadn't outsourced the more polluting and less skill intensive parts of our manufacturing base, we wouldn't be in this position.

    2a. I know the thought pattern - I had it as a child back in the 70s - it was the "brown hordes" thought. What would happen if all the poor people in the world stormed the borders of the US? To avoid that, it sort of compels our hand to distribute the wealth and make this less desirable. So we did. Made it easy as hell for companies to outsource operations to the former Third World.

    2b. The delusion started when people like GHW Bush claimed that we'd have an information economy. So the only advantage that the US would have was information? We'd all sit in offices and type things to each other? Seems like an invitation for people to steal our information and produce stuff that we can no longer produce ourselves.

    At this point the whole plan looks like a suicide pact. Leave H1B out of it, and it's still a disaster. The tards in power aren't connecting the dots, even now.

    --
    HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
  15. Its war by AdmV0rl0n · · Score: 5, Insightful

    The West was on top. So its a target. Its values are oppsed by the enemy.

    War comes in multiple forms. There isn't any requirement for someone to fight you directly. The lessons of this are available through history. The problem is that in general, the population is cretinously stupid. In the west, in america, and prevelent on Slashdot.

    The chinese long ago choose war with the west. And yes, this white house commentry is correct. Its years late to the party though. The chinese choose to make information and IP collection a military grade target, and applied military level resources to the task in hand.

    In exchange for taking all your information, IP and data, they then went back to said companies and said - we can do what you do, at a 10th of the price.
    Que economic damage doubled.

    At no point have I see anything - anywhere thats showing any willingness to even begin to face up to this challenge.

    Cutting to the chase, they do not have to use bombs and direct weapons to eliminate your factories, to commit economic damage, to diminish your state, lower your standard of living, and damage your way of life. If the end justifies the result - then its a valid technical stragetic aim. Its been and remains a highly effective strategic application of a militaristic and political plan.

    Assuming nothing is done, and its simply allowed to continue, then you will simply see a spiralling issue of damage here, and benefit there. A zero sum game that favours only one side.

    And there is no simple answer. In the west, we're so stupid, over payed, flabby, lazy and ill led that it will be a long time before an equalisation of fundamentals allows a reverse of the flow. American or Euro workers will still be paid many times the cost of a chinese worker. Even if you steal back the tech at a later date, the damage is largely done because you can't undercut enough to make stuff at the same cost level. But your structure will still have to pay out multiple times the cost to the now millions of unemployed. Que strike 3 of the cost of the enemy strategic plan.

    And how will you defend yourselves?
    With windows based networks that are an unholy security mess?
    With a military thats suffering the same windows based security mess?
    With open source software bases that however anyone might paint it, has enough security issues that its not a trivial issue?

    All of these are treated like a play ground by the enemy. A proverbial open door.
    Security worsens every day, and in the west IT is in most places simply treated as a red headed step child and an overhead people would like to eradicate if they could.

    Until companies and governments get serious, its only going to worsen. And while this is the state of play - with no penalty for the chinese - its well worth playing to a very full extent. At the end of the day, in the west, as the unemployed grow, eventually your customers will dwindle. The fact you get your shit made in the enemy factory now won't help you find exhausted customers in your home lands, and you are not going to outsell Lenovo in china to make up the now drastic shortfall. In the end, binning your own workers in exchange for cheap goods made in china has a culmative effect in you losing your own customers. The unemployed can't really buy from you, and that will turn to bite sooner or later.

    It could be ended tommorow assuming some spine can be found.
    A singular threat of complete bans on any chinese imports - on scale and across the western would would have sobering affect on the chinese. And at the same time reparations and damages should gained. And some spine should be found, because everyone basically knows this is going on, and has been for an extended period.

    China does not give a shit about you, or the west. It will under cut you, subsidise fuel to its operations, steal your data, rob you of your intellectual property, and take your job or life away from you. Its operating on the correct directive which is self interest. The nations and people's

    --
    We`re all equal .. Just some of us are less equal than others.
  16. Re:US at it too by Anonymous Coward · · Score: 4, Interesting

    US state Industrial espionage is certainly not new, but one would
    be naive to imagine it would receive domestic press coverage.
    Those of us that read French publications originating in France
    know that the practice has been documented for many decades.
    Wise up.