Nation States' Espionage and Counterespionage

An overview of the 2007 Global Economic Espionage Landscape

Newspapers around the world regularly cover the leveling of the global playing field, often called "the global marketplace," and highlight the entrance of vibrant, new cultures and economies into the entrepreneurial mix. In effect, more and more of our fellow citizens around the world are developing increasing amounts of new and exciting intellectual property and applying this intellect in ways never before imagined.

Thanks to readily available infrastructure, individuals, companies and the countries and economies to which they contribute are able and universally welcomed to step up and participate. In a level playing field, these entrepreneurs compete with the ideas and capabilities of others, not locally, but globally. That's the good news.

Unfortunately, not a month passed in 2007 without a reference to intellectual property theft or a revelation that IP theft was being sponsored by a nation-state. More frequently, we hear of yet another government condoning, encouraging and creating a mandate for its national intelligence and security resources to steal intellectual property for competitive and national advantage.

At the same time, numerous governments have struck alarm bells, warning their citizens to protect themselves—"The thieves are coming!" they say. These warnings of nation-state-sponsored activities in the realm of industrial espionage have truly reached critical levels within the developed world, and the warnings are applicable to all nations, industrial sectors and companies, not just those that have stepped forward and accepted the political risk of calling out the unsavory activities taking place in the marketplace.

These pronouncements are quickly followed by yet another government setting up a new or improved counterintelligence or counterespionage entity to protect their country's interests in the public and private sectors from these self-pronounced and empowered nations whose intelligence apparatus are targeting the intellectual properties of the world's corporations.

The playing field is crowded with actors both new and old. Amazingly, the combined level of activity exceeds any level previously encountered, including the apex of the Cold War, when geopolitical and ideological battle lines truly existed. It is the enhancement of the global communications infrastructure that has in essence leveled this playing field of industrial espionage, for all the nation states.

Now, more than eight years since the climax of the Cold War, the threat of industrial and economic espionage has percolated once again to the forefront, and the tools of the intelligence collector are again being dusted off and put to use, as nations make use of what is referred to as the "second oldest profession." They are willing to make the political decision to support their indigenous corporations and companies with the provision of competitors' intellectual property the old-fashioned way—they will just take it.

Russia's Putin throws down the gauntlet

On October 20, 2007, Russian President Vladimir Putin, at a Moscow ceremony, introduced the new head of Russia's external intelligence service, Sluzhba Vneshney Razvedki (SVR), former Prime Minister Mikhail Fradkov. According to Russian press coverage of the event, in addition to introducing Fradkov, Putin projected in a clear and unambiguous manner his expectations of the SVR, including continuing to fight terrorism and building up its "economic espionage" capabilities. Putin is quoted as saying the SVR "must be able to swiftly and adequately evaluate changes in the international economic situation, understand their consequences for the domestic economy and, of course, it's necessary to more actively protect the economic interest of our companies abroad." Putin's careful selection of words effectively puts a marker on the table.

Couple this with Putin's directive at the end of November 2007 to have the Russia Federation engage in more technical intelligence gathering. Putin revealed his expectations on the level of support for this initiative when he said, "In the government, we will hold a meeting with the Academy of Sciences, with necessary government officials at the ministerial level, with the leadership of the [Russian state corporation Rostekhnologii], the Defence Ministry, the General Staff and the special services of departments that work in this sphere." Yevgeniy Primakov, former Prime Minister (1998-1999) and director of the SVR (1991-1996) provided further clarity when he noted that Rostekhnologii is a "serious mechanism, which brings together achievements of the defence industry and feeds the civilian sector." Primakov continued, "When the entire industry was state-owned, [information from technical intelligence] was given to all, but now one needs a body that would give it also to private enterprises," according to an ITAR-Tass news report.

Perhaps there is reason for concern if your firm competes with a Russian firm; or sells to a government that Russia may perceive as a potential foe; or if your intellectual property is a dual-use technology that may be of interest to Russia for their military or national security interests. To Putin's credit, he has placed individuals who know a good bit about intelligence in position to lead the execution of his mission statement, and his message is consistent.

China's understanding of economic espionage starts at the top

Meanwhile in China, the end of August 2007 saw a quiet position shuffle within the Ministry of State Security (MSS), well ahead of the October Communist Party Congress, during which Geng Huichang, vice-minister for state security (since 1998), was promoted to the position of minster of state security, China's internal intelligence and security organization. According to the International Herald Tribune, Geng understands the value of commercial intelligence, having been involved in the policy and strategy of both protecting and obtaining commercial secrets since at least 1998. It was noted how, in February 1998, Geng delivered a lecture at the Commerce Ministry in which he spoke on these very topics some nine years ago. Perhaps observers should consider his appointment as an indication of the value China places on the acquisition of intellectual property belonging to others.

China, Taiwan's victim

In the November 9, 2007, edition of the "Across the Strait" (Hai Xia Liang An) television program, a group called the Taiwanese "Tiger Group"—led by Li Fangrong, who is believed to be affiliated with Taiwan's military—was described as actively attacking the Chinese government's Internet presence, engaging government employees in chat-room discussions, planting Trojan programs and eliciting secret information.

According to a China resident and military expert, Xu Guangyu, the Tiger Group consists of full-time military employees, as well as systems under the control of the national security department and the military intelligence department, which employ part-timers who are paid on a project basis. Xu noted that the revelation of Lis identity was intended to send a message to Taiwan that China has the ability to trace the whereabouts of their Internet spies, regardless of where they are based, as well as to demonstrate China's ability to counterattack in Internet warfare.

Meanwhile, Zhang Zhaozhong, a professor from China's National Defense University, describes Taiwan's Internet warfare capability as more advanced in terms of its ability to steal secret information from the Internet, especially as it started out doing such things earlier. Taiwan is expected to expend 12% of its military budget in the next five years on Internet warfare, Zhang says.

Perhaps it is in the collective interest to accept the possibility that China vectors of this sort of activity may include activity originating from Taiwan.

Taiwan, China's victim

In mid-November 2007, Taiwan's investigation bureau reported that hard-disk drives manufactured by Seagate in Thailand and sold in Taiwan had been contaminated with Trojan horse malware while the drives were in the hands of "Chinese sub-contractors" during the manufacturing process. The malware automatically uploaded information saved on the hard drive and, if the computer was connected to the Internet, forwarded the saved information to a Beijing Internet address without the user's knowledge. Seagate warned that drives with a manufacture date after August 2007 may be so infected. While no information has developed indicating that the contamination of the hard drives were made at the behest of the Chinese government—be it the People's Liberation Army (PLA) or the MSS—it is interesting how this event aligns with precision to the very acute warning issued by the U.S. National Counterintelligence Executive Joel Brenner about insertion of exploitable factors during the manufacturing process (see below).

On November 21, 2007, the Taipei Prosecutors Office indicted two individuals for conducting espionage work at the behest of China in exchange for money. The individuals were identified as Lin Yu-Nung, an agent within the Ministry of Justice's Investigation Bureau's (MJIB) Economic Crime Prevention and Control Center, and a retired agent, Chen Chih-kao. According to the indictment, Chen left the bureau in 1997 and was recruited by the Chinese in Shanghai, where he had published a magazine about business, trade and traveling. Chen subsequently recruited Lin in 2005, to help collect information and intelligence. Chen claims that he never revealed national security information and that he only agreed to work with the Chinese in Shanghai after being coerced with the threat that his family could be harmed if he refused. The two were arrested in Taipei in September 2007, when Lin was caught handing files over to Chen for $3,000 (USD).

It's disturbing to see a pattern of the intelligence apparatus utilizing coercion in acquiring the services of individuals believed to have access to information of interest to the MSS and other services within China. It would appear that a decision has been made to use any and all leverage points to acquire the intellectual property or trade secrets of others.

Germany's Remberg warns on China and Russia

Hans Elmar Remberg, the vice president of Germany's Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz, or BfV), which is Germany's internal intelligence organization, was quoted in February 2007 by the Financial Times Deutschland as saying, "The Russian services operate primarily in the classic form, with agents; the Chinese are mainly active in the electronic sector."

In August 2007, on the eve of German Chancellor Angela Merkel's meeting with Chinese Premier Wen Jiabao in China, Spiegel magazine reported that a significant cyber attack on computers within the Germany Chancellery, as well as the foreign, economic and research ministries, had been discovered by Remberg's organization in May 2007. In this instance, the information was siphoned off the German government's machines utilizing Trojan horse programs that sent German government data via the Internet to what is believed to be a People's Liberation Army-supported locus of the attack, located in Lanzhou, Canton province and Beijing. While the German government does not know exactly how much information was stolen, some estimates are in the terabytes, and German security officials were able to thwart a 160 gigabyte data transfer. German security officials also said they estimate 40% of all German companies have been victims of nation-state-sponsored industrial espionage, with the majority of the activities originating from Russia and China.

Then in October 2007, Remberg spoke on the probability of the Chinese state being involved in electronic espionage attacks upon Germany. Remberg noted, "Supporting this view is the intensity, structure and scope of the attacks, and above all the targets, which include [German[ authorities and companies." Remberg continued, "Some people call this the Chinese cyber war. Across the world, the People's Republic of China is intensively gathering political, military, corporate-strategic and scientific information in order to bridge their technological gaps as quickly as possible."

Remberg's comments clearly indicate his understanding that it is not just German companies and industries at risk. Is Remberg's organization, the BfV, providing specific, actionable information required to adequately protect itself against the Chinese threat, or any other?

Japan organizes a counterintelligence unit

In August 2007, Japan's Ministry of Foreign Affairs set up a counterintelligence unit within the ministry, with the specific mandate of protecting information inside the ministry and in its establishments abroad. Of particular note, this is the first counterintelligence unit to exist in over 50 years within the ministry.

This action is believed to have been a direct result of the much-publicized December 2005 incident in Shanghai, when the Chinese Ministry of State Security is alleged to have applied considerable coercive pressure as part of an entrapment scenario on a consulate employee that resulted in the employee choosing suicide over compromising the confidential communications between Japan's Consulate General Shanghai and the Ministry of Foreign Affairs. The death of the consulate employee, a most unfortunate incident, has been a thorn in the side of Sino-Japan relations, for which the Chinese government has repeatedly absolved itself of any culpability or responsibility.

It is worth noting, however, the striking similarity between the steps necessary to protect a nation's diplomatic correspondence and communications and that of a corporation. Any defensive measures contemplated should surely consider inclusion of a precautionary note about new-found acquaintances.

China and Russia are also in Oz

In July 2005, Paul O'Sullivan, chief of the Australian Security Intelligence Organisation (ASIO), authorized the increase in personnel, spending and allocation of resources to boost the capabilities in 2007-2008 of the new Counter-Espionage and Interference Division, and to continue this increase in spending each year through 2011. The Australian, a daily newspaper, reported that Russia and China pose the most serious espionage threat to Australia's national interests. In an ASIO submission to the Parliamentary Joint Committee on Intelligence and Security in February 2007, it was highlighted to the committee that the ranks of Russian and Chinese intelligence presence in Australia were at near Cold War levels, with their focus on Australian military, scientific and industrial secrets.

New Zealand warns of foreign governments in its systems

The Prime Minister of New Zealand, Helen Clark, confirmed in September 2007 that New Zealand computer systems supporting the government had been penetrated by foreign governments. When speaking about the incident, Clark noted, "The assurance I've been given by intelligence agencies is that no classified information has been at risk at all." This position was supported by the commentary of the head of the New Zealand Security Intelligence Service, Warren Tucker, who confirmed there was evidence that foreign governments were responsible for the attacks but did not name the countries. However, he did refer to the comments made by Canada's security service about China's activities (see below).

Iran notes China spies

In mid-August 2007, Dr. Alireza Jamshidi, Secretary of the Supreme Council for Judicial Development, acting as spokesman for the Iranian judiciary, announced the detention of two Chinese nationals for photographing and videotaping a military complex in the city of Arak. Arak is the location of Iran's heavy-water reactor and has been featured in the criticism of Iran regarding its nuclear program. Jamshidi noted that the two individuals entered Iran as tourists via the beach resort of Kish Island, which is located off Iran's southern coast.

Fifteen nations targeting Canadian intellectual property

The director of Canadian Security Intelligence Service (CSIS) Jim Judd testified in late April 2007 before the Senate Defence Committee on how almost half of the CSIS counterintelligence and counterespionage resources were devoted to a single country and their operatives—China. Judd's testimony noted that of the 15 nations that are known to be engaged in espionage-like activity in Canada, China tops the list. He commented that many of the foreign agents operating in Canada did so under the guise of tourists. Judd commented, "It's surprising sometimes, the number of hyperactive tourists we get here and where they come from."

This revelation by Judd comes as no surprise, given the CSIS 2004 report on Chinese economic espionage targeting all facets of the industrial business cycle, including contract details, supplier lists, planning documents, research and development data, technical drawings and computer databases. Add that to the information evolved from the debriefings of two Chinese officials, who provided data on hundreds of individuals operating as spies and informants for China, primarily in the cities of Vancouver and Toronto. And don't forget Foreign Affairs Minister Peter MacKay's admonishment in 2006 that he expected and wanted to see an increase in attention by CSIS on Chinese espionage.

Espionage in the UK is beyond Cold War levels

In mid-November 2007, a former British soldier was arrested on suspicion of attempting to sell classified documents. According to the Telegraph, a UK daily newspaper, a document circulated British military bases in October stating, "It is all too easy to overlook the threat from espionage that this country faces. The activity by the Russian Foreign Intelligence Service (SVR) and the military intelligence service (GRU) is as extensive now as at any time during the Cold War. It is believed there are 30 intelligence officers working under cover in the Russian embassy, consulate and trade delegation. Rather than seeking intelligence on purely military hardware, they seek intelligence on a range of technologies, as well as policy attitudes to the EU, NATO and G8, our allies as well as UK foreign policy." Need the warning be more specific?

Doubtful the UK's alarm bells regarding Russia are solely due to the continued dust-up over the Alexander Litvinenko poisoning and the refusal by Russia to extradite Andrei Lugovoi, the key suspect in the murder. That would seem to have been settled by the July 2007 expulsion of four members of the Russian diplomatic mission to the UK, all of whom were believed to be associated with the SVR. Rather, the aforementioned pronouncement of interest in economic espionage on the part of the SVR has garnered the full attention of the limited resources of the British special services.

Lest we think only Russia is interested in the UK, we must also note the activities of the Chinese, which reached a level that warranted multiple advisories and warnings from the UK government about the threat to the nation's infrastructure, as well as the nation's economy.

According to an early September 2007 article in the Times, a Whitehall source (a UK government employee) noted how China was moving from "old-fashioned espionage" to electronic hacking. The source said, "China is engaged in hostile intelligence activities, and instead of using the old-fashioned methods [recruiting agents and stealing blueprints], they are focusing on electronic means to hack into systems to discover Britain's defence and foreign policy secrets, and they are technologically pretty advanced and adept at it."

The same article notes that the UK's Centre for the Protection of National Infrastructure (CPNI)—an organization created in February 2007—has warned Whitehall about the threats posed by the ubiquitous wireless networks, with the observation, "A key implication of this unprecedented wireless connectivity is that attackers can reach you at all times."

Moving to early November 2005, Jonathan Evans, director general of the British Security Service (MI5), announced to the public his need to continue to expend resources to stave off the "unreconstructed attempts by Russia, China and others to spy on us." To provide some context, Evans noted his disappointment that at this time—when the UK and the international community is facing the threat of international terrorism, Al-Qaida being the most extreme—MI5 must continue to expend its limited counterintelligence and counterespionage resources against countries that "devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense." Evans cautioned how the mechanism used are not limited to traditional methodologies but also involve the deployment of "sophisticated technical attacks, using the Internet to penetrate computer networks."

Evans' earlier warning call was re-emphasized in late-November, when he issued a letter, from the perspective of the CPNI, urging British businesses to check their information technology defenses in the face of a concerted cyber-espionage effort being undertaken against UK business interests by the Chinese People's Liberation Army. The letter noted how, "The activity has led them [CPNI and MI5] to believe that there is a serious and concerted attempt at electronic espionage through every sinew of British industry."

China's in France's business, as well

In mid-September 2007, the secretary general of France's National Defense Office, Francis Delon, confirmed that France had been experiencing similar attacks as those experienced by the U.S. and the UK from China. Delon noted how the Chinese had successfully penetrated the outer levels of the state computer systems. "We have proof that there is involvement with China," he said. But I am prudent. When I say China, this does not mean the Chinese government. We don't have any indication now that it was done by the Chinese People's Liberation Army."

Then in late November 2007, a Chinese trainee at a French auto manufacturer, Valeo, was set to go to trial on the charges that she came to Valeo with the intent to obtain secret commercial and technical information. The trainee's activities were discovered by the new Economic Intelligence Unit which was created in 2005 to assist businesses in fighting industrial espionage. Investigators discovered two files on the trainee's computer. The first, codenamed PL4, involving a project with BMW, and the second, X95, involved work for Renault. Investigators also found a secret list of Valeo's production plans in China.

This apparent use of the intern by the Chinese government to assist an indigenous competitor to Valeo brings to the forefront some fundamental questions, including how deep a background check can be for a student without work experience and whether temporary employees are allowed system access at the same level of their full-time and established colleagues.

Czech Republic notes Russia in its business

As many as half the Russian personnel assigned to the Russian Embassy in Prague are believed to be intelligence officers, according to the information presented in the annual counterintelligence report submitted by the Security Information Service (BIS), the Czech Republic's counterintelligence security service, in late November 2007. The report went on to say that some Russian intelligence officers are operating as journalists within the Czech Republic. "The Russian side wants to achieve and maintain an advantageous position in Czech-Russian economic relations and gain control over Czech entities seeking to enter the Russian markets," the report says. Russia has shown an interest in the Czech nuclear, chemical and biological research.

The Czech Republic has a clear understanding of where its problems originate, and its willingness to confront Russia for its activities is commendable. The question remains, however, as to whether the Czech companies affected by the Russian intelligence activities are being provided sufficient data to protect themselves.

Qatar learns one of its neighbors has eyes on Qatar oil

In late November 2007, a U.S. citizen employee of Qatar Petroleum, John Willis Donez, saw his sentence of life imprisonment upheld by the Qatar appellate court. Donez, was caught attempting to sell what was characterized as "highly sensitive economic information to an Asian country bordering the Gulf," according to the local daily Al-Raya. A search of Donez's home following his arrest discovered a CD containing sensitive information regarding oil fields in the north of Qatar.

We often hear of the "foreign national" threat, and it would seem to apply here in Qatar. In this case, the foreign national, Donez, had no allegiance with or long-term perspective on protecting Qatar's strategic interests (the oil fields).All would benefit if the government of Qatar shared the name of the country and the means by which the covert operation was conducted.

Swedish sees foreign intelligence active

The Swedish Security Service (Säkerhetspolisen, or SÄPO) has revealed via an update to its Web site, dated late November 2007, that 15-plus foreign intelligence organizations are active in Sweden. SÄPO notes, "The intelligence actors active in Sweden or targeting Swedish interests in other countries are working on a broad and systematic scale to access information relating to politics, economy, the armed forces, advanced technology and research." The acquisition of "sources" or "agents" within Swedish companies and government by foreign intelligence officers is of interest to SÄPO, and the organization notes that these intelligence officers often are working under false pretences, such as diplomat, journalist or businessman.

Continuing how only some of these intelligence officers are declared to the Swedish government, SÄPO goes on to note how "signals intelligence," or the interception of wireless communication, in Sweden is not illegal, but interception of a "cable-transmitted signal is illegal." Perhaps SÄPO is signaling to all that their communications in Sweden may be acquired, analyzed and processed by any with the technical capabilities to achieve what is known as SIGINT, or signals intelligence collection.

Korean intellectual property of interest both at home and from afar

In 2007, the Korean National Intelligence Service (NIS) advised that its investigative efforts uncovered and allowed for the indictment of both current and former employees of Korea's second largest automaker, as well as one of the premier steel-making conglomerates, for taking and then sharing intellectual property with Chinese firms. The Korean prosecutor's office and the NIS are focused on industrial spying with a foreign bent.

It was, therefore, surprising to the NIS when in mid-November 2007, it uncovered activities inside Korea by two executives of an indigenous firm that stole key technologies from another indigenous firm. The two were indicted, and the value of the intellectual property was placed at 1.7 trillion won (approximately $1.7 billion USD).

The investigation showed that the two executives had previously worked at the victim's firm for more than 20 years and stole the technology by downloading the data onto USB drives. The duo then took the accumulated data with them when they were hired by their current employer.

Zimbabwe's Mugabe: Don't forget us

Zimbabwe's president, Robert Mugabe, announced the establishment of the "Robert Mugabe School of Intelligence" near Harare during a speech on the role of intelligence in Zimbabwe that occurred in late October 2007. The multi-billion-dollar school will offer degrees and diplomas in security and intelligence studies. Mugabe noted that the school was complying with international best practices, saying, "Japan and Switzerland have industrial espionage schools to train businessman in the art of economic intelligence gathering." Mugabe hit the nail on the head when he noted that intelligence gives a national competitive advantage, not only in intelligence analysis but also in the art of espionage, which has become a scope of industrial development. Fair warning: The school is expected to open its doors in 18 months (Feb/Mar 2009).

Iran: Something's squirrelly here

In early July 2007, Iranian counterintelligence services captured 14 squirrels, carrying "foreign spy-gear" as they attempted to infiltrate Iran, according to the state-sponsored Islamic Republic News Agency (IRNA). No other details have been released on this incident, including who may have been the sponsor of the rodent infiltration attempt, other than to note Iran has stepped up its anti-espionage efforts against the West.

China's consistent voice: It's not us

In July 2007, the Chinese government expressed indignation at the FBI's placement of classified advertisements in a variety of Chinese-language press, soliciting assistance from the Chinese-speaking community, "Chinese living here have often helped the FBI prevent subversive elements from penetrating and harming our country. In order to protect our freedoms and democracy, we continue to seek your assistance. We especially welcome anyone who has information about the Chinese [government] or State Security."

Foreign ministry spokesman Qin Gang was noted as insisting that China's national security authorities would never violate the sovereignty or territorial integrity of another nation. Qin, dismissed the ad with, "A handful of people in the United States are acting against the trend of the times and cling to a Cold War mentality, attempting to stain China's image."

In September 2007, in response to the revelations of the June 2007 successful PLA attack on the U.S. Department of Defense, including the defense secretary's office, the Chinese Foreign Ministry rejected the accusations, labeling them "groundless." Foreign Ministry spokesman Jiang Yu noted, "The Chinese government has always opposed any Internet-wrecking crime, including hacking, and cracked down on it according to the law."

Also in September 2007, Lou Qinjian, vice minister of Information Industry, claimed that China was the victim, not the aggressor, and suggested that China had sustained more cyber-espionage than western nations, to include "massive" and "shocking losses of state secrets via the Internet."

In mid-November 2007, an annual report from the U.S.-China Economic Security Review Commission found that China poses a significant espionage threat to the U.S. and U.S. industries, resulting in a plethora of denials from China. The Chinese Foreign Ministry stated, "Concerning the issue of the so-called Chinese economic espionage in the United States, we have many times solemnly stated that China has never endangered the interests of another nation. We stand on the principle of mutual benefit based on fairness, justice and equality in undertaking cooperation in every area with other nations."

In late November 2007, Chinese Premier Wen Jiabao, speaking to the attendees of the China-EU Business Summit, said, "Protecting the intellectual property rights is not only necessitated by China's opening up, but also by a domestic drive for encouraging innovation and scientific development." It is worthy of approbation to note that since 1985, when the first patent law was created through today, China has put in place a comprehensive intellectual property rights legal framework. And there is no denying that the level of enforcement has increased year over year since 1985, but whether or not it is at appropriate levels is dependent upon one's perspective. Suffice it to say, there is ample room for continued improvement.

U.S. intellectual property under siege

The U.S. Defense Security Service, the entity with the counterintelligence oversight for corporate America's engagement with the Department of Defense, said in its most recent counterintelligence study that more than 100 countries were active in and engaged in attempts to acquire intellectual property from U.S. entities.

In mid-November 2007, the U.S. Department of Justice (DOJ) compiled and released a fact sheet ("Major U.S. Export Enforcement Actions in the Past Year") that summarized the 33 major cases (October 2006-October 2007) and prosecutions of illegal export of U.S. technologies (including those acquired through espionage activities) during the previous year. Interestingly, the number of countries identified totaled 10, with Iran and China each responsible for approximately a third of the cases. Equally interesting is how none of the cases involving Iran were characterized as espionage. Of the four cases identified as "espionage," all four cases identified China as the nation-state sponsor. Remarkably, Russia is conspicuous in its absence.

Mid-November also saw the release of the United States-China Economic Security Review Commission's report to Congress.

In September 2007, the Financial Times reported that in June 2007, the U.S. Department of Defense had been victimized by the most successful cyber attack in history and that the attack was conducted by the Chinese People's Liberation Army.

In July 2007, the Federal Bureau of Investigation's (FBI) director Robert S. Mueller, in testimony before the House Judiciary Committee in response to the committee's inquiry into Chinese activities in the U.S., characterized the threat by saying, "There is substantial concern China is stealing our secrets in an effort to leap ahead in terms of its military technology, but also the economic capability of China. It is a substantial threat that we are addressing in the sense of building our program to address this threat.

Also in July 2007, Thomas Mahlik, the chief of the FBI Domain program, was quoted in a USA Today article as saying the risk was within the enterprise. (Domain is the FBI's defensive counterintelligence program whose stated challenge is "to protect the U.S.'s sensitive information, technologies and thereby competitiveness in an age of globalization.") Mahlik said, "Our message is: There's risk here. You could be giving away the future. The threat's in-house." The article goes on to note that the FBI was pursuing 143 economic espionage cases, compared with 122 in 2006.

In the same article, Joel Brenner, the U.S. national counterintelligence executive, commented on the current state of affairs by saying, "The days when everything that was worth stealing, every secret that was worth stealing in the United States, was a government secret those days are long done. Much of what makes the country tick, much of our strategic advantage in the world, is economic."

Further evidence of China's activities in the U.S. comes in the form of the arrests, indictments and/or convictions of espionage and intellectual property theft that have occurred in the past 12 months. Consider the following:

  • In October 2007, U.S. citizen Lee Lan and Chinese national Ge Yuefei allegedly stole chip designs from their employer, Netlogic Microsystems, and other sensitive documents from the Silicon Valley office of Taiwan chip maker TSMC. The two have been charged with trade secret theft, conspiracy and two counts of economic espionage. According to the indictment, the duo were to sell their designs to the Chinese PLA's General Arms Department and the 863 Program, a military-led R&D entity.
  • In August 2007, Xiaodong Sheldon Meng, a Chinese national with Canadian citizenship, pled guilty in San Jose federal court to one count of economic espionage for trying to sell stolen software to China's Navy Research Center, and one count of violating U.S. arms control regulations for illegally exporting software used to train military fighter pilots.
  • In December 2006, Fei Ye and Ming Zhong received guilty verdicts for having stolen microchip blueprints from four different companies (Transmeta Corporation (Transmeta), Sun Microsystems, Inc. (Sun), NEC Electronics Corporation (NEC) and Trident Microsystems, Inc. (Trident) in Silicon Valley, and sharing the aforementioned 863 Program.

The U.S. government has also made some recommendations on how to defend against the loss of intellectual property. Among these were these findings of the US-China Economic and Security Review Commission:

  • "Ensuring adequate support for U.S. export control enforcement and counterintelligence efforts: In order to slow or stop the outflow of protected U.S. technologies and manufacturing expertise to China, the Commission recommends that Congress assess the adequacy of and, if needed, provide additional funding for U.S. export control enforcement and counterintelligence efforts, specifically those tasked with detecting and preventing illicit technology transfers to China and Chinese state-sponsored industrial espionage operations."
  • "Ensuring adequate support for protecting critical American computer networks and data: The Commission recommends that Congress assess the adequacy of and, if needed, provide additional funding for military, intelligence, and homeland security programs that monitor and protect critical American computer networks and sensitive information, specifically those tasked with protecting networks from damage caused by cyber attacks."
  • "Addressing weaknesses in U.S. intelligence capabilities focused on China's military: The Commission recommends that Congress instruct the director of national intelligence to conduct a full assessment of U.S. intelligence capabilities vis-à-vis the military of the People's Republic of China, and identify strategies for addressing any U.S. weaknesses that may be discovered as part of the assessment."
  • "Assessing potential Chinese military applications of R&D conducted in China by U.S. companies: The Commission recommends that Congress direct the U.S. Department of Defense to evaluate, and, in its Annual Report to Congress on the Military Power of the People's Republic of China, to report on, potential Chinese military applications of R&D conducted in China by U.S. companies."

These findings are based on the commission's understanding of how China has developed a growing reliance on industrial espionage. The report notes, "China continues to supplement its acquisition of new technologies from commercial transfers and direct production partnerships with a large-scale industrial espionage campaign." The commission also notes, "Chinese espionage against the U.S. military and American business continues to outpace the overwhelmed U.S. counterintelligence community. Critical American secrets and proprietary technologies are being transferred to the PLA and Chinese state-owned companies."

Defending U.S. Intellectual Property: In September 2007, Mahlik, said, "In the past, we've always been reactive to this type of scenario [espionage] and essentially showed up after the fact to bring resources to bear on this type of crime, but we want to be more proactive to help businesses and academic institutions protect themselves before an incident occurs."

The FBI's Domain program includes:

  • "Business Alliance"—focused efforts involving U.S. government contractors who have U.S. government security clearances in the provision of counterintelligence awareness and sharing of "actionable intelligence" that will increase the ability of the contractor to better protect their own intellectual property.
  • "Academic Alliance"—this portion of the program has two distinct components:
  • "National Security Higher Education Advisory Board"—presidents and chancellors from public and private research institutions constitute the board, which meets with regularity and provides a forum for FBI leadership and academia to discuss national security issues.
  • "The College and University Security Effort"—The Special Agent in Charge (SAC) of the regional FBI office engages the heads of local colleges and universities for national security discussions, to include threats the institutions may be facing. In addition, the program provides counterintelligence protection via explanation of how foreign services may wish to steal the college or university's intellectual property.
  • "Counterintelligence Working Groups"—this effort is divided into two working groups:
  • National Counterintelligence Working Group, designed "to establish strategic interagency partnerships at the senior executive level among the United States Intelligence Community (USIC), academia, industry, and defense contractors."
  • Regional Counterintelligence Working Group, a government-only group. "U.S.government counterintelligence entities that meet and discuss counterintelligence strategies, initiatives, operations, and best practices pertaining to the counterintelligence mission."
  • Research and Technology Protection Special Interest Group—the follow-on to the previously sponsored and supported "Infragard" (Infrastructure Guard), an alliance between the FBI and the public dedicated to preventing physical and electronic attacks against our nation's critical infrastructure.

Interestingly, Mahlik's comments and the focus of the various parts of the Domain program seem to advocate that companies shoulder their own counterintelligence needs, with respect to protecting themselves from the nation-state threat, albeit with the expectation that the enterprises have a counterintelligence function as an integral part of their asset protection strategy and are ready and willing to work with the FBI to protect these assets. Mahlik noted that the means by which intellectual property exits enterprises has evolved. "This isn't about traditional spies anymore; the engineer, student, or business partner are the threat now, and these people are being given increased access to corporate secrets, intellectual property and pre-patent research information at universities," Mahlik said. "These types of people are being actively used to exfiltrate key pieces of information back to their homelands, as there is always a race to establish a competitive advantage."

Couple the messages coming from the FBI, the DOJ and the U.S.'s national counterintelligence executive, and the message is consistent: The threat is an insider threat, i.e. from an individual allowed inside the environment being protected by technology, policy and procedures.

As said above, the FBI went so far as to place an advertisement in various Chinese language dailies, soliciting volunteers with information about Chinese interest in U.S. firms, and especially those who may have information about the activities of the Ministry of State Security. Brazen and unprecedented, but perhaps quite effective, although we'll never know just how successful. One can only assume the noise factor of MSS activities in the U.S. had reached such a level that the leadership of the FBI had decided that the political fallout of their advertisement far outweighed the potential positive results of their efforts—the verification and identification of Chinese espionage activity in the U.S. against public and private entities. The FBI should be commended for being proactive.

One doesn't need a dowsing stick to divine from where the nation-state threat originates or exists. Corporations everywhere have arrived at the correct conclusion: They are potentially up to their hips in deep water with respect to protecting their intellectual property from a number of interested nation-states.

As evidenced from the aforementioned examples, the protection of corporate technologies and intellectual properties has become a global phenomenon, the need for which shows no signs of abating. It is clear, however, that two countries lead the list of those most invested in the illicit acquisition of advanced technologies from companies, research institutes and enterprises to both advance their own economies, as well as provide data points with respect to their own national security strategies, and those are China and Russia.

The cacophony of complaints and call-outs both from the countries that are discovering the handiwork of others, as well as their own self-described interest in the activity, are both clear and concise. If you do business with or in either of these countries, be aware.

The U.S. National Counterintelligence Executive Joel Brenner offered his opinion on what he called "acquisition risk" in his October 24, 2007, speech to the National Reconnaissance Office/National Military Intelligence Association Counterintelligence Symposium on strategic counterintelligence issues of the 21st century. The topic of acquisition risk and especially product manipulation, according to Brenner, is one of significant and strategic counterintelligence import to the U.S. government but clearly applicable to all governments and corporations. "What are we buying?" he said. "What does "Made in USA" mean when components come from overseas and the software in the electronics may have been written by God-only-knows-whom? Unknown or sketchy provenance raises the risk that a foreign government or organization could program vulnerabilities into our most sensitive information systems."

Brenner is right with respect to the importance of acquisition risk. And governments, which are defending against the nation-state counterintelligence problem, must assign adequate resources to address this threat. But often, the question rises, Whose problem is this, really? If governments do not partner with industry in providing detailed threat data, how are industries expected to know of the threat and take appropriate steps to address the threat in a secure and economical manner? And these threats are not limited to the national security scenario; they are also used for competitive advantage and/or economic superiority.

It would not surprise anyone with a profit/loss perspective that if the cost to mitigate against unknown threats exceeds the value the government is willing to pay for this mitigation, then governments will find themselves without adequate protection, as they attempt to get by on the cheap with a low-bid, vs. most-secure mentality and methodology. But what is the corporation to do?

To his credit, Brenner admitted, "We in government can do a better job of helping [business] handle cyber vulnerabilities through a better warning system. Specifically, our rules for what we can tell you (our "cooperation model," if I may put it that way) is a function of our classification model. That is, if you're doing classified work, we can and may provide you with information about actual or potential attacks on your system that we cannot provide if you're not working on a classified contract."

It begs the question: What about the majority of U.S. businesses not involved in government work and, therefore, without access to the "classified U.S. government briefings?" Perhaps the FBI's Domain program will be the avenue by which individual U.S. companies will be provided the necessary data points to protect themselves from the nation-state's nefarious efforts. But the FBI Domain program is U.S.-centric and does not appear to be modeled in other countries. What is the multinational corporation to do? When will other nations follow the FBI's lead?

It is not enough to say to companies, "This nation or that nation is a threat to you," and "Yes, you should tighten up your intellectual property security." Nor is it sufficient to warn that the insider is a threat, especially from those who are foreign nationals.How ludicrous is this advice? What multinational company does not have a mix of nationalities?

Perhaps more appropriately, governments issuing the warnings can find a means to step forward and identify the modus operandi of the offending nations. Then and only then will companies be in a position to recognize the "tells" of the threatening nation and perhaps succeed in protecting themselves. If this should occur in 2008, perhaps we won't have such a robust list of economic espionage events to talk about at the end of the year.

####

About the author:

Christopher Burgess is a 30-year veteran of the CIA's clandestine service and currently serves as the senior security advisor to a Fortune 100 company. Burgess speaks and writes on the topic of the global threat to intellectual property. He is co-author of Secrets Stolen, Fortunes Lost, both the 2008 book (Elsevier) and 2006 article series (CSO Magazine) of the same name. Burgess can be contacted at cburgess@att.net.

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies