Nation States' Espionage and Counterespionage

An overview of the 2007 Global Economic Espionage Landscape

Newspapers around the world regularly cover the leveling of the global playing field, often called "the global marketplace," and highlight the entrance of vibrant, new cultures and economies into the entrepreneurial mix. In effect, more and more of our fellow citizens around the world are developing increasing amounts of new and exciting intellectual property and applying this intellect in ways never before imagined.

Thanks to readily available infrastructure, individuals, companies and the countries and economies to which they contribute are able and universally welcomed to step up and participate. In a level playing field, these entrepreneurs compete with the ideas and capabilities of others, not locally, but globally. That's the good news.

Unfortunately, not a month passed in 2007 without a reference to intellectual property theft or a revelation that IP theft was being sponsored by a nation-state. More frequently, we hear of yet another government condoning, encouraging and creating a mandate for its national intelligence and security resources to steal intellectual property for competitive and national advantage.

At the same time, numerous governments have struck alarm bells, warning their citizens to protect themselves—"The thieves are coming!" they say. These warnings of nation-state-sponsored activities in the realm of industrial espionage have truly reached critical levels within the developed world, and the warnings are applicable to all nations, industrial sectors and companies, not just those that have stepped forward and accepted the political risk of calling out the unsavory activities taking place in the marketplace.

These pronouncements are quickly followed by yet another government setting up a new or improved counterintelligence or counterespionage entity to protect their country's interests in the public and private sectors from these self-pronounced and empowered nations whose intelligence apparatus are targeting the intellectual properties of the world's corporations.

The playing field is crowded with actors both new and old. Amazingly, the combined level of activity exceeds any level previously encountered, including the apex of the Cold War, when geopolitical and ideological battle lines truly existed. It is the enhancement of the global communications infrastructure that has in essence leveled this playing field of industrial espionage, for all the nation states.

Now, more than eight years since the climax of the Cold War, the threat of industrial and economic espionage has percolated once again to the forefront, and the tools of the intelligence collector are again being dusted off and put to use, as nations make use of what is referred to as the "second oldest profession." They are willing to make the political decision to support their indigenous corporations and companies with the provision of competitors' intellectual property the old-fashioned way—they will just take it.

Russia's Putin throws down the gauntlet

On October 20, 2007, Russian President Vladimir Putin, at a Moscow ceremony, introduced the new head of Russia's external intelligence service, Sluzhba Vneshney Razvedki (SVR), former Prime Minister Mikhail Fradkov. According to Russian press coverage of the event, in addition to introducing Fradkov, Putin projected in a clear and unambiguous manner his expectations of the SVR, including continuing to fight terrorism and building up its "economic espionage" capabilities. Putin is quoted as saying the SVR "must be able to swiftly and adequately evaluate changes in the international economic situation, understand their consequences for the domestic economy and, of course, it's necessary to more actively protect the economic interest of our companies abroad." Putin's careful selection of words effectively puts a marker on the table.

Couple this with Putin's directive at the end of November 2007 to have the Russia Federation engage in more technical intelligence gathering. Putin revealed his expectations on the level of support for this initiative when he said, "In the government, we will hold a meeting with the Academy of Sciences, with necessary government officials at the ministerial level, with the leadership of the [Russian state corporation Rostekhnologii], the Defence Ministry, the General Staff and the special services of departments that work in this sphere." Yevgeniy Primakov, former Prime Minister (1998-1999) and director of the SVR (1991-1996) provided further clarity when he noted that Rostekhnologii is a "serious mechanism, which brings together achievements of the defence industry and feeds the civilian sector." Primakov continued, "When the entire industry was state-owned, [information from technical intelligence] was given to all, but now one needs a body that would give it also to private enterprises," according to an ITAR-Tass news report.

Perhaps there is reason for concern if your firm competes with a Russian firm; or sells to a government that Russia may perceive as a potential foe; or if your intellectual property is a dual-use technology that may be of interest to Russia for their military or national security interests. To Putin's credit, he has placed individuals who know a good bit about intelligence in position to lead the execution of his mission statement, and his message is consistent.

China's understanding of economic espionage starts at the top

Meanwhile in China, the end of August 2007 saw a quiet position shuffle within the Ministry of State Security (MSS), well ahead of the October Communist Party Congress, during which Geng Huichang, vice-minister for state security (since 1998), was promoted to the position of minster of state security, China's internal intelligence and security organization. According to the International Herald Tribune, Geng understands the value of commercial intelligence, having been involved in the policy and strategy of both protecting and obtaining commercial secrets since at least 1998. It was noted how, in February 1998, Geng delivered a lecture at the Commerce Ministry in which he spoke on these very topics some nine years ago. Perhaps observers should consider his appointment as an indication of the value China places on the acquisition of intellectual property belonging to others.

China, Taiwan's victim

In the November 9, 2007, edition of the "Across the Strait" (Hai Xia Liang An) television program, a group called the Taiwanese "Tiger Group"—led by Li Fangrong, who is believed to be affiliated with Taiwan's military—was described as actively attacking the Chinese government's Internet presence, engaging government employees in chat-room discussions, planting Trojan programs and eliciting secret information.

According to a China resident and military expert, Xu Guangyu, the Tiger Group consists of full-time military employees, as well as systems under the control of the national security department and the military intelligence department, which employ part-timers who are paid on a project basis. Xu noted that the revelation of Lis identity was intended to send a message to Taiwan that China has the ability to trace the whereabouts of their Internet spies, regardless of where they are based, as well as to demonstrate China's ability to counterattack in Internet warfare.

Meanwhile, Zhang Zhaozhong, a professor from China's National Defense University, describes Taiwan's Internet warfare capability as more advanced in terms of its ability to steal secret information from the Internet, especially as it started out doing such things earlier. Taiwan is expected to expend 12% of its military budget in the next five years on Internet warfare, Zhang says.

Perhaps it is in the collective interest to accept the possibility that China vectors of this sort of activity may include activity originating from Taiwan.

Taiwan, China's victim

In mid-November 2007, Taiwan's investigation bureau reported that hard-disk drives manufactured by Seagate in Thailand and sold in Taiwan had been contaminated with Trojan horse malware while the drives were in the hands of "Chinese sub-contractors" during the manufacturing process. The malware automatically uploaded information saved on the hard drive and, if the computer was connected to the Internet, forwarded the saved information to a Beijing Internet address without the user's knowledge. Seagate warned that drives with a manufacture date after August 2007 may be so infected. While no information has developed indicating that the contamination of the hard drives were made at the behest of the Chinese government—be it the People's Liberation Army (PLA) or the MSS—it is interesting how this event aligns with precision to the very acute warning issued by the U.S. National Counterintelligence Executive Joel Brenner about insertion of exploitable factors during the manufacturing process (see below).

On November 21, 2007, the Taipei Prosecutors Office indicted two individuals for conducting espionage work at the behest of China in exchange for money. The individuals were identified as Lin Yu-Nung, an agent within the Ministry of Justice's Investigation Bureau's (MJIB) Economic Crime Prevention and Control Center, and a retired agent, Chen Chih-kao. According to the indictment, Chen left the bureau in 1997 and was recruited by the Chinese in Shanghai, where he had published a magazine about business, trade and traveling. Chen subsequently recruited Lin in 2005, to help collect information and intelligence. Chen claims that he never revealed national security information and that he only agreed to work with the Chinese in Shanghai after being coerced with the threat that his family could be harmed if he refused. The two were arrested in Taipei in September 2007, when Lin was caught handing files over to Chen for $3,000 (USD).

It's disturbing to see a pattern of the intelligence apparatus utilizing coercion in acquiring the services of individuals believed to have access to information of interest to the MSS and other services within China. It would appear that a decision has been made to use any and all leverage points to acquire the intellectual property or trade secrets of others.

Germany's Remberg warns on China and Russia

Hans Elmar Remberg, the vice president of Germany's Federal Office for the Protection of the Constitution (Bundesamt für Verfassungsschutz, or BfV), which is Germany's internal intelligence organization, was quoted in February 2007 by the Financial Times Deutschland as saying, "The Russian services operate primarily in the classic form, with agents; the Chinese are mainly active in the electronic sector."

In August 2007, on the eve of German Chancellor Angela Merkel's meeting with Chinese Premier Wen Jiabao in China, Spiegel magazine reported that a significant cyber attack on computers within the Germany Chancellery, as well as the foreign, economic and research ministries, had been discovered by Remberg's organization in May 2007. In this instance, the information was siphoned off the German government's machines utilizing Trojan horse programs that sent German government data via the Internet to what is believed to be a People's Liberation Army-supported locus of the attack, located in Lanzhou, Canton province and Beijing. While the German government does not know exactly how much information was stolen, some estimates are in the terabytes, and German security officials were able to thwart a 160 gigabyte data transfer. German security officials also said they estimate 40% of all German companies have been victims of nation-state-sponsored industrial espionage, with the majority of the activities originating from Russia and China.

Then in October 2007, Remberg spoke on the probability of the Chinese state being involved in electronic espionage attacks upon Germany. Remberg noted, "Supporting this view is the intensity, structure and scope of the attacks, and above all the targets, which include [German[ authorities and companies." Remberg continued, "Some people call this the Chinese cyber war. Across the world, the People's Republic of China is intensively gathering political, military, corporate-strategic and scientific information in order to bridge their technological gaps as quickly as possible."

Remberg's comments clearly indicate his understanding that it is not just German companies and industries at risk. Is Remberg's organization, the BfV, providing specific, actionable information required to adequately protect itself against the Chinese threat, or any other?

Japan organizes a counterintelligence unit

In August 2007, Japan's Ministry of Foreign Affairs set up a counterintelligence unit within the ministry, with the specific mandate of protecting information inside the ministry and in its establishments abroad. Of particular note, this is the first counterintelligence unit to exist in over 50 years within the ministry.

1 2 3 4 Page 1
Page 1 of 4
7 hot cybersecurity trends (and 2 going cold)