China's Cyber Threat A High-Stakes Spy Game
Ken Lieberthal of the Brookings Institution does a lot of work in China. Visiting about 10 times a year, he does some business consulting, meets with other scholars at universities and sometimes meets with government officials.
Like a lot of us these days, Lieberthal carries electronics with him to do his work. However, he takes a bit more precaution than many business travelers, as he tells weekends on All Things Considered guest host Rachel Martin.
"I first of all get a loaner laptop. And the USB that I bring, I clean digitally before I bring it, so it's totally blank," Lieberthal says.
Lieberthal then disconnects the Wi-Fi and Bluetooth functions, sets email filters and a virtual private network, or VPN. That's all before the trip. While in China, he never lets his Blackberry leave his side, never uses a wireless Internet connection while he has his USB drive plugged in, and he also physically hides his fingers when typing passwords.
When he gets home, everything gets digitally wiped and cleaned.
Why take all this precaution? Espionage. More specifically, cyber-espionage.
The cloak-and-dagger world of corporate espionage is alive and well, and China seems to have the advantage. Their cyber-espionage program is becoming more and more effective at swiping information from America's public and private sectors. The U.S. government has even blamed China publicly for hacking American industries.
It's not just business travelers at risk, either. In fact, any piece of digital data can be acquired through moles within the company or hackers operating half a world away.
China's Technological Front
James Lewis, who directs the technology program at the Center for Strategic and International Studies, says when the Chinese opened up their economy to the West, they decided one of things they needed was to upgrade their technology because they were falling behind.
"The Chinese have, since 1986, been plugging steadily along at building up their technological capacities," Lewis tells NPR's Rachel Martin. "And that includes cyber-espionage."
To be fair, Lewis says China is not the only country that has done this. A lot of countries engage in this kind of collection of electronic data, he says.
"In so many countries, the telecom infrastructure is built to allow heavy surveillance by the government, and China is one of those places," he says.
The focus on China, Lewis says, is likely because the U.S. increasingly sees the nation as its closest economic and military competitor. The Chinese, he says, likely feel that way too.
"Like it or not, the two of us are kind of spiraling into a competitive relationship that could involve military tensions that reach the point of conflict," he says. "That's why we're so concerned about them."
The technology and defense industries are the most vulnerable, Lewis says. Those industries are areas China has identified that the nation needs to grow, but Chinese hackers have even broken into and stolen plans from American furniture manufacturers.
"You can see the immediate economic benefit: You don't have to pay for the design, you can build it cheaper, and you can offer the same product at a lower price," he says. "That hurts our economy."
The Cost Of Economic Espionage
The Chairman of the House Intelligence Committee is Republican Rep. Mike Rogers of Michigan. This week, Rogers, who is a former FBI agent, plans to bring forward a bill designed to put more pressure on China for alleged cyberattacks.
"They are ferocious economic predators, and it is something we are going to have to deal with — and deal with it soon," Rogers tells Martin.
This public naming and shaming is a new tactic. Up until recently, U.S. officials have been pressuring China behind closed doors. But a counter-intelligence report released last month directly accused China of hacking into the computer systems of American businesses.
Rogers has actually spoken with executives from some of the American businesses hit by cyberattacks, and he says stolen intellectual property from just one hi-tech company cost them billions of dollars in research and revenue as well as thousands of U.S. jobs.
"Those are 10,000 jobs that would be in this economy, that would employ Americans, that are gone because of Chinese economic espionage," he says.
New estimates put losses from intellectual property espionage at about a trillion dollars a year, Rogers says. And he says U.S. companies that deal in intellectual property fall into two camps: those that know they've been hacked and those that don't know.
"There really is no other exception than that," he says.
Awareness of the threat and tracing the attacks to a specific government are two of the problems with cyber-espionage, Rogers says. Though he's confident they have evidence that China is actively involved in economic espionage, he says another issue is that companies that have been hacked are reluctant to come forward publicly.
"They realized that this would affect either their brand name or the fact that it might affect people wanting to invest in these particular companies," he says.
The other issue, he says, is that companies feel that if they publicly acknowledge they've been hacked, it might open them up to future corporate espionage.
Rogers hopes the new U.S. tactic of accusing China publicly will help raise awareness of the issue and push it to the highest levels of the bilateral relationships the U.S. has with Russia, China and other nations.
"It's very important that this become a bilateral trade issue so that we can finally get a handle on it," he says.
In response to the U.S. allegations, Wang Baodong, the spokesperson at the Chinese Embassy in Washington, sent a statement that says cyber-attacks are a global issue and hackers are striking everywhere.
The statement also says the charges against China are "harmful not only to the interests of American travelers but also to increased exchanges between our two countries, and such [a] willful demonization effort against China should be stopped"
Even though U.S. officials are convinced there's a cyber threat from China, they still don't know the extent of the attacks or exactly who is doing them, which makes it very hard to figure out how to make them stop.
RACHEL MARTIN, HOST:
This is WEEKENDS on ALL THINGS CONSIDERED from NPR News. I'm Rachel Martin, in for Guy Raz.
We begin today with a story about information espionage, and one traveler's ritual to protect himself.
Ken Lieberthal of the Brookings Institution works in China a lot.
KEN LIEBERTHAL: Most years, I go about 10 times a year. Yeah.
MARTIN: He does some business consulting; meets with other scholars at universities, sometimes with government officials. And like a lot of us these days, he carries electronics with him to do his work. But for Lieberthal, it's a lot more complicated than just throwing a laptop into a briefcase and hitting the road. He takes precautions.
LIEBERTHAL: I, first of all, get a loaner laptop. And the USB that I bring, I have cleaned digitally before I bring it so that it's totally blank.
MARTIN: Lots of precautions.
LIEBERTHAL: Disconnect the Wi-Fi and Bluetooth functions, set the email filters. And that tunnels under the Chinese firewall. So that's all before the trip.
MARTIN: Once he's actually in China, he's just as careful. His BlackBerry never leaves his side.
LIEBERTHAL: I never leave it in my hotel room.
MARTIN: He never uses a Wi-Fi connection when he's got a USB drive plugged in.
LIEBERTHAL: I'm always careful to log out completely when I'm not using it.
MARTIN: He also physically hides his fingers when typing passwords. And when he gets home, everything gets wiped clean. Paranoia, you say? Maybe. But the U.S. government is now blaming China publicly for hacking American industries. That's our cover story today: Chinese cyber-espionage and the impact on the U.S. economy.
The chairman of the House Intelligence Committee is Republican congressman Mike Rogers of Michigan. This week, Rogers plans to bring forward a bill designed to put more pressure on China for alleged cyber-attacks.
REP. MIKE ROGERS: They are ferocious economic predators, and it is something we are going to have to deal with, and deal with it soon.
MARTIN: This public naming and shaming is a new tactic. Up until recently, U.S. officials have been pressuring China behind closed doors. But a counterintelligence report released last month directly accused China of hacking into the computer systems of American businesses. And it's not just business travelers at risk. Any piece of digital data can be acquired through moles within a company, or hackers operating half a world away.
More from Mike Rogers later on. But first, James Lewis directs the technology program at the Center for Strategic and International Studies.
JAMES LEWIS: The Chinese decided, when they opened their economy to the West, that one of the things they needed to do was upgrade their technology, that they were falling behind. There's a famous letter from three Chinese scientists to Deng Xiaoping in March of 1986 that says, we're falling behind the Americans. We're never going to catch up unless we make a huge investment in science and technology.
And so the Chinese have, you know, it's like the tortoise and the hare. The Chinese have, since 1986, been plugging steadily along at building up their technological capacities, and that includes cyber-espionage. And to be fair, we ought to note: China is not the only country that does this.
LEWIS: A lot of countries engage in this kind of economic collection, in this kind of electronic eavesdropping.
MARTIN: But the U.S. has had a particular focus on China. Why is that? Why does the United States perceive this threat as most dangerous because it's coming from China?
LEWIS: Whether it's true or not, we increasingly see China as our most likely competitor in the world. And the Chinese, I think, feel that way, too. So like it or not, the two of us are kind of spiraling into a competitive relationship that could involve military tensions that reach the point of conflict.
You've got another problem, which is the Chinese believe - you know, with a little merit; they had what they called the century of humiliation. Westerners, mainly British and French, were mean to them, and you had the experience of imperialism. They feel like the West owes them. And so one of the things they do is say, how do we catch up? How do we get Western technology? How about if we borrow it from unsuspecting donors? And they are one of the leading countries when it comes to economic espionage. We see them in a special light.
MARTIN: When you think about the threat to the United States and businesses, what specific industries are most vulnerable?
LEWIS: The ones that have been the most vulnerable are the high-tech industries and the defense industries, because China has identified those as places where they want to grow. When you talk to people in the intelligence community, though, they'll tell you that they see really unusual incidents. One group was telling me about a case involving Chinese hackers breaking into a furniture company in the United States, and stealing the plans for furniture.
You can see the immediate economic benefit. You don't have to pay for the design; you can build it cheaper; and you can offer the same product at a lower price, maybe even get it to market a little faster. That hurts the economy, and that's one of the things that we need to think about - is, this is damaging our economy.
MARTIN: James Lewis of the Center for Strategic and International Studies.
Now, congressman Mike Rogers - by the way, he's a former FBI agent - he has actually spoken with executives from some of the American businesses hit by cyber-attacks.
ROGERS: There is one particular company who is in the high-end manufacturing sector. They spent billions in research and development, trying to get this particular product to where it was. Now, China produces that particular product. They stole the intellectual property. And their estimation is it cost them hundreds of millions of dollars in revenue, and 10,000 jobs at a minimum.
So those are 10,000 jobs that would be in this economy, that would employ Americans, that are gone because of Chinese economic espionage. Business after business after business has lost valuable - and by the way, the new estimate is maybe up to a trillion - with a T - dollars a year worth of intellectual property. A trillion dollars.
I will tell you this, Rachel. There are two companies left in the United States that possess intellectual property in their products: those that know they've been hacked and those that don't know they've been hacked.
MARTIN: And the companies that don't know they're hacked - basically, what you're saying is, we don't understand the breadth of this problem.
ROGERS: You know, it's not like someone is kicking your puppy. You can see that. You can get pretty angry about it, and you're going to do something about it. When somebody is in your network and slowly and quietly stealing your most valued asset of your company - your intellectual property - it is hard to see it and get fired up about it, and get emotional about it. It happens every single day.
And the Chinese aren't the only ones. They happen to be the most pervasive. The Russians are engaged. The Iranians are now engaged. Other nation states are starting to develop and invest in this kind of technology and expertise. And we've got to start getting the awareness up of the American people - and our American business community - what the threat really is.
MARTIN: U.S. defense officials who work on cybersecurity, and with a focus on Asia, have said it's actually very difficult in the end to trace it to specific governments - these kinds of cyber-attacks - because oftentimes, it's routed through other servers in different countries. Are you confident that you have some kind of evidence that connects these episodes to China?
ROGERS: I will say with a very high degree of confidence, as somebody who used to - was in the business of collecting evidence - this is not evidence - but I was in the business of collecting evidence that the Chinese government is actively involved in economic espionage.
MARTIN: What are the most egregious examples?
ROGERS: Well, there is - and here was the other set of problems. When I went to have an open hearing on this particular issue, the companies that we know were hacked were very reluctant to come forward. Two reasons, both concerning. One was, they realized that this would affect either their brand name, or the fact that it might affect people wanting to invest in these particular companies. And the second part of that was some of them outright said, if I publicly talk about the fact that the Chinese have hacked my particular system, I can tell you that my system will be overrun, within a very short period, by continued hackers.
MARTIN: Up until recently, up until this most recent counterintelligence report was released, U.S. officials have really preferred to exert pressure on China privately about all of this. Why call China out publicly? Why the change?
ROGERS: Well, if you understand the culture of China, they hate public humiliation. It is something that can drive their decision-making. And for too long, the decision has been made - if we just don't talk about it, maybe we can do something about it. I've made the determination as the chairman of the House Intelligence Committee that we have got to start recognizing this problem publicly. And we need to raise this to the highest levels of our bilateral relationships with Russia and China and other nations.
And so no longer is this not something we should talk about; it is absolutely something we should talk about.
MARTIN: But besides this public rhetoric and very strong language, what else can the U.S. do?
ROGERS: We're going to increase our penalties. We're going to increase our defense capabilities against it here. All those things are going to happen.
MARTIN: When you say penalties, what would that mean as far as punitive measures?
ROGERS: Well, it could mean anything. It could mean that if they have foreign companies that they have established as front companies, that those companies would have civil and criminal penalties applied as well as other trade issues that we're going to have to look at as we move forward. Again, it's very important that this become a bilateral trade issue so that we can finally get a handle on it.
MARTIN: Congressman Mike Rogers, chairman of the House Permanent Select Committee on Intelligence. We asked the spokesperson at the Chinese Embassy in Washington, Wang Baodong, to respond to the U.S. allegations. He sent us a statement that says: Cyber-attacks are not just a Chinese issue but a global issue, and hackers are striking from everywhere.
He also says the charges against China are, quote, harmful not only to the interest of American travelers, but also to increased exchanges between our two countries. And such a willful demonization effort against China should be stopped.
Even though U.S. officials are convinced there's a cyberthreat coming from China, they still don't know the extent of the attacks or exactly who is waging them, which makes it hard to figure out how to make them stop.
(SOUNDBITE OF MUSIC) Transcript provided by NPR, Copyright NPR.