Richard Clarke: All Major U.S. Firms Hacked By China

bdking writes "Former White House cybersecurity advisor Richard Clarke says state-sanctioned Chinese hackers are stealing R&D from U.S. companies, threatening the long-term competitiveness of the nation. He said, 'The U.S. government is involved in espionage against other governments. There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that. ... We hack our way into foreign governments and collect the information off their networks. The same kind of information a CIA agent in the old days would try to buy from a spy. ... Diplomatic, military stuff but not commercial competitor stuff.'"

You don't say...

[betterunixthanunix]

Yeah, it is not as though the US uses its own signals intelligence agency to spy on foreign businesses and pass R&D secrets to domestic firms...

http://en.wikipedia.org/wiki/ECHELON#Controversy

Re:You don't say...

[wisty]

Also, were it not for western industrial espionage against China, we wouldn't have paper or porcelain or tea.

The US doesn't steal commercial know-how because they already have plenty. China is decades behind (in some areas), and can benefit a lot from acquiring foreign IP.

In fact, China's subsidies of industrial inputs (land, energy, water, steel, etc) are there to drag in foreign manufacturing. Want to guess why they want everything made in China? It's so they can figure out how to make it themselves.

It's a hell of a lot better than invading resource-rich countries to try to build up your industrial base. And if no-one ever stole secrets, we'd still all be in the dark ages.

Re:You don't say...

[Dhalka226]

Does it bother anybody else that the source in question is as bad as it is?

I looked at the source for the claim that the US has engaged in industrial espionage, which points to a 194 page report from a European commission and which the person who made the claim is clearly hoping was too long for anybody to read.

The only point relevant to the claim is this:

The United States readily admits that some of its intelligence service's activities also concern industry. This includes, for example, monitoring of the observance of economic sanctions, compliance with rules on the supply of weapons and dual use goods, developments on commodities markets and events on the international financial markets. The rapporteur's findings are that the US services are not alone in their involvement in these spheres, nor is there any serious criticism of this.

In other words, the industrial espionage they know about is something they aren't even willing to criticize.

Further along, under a big heading "Is ECHELON suitable for industrial espionage?" they go on to explain that if it finds any, it was an accident.

The strategic monitoring of international telecommunications, can produce useful information for industrial espionage purposes, but only by chance. In fact, sensitive industrial information is primarily to be found in the firms themselves, which means that industrial espionage is carried out primarily by attempting to obtain the information via employees

(their emphasis)

In other words, they took two paragraphs and three bullet points to say "no, they wouldn't bother using ECHELON for this."

It is followed by a chart of cases of industrial espionage (with no explanation as to how they arrived at any of the entries), and the only entry that may relate to ECHELON (rather than using an agent or taking photographs) is a 1994 NSA action where they intercepted calls and faxes related to how Airbus was bribing Saudi Arabian officials to win a contract. Those dastardly Americans! It's so rude to use spy on the competition when they're just trying to bribe somebody. Gosh! And yet still, I'm just supposing this entry is in any way related to ECHELON since it makes no such claim.

I am not claiming the US does not engage in this kind of behavior; they probably do, and for all I know they've been caught red-handed at it too. But this report is not proof of that, even if we were to take Wikipedia as a great source of anything to begin with.

Re:You don't say...

[jdgeorge]

Yes but changing your mind is a slow process, not something that happens in less than a year.

If a president can't change his mind about something in less than a year, he was not qualified to be president. The chief executive needs to be able to respond to changes, not be blindly attached to an existing policy in the face of new information.

Re:You don't say...

[St.Creed]

The Chinese haven't privatized their companies in the sense that they are separate from the state: a lot of companies are part of the state and the army actually runs many companies since they have to create their own budget (and food). A self sufficient army is a big tenet of the Chinese strategy. That's what makes this a bit more unpleasant than otherwise because normally, there would be an independent arbiter reigning in the companies. No such thing in China. The arbiter is playing too.

Riiiiight.

[cpu6502]

The government routinely shares information with its defense contractors. Where that information comes from? The corporation does not ask.

We are spying but..

[Galestar]

...we don't do the same kind of spying they do. Our spying is okay, theirs is evil.

What?

Did he just admit that his government hacks into other governments computer systems to steal diplomatic and military secrets? Did obama not say that cyber warfare like that is testimount to an act of war? If it's not and its ok for them to do it why are they trying to get that uk civilian hacker Gary Mckinnon for doing the same thing to them and saying its wrong and illegal when he did it to them but not when they do it themselves?

Re:Economic Espionage

There is one documented instance where the CIA 'spied on airbus.'

The CIA actually was spying on Saudi Arabia. What they found was that Airbus was bribing saudi arabia to get a big contract. So the NSA spilled the beans, the corruption was rooted out, and Boeing ended up getting the contract.

Do you call that industrial espionage?

I should also note that in the US, it is illegal to bribe foreign governments. This law is enforced, and executives have gone to jail for it...

Re:Having worked for a few firms...

[Billly+Gates]

The accountants have a point.

Sales make money. You cost money.

Which would you maximize and which would you minimize? A cost center or a profit center? That is business 101.

I always advice IT people to work in a technology company. Otherwise you will always be undervalued and underpaid. Same is true if you are a financial wizard. You can make a good upper middle class salary at a regular company. However, working at a bank you will be a multi millionaire instead with that background because you add value and contribution to your company MUCH more.

In the past we were once valued as profit centers and assets as great productivity gains were realized switching to computers then desktops, then spreadsheets, email, and so on and so on. Today, a nerd is not someone who can turn on a PC and use a formula in a spreadsheet. Everyone can do this. Therefore, we do not offer anything of important value except when something blows up.

Anyway the risk is well worth the effort of massively increased sales and low cost labor. As long as the share price goes up and the CFO and CEO can get their bonuses from the cost savings and profit center increases then all is good even if it does get hacked.

Oy Vey!

[alexborges]

"The U.S. government is involved in espionage against other governments. There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. "

Here is a hint: start doing it, you dumbasses. Im no expert in chinese culture, but i've been studying their story with reverse engineering and the way they've built their home industry to come to the conclusion that, to the chinese, this is business as usual.

You may be appalled by it, you may cringe with moral sentiment (and stubborn western-european hypocrisy), but you don't just stand there. Have a strategy to take a blow-by-blow approach to this and counterattack.... and maybe then you will realize all your strict IP laws and magical thinking make no sense at all in this brave new world.

Snap out of it NOW!

Its war

[AdmV0rl0n]

The West was on top. So its a target. Its values are oppsed by the enemy.

War comes in multiple forms. There isn't any requirement for someone to fight you directly. The lessons of this are available through history. The problem is that in general, the population is cretinously stupid. In the west, in america, and prevelent on Slashdot.

The chinese long ago choose war with the west. And yes, this white house commentry is correct. Its years late to the party though. The chinese choose to make information and IP collection a military grade target, and applied military level resources to the task in hand.

In exchange for taking all your information, IP and data, they then went back to said companies and said - we can do what you do, at a 10th of the price.
Que economic damage doubled.

At no point have I see anything - anywhere thats showing any willingness to even begin to face up to this challenge.

Cutting to the chase, they do not have to use bombs and direct weapons to eliminate your factories, to commit economic damage, to diminish your state, lower your standard of living, and damage your way of life. If the end justifies the result - then its a valid technical stragetic aim. Its been and remains a highly effective strategic application of a militaristic and political plan.

Assuming nothing is done, and its simply allowed to continue, then you will simply see a spiralling issue of damage here, and benefit there. A zero sum game that favours only one side.

And there is no simple answer. In the west, we're so stupid, over payed, flabby, lazy and ill led that it will be a long time before an equalisation of fundamentals allows a reverse of the flow. American or Euro workers will still be paid many times the cost of a chinese worker. Even if you steal back the tech at a later date, the damage is largely done because you can't undercut enough to make stuff at the same cost level. But your structure will still have to pay out multiple times the cost to the now millions of unemployed. Que strike 3 of the cost of the enemy strategic plan.

And how will you defend yourselves?
With windows based networks that are an unholy security mess?
With a military thats suffering the same windows based security mess?
With open source software bases that however anyone might paint it, has enough security issues that its not a trivial issue?

All of these are treated like a play ground by the enemy. A proverbial open door.
Security worsens every day, and in the west IT is in most places simply treated as a red headed step child and an overhead people would like to eradicate if they could.

Until companies and governments get serious, its only going to worsen. And while this is the state of play - with no penalty for the chinese - its well worth playing to a very full extent. At the end of the day, in the west, as the unemployed grow, eventually your customers will dwindle. The fact you get your shit made in the enemy factory now won't help you find exhausted customers in your home lands, and you are not going to outsell Lenovo in china to make up the now drastic shortfall. In the end, binning your own workers in exchange for cheap goods made in china has a culmative effect in you losing your own customers. The unemployed can't really buy from you, and that will turn to bite sooner or later.

It could be ended tommorow assuming some spine can be found.
A singular threat of complete bans on any chinese imports - on scale and across the western would would have sobering affect on the chinese. And at the same time reparations and damages should gained. And some spine should be found, because everyone basically knows this is going on, and has been for an extended period.

China does not give a shit about you, or the west. It will under cut you, subsidise fuel to its operations, steal your data, rob you of your intellectual property, and take your job or life away from you. Its operating on the correct directive which is self interest. The nations and people's

Re:Having worked for a few firms...

[Red+Flayer]

That's the problem I have with bean counters - the inability to see the bigger integral picture.

I'm a professional bean counter. I think you're not only wrong about failing to see the bigger picture, I think you're way off on the value of IT.

IT doesn't drive product. It doesn't drive sales. It supports those functions, just as HR or Finance does. IT is not an asset... it is a cost center than maintains an asset.

Regardless of the role and scope of a team (such as IT), you set your targets for what you need and what you want, and then you try to get those things done with maximum bang for your buck. Sometimes that means reducing costs, sometimes that means increasing value -- it is management's call on how to maximize cost-benefit (which is what us bean counters help management do).

What some "big picture" guys (such as you make yourself out to be) miss is that the "big picture" is made up of little pieces, and if you want to affect the big picture, you need to affect the little pieces. The devil is in the details, and if you don't understand that, I don't think I'd want you in my org.