Nation States' Espionage and Counterespionage

An overview of the 2007 Global Economic Espionage Landscape

1 2 3 4 Page 2
Page 2 of 4

This action is believed to have been a direct result of the much-publicized December 2005 incident in Shanghai, when the Chinese Ministry of State Security is alleged to have applied considerable coercive pressure as part of an entrapment scenario on a consulate employee that resulted in the employee choosing suicide over compromising the confidential communications between Japan's Consulate General Shanghai and the Ministry of Foreign Affairs. The death of the consulate employee, a most unfortunate incident, has been a thorn in the side of Sino-Japan relations, for which the Chinese government has repeatedly absolved itself of any culpability or responsibility.

It is worth noting, however, the striking similarity between the steps necessary to protect a nation's diplomatic correspondence and communications and that of a corporation. Any defensive measures contemplated should surely consider inclusion of a precautionary note about new-found acquaintances.

China and Russia are also in Oz

In July 2005, Paul O'Sullivan, chief of the Australian Security Intelligence Organisation (ASIO), authorized the increase in personnel, spending and allocation of resources to boost the capabilities in 2007-2008 of the new Counter-Espionage and Interference Division, and to continue this increase in spending each year through 2011. The Australian, a daily newspaper, reported that Russia and China pose the most serious espionage threat to Australia's national interests. In an ASIO submission to the Parliamentary Joint Committee on Intelligence and Security in February 2007, it was highlighted to the committee that the ranks of Russian and Chinese intelligence presence in Australia were at near Cold War levels, with their focus on Australian military, scientific and industrial secrets.

New Zealand warns of foreign governments in its systems

The Prime Minister of New Zealand, Helen Clark, confirmed in September 2007 that New Zealand computer systems supporting the government had been penetrated by foreign governments. When speaking about the incident, Clark noted, "The assurance I've been given by intelligence agencies is that no classified information has been at risk at all." This position was supported by the commentary of the head of the New Zealand Security Intelligence Service, Warren Tucker, who confirmed there was evidence that foreign governments were responsible for the attacks but did not name the countries. However, he did refer to the comments made by Canada's security service about China's activities (see below).

Iran notes China spies

In mid-August 2007, Dr. Alireza Jamshidi, Secretary of the Supreme Council for Judicial Development, acting as spokesman for the Iranian judiciary, announced the detention of two Chinese nationals for photographing and videotaping a military complex in the city of Arak. Arak is the location of Iran's heavy-water reactor and has been featured in the criticism of Iran regarding its nuclear program. Jamshidi noted that the two individuals entered Iran as tourists via the beach resort of Kish Island, which is located off Iran's southern coast.

Fifteen nations targeting Canadian intellectual property

The director of Canadian Security Intelligence Service (CSIS) Jim Judd testified in late April 2007 before the Senate Defence Committee on how almost half of the CSIS counterintelligence and counterespionage resources were devoted to a single country and their operatives—China. Judd's testimony noted that of the 15 nations that are known to be engaged in espionage-like activity in Canada, China tops the list. He commented that many of the foreign agents operating in Canada did so under the guise of tourists. Judd commented, "It's surprising sometimes, the number of hyperactive tourists we get here and where they come from."

This revelation by Judd comes as no surprise, given the CSIS 2004 report on Chinese economic espionage targeting all facets of the industrial business cycle, including contract details, supplier lists, planning documents, research and development data, technical drawings and computer databases. Add that to the information evolved from the debriefings of two Chinese officials, who provided data on hundreds of individuals operating as spies and informants for China, primarily in the cities of Vancouver and Toronto. And don't forget Foreign Affairs Minister Peter MacKay's admonishment in 2006 that he expected and wanted to see an increase in attention by CSIS on Chinese espionage.

Espionage in the UK is beyond Cold War levels

In mid-November 2007, a former British soldier was arrested on suspicion of attempting to sell classified documents. According to the Telegraph, a UK daily newspaper, a document circulated British military bases in October stating, "It is all too easy to overlook the threat from espionage that this country faces. The activity by the Russian Foreign Intelligence Service (SVR) and the military intelligence service (GRU) is as extensive now as at any time during the Cold War. It is believed there are 30 intelligence officers working under cover in the Russian embassy, consulate and trade delegation. Rather than seeking intelligence on purely military hardware, they seek intelligence on a range of technologies, as well as policy attitudes to the EU, NATO and G8, our allies as well as UK foreign policy." Need the warning be more specific?

Doubtful the UK's alarm bells regarding Russia are solely due to the continued dust-up over the Alexander Litvinenko poisoning and the refusal by Russia to extradite Andrei Lugovoi, the key suspect in the murder. That would seem to have been settled by the July 2007 expulsion of four members of the Russian diplomatic mission to the UK, all of whom were believed to be associated with the SVR. Rather, the aforementioned pronouncement of interest in economic espionage on the part of the SVR has garnered the full attention of the limited resources of the British special services.

Lest we think only Russia is interested in the UK, we must also note the activities of the Chinese, which reached a level that warranted multiple advisories and warnings from the UK government about the threat to the nation's infrastructure, as well as the nation's economy.

According to an early September 2007 article in the Times, a Whitehall source (a UK government employee) noted how China was moving from "old-fashioned espionage" to electronic hacking. The source said, "China is engaged in hostile intelligence activities, and instead of using the old-fashioned methods [recruiting agents and stealing blueprints], they are focusing on electronic means to hack into systems to discover Britain's defence and foreign policy secrets, and they are technologically pretty advanced and adept at it."

The same article notes that the UK's Centre for the Protection of National Infrastructure (CPNI)—an organization created in February 2007—has warned Whitehall about the threats posed by the ubiquitous wireless networks, with the observation, "A key implication of this unprecedented wireless connectivity is that attackers can reach you at all times."

Moving to early November 2005, Jonathan Evans, director general of the British Security Service (MI5), announced to the public his need to continue to expend resources to stave off the "unreconstructed attempts by Russia, China and others to spy on us." To provide some context, Evans noted his disappointment that at this time—when the UK and the international community is facing the threat of international terrorism, Al-Qaida being the most extreme—MI5 must continue to expend its limited counterintelligence and counterespionage resources against countries that "devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense." Evans cautioned how the mechanism used are not limited to traditional methodologies but also involve the deployment of "sophisticated technical attacks, using the Internet to penetrate computer networks."

Evans' earlier warning call was re-emphasized in late-November, when he issued a letter, from the perspective of the CPNI, urging British businesses to check their information technology defenses in the face of a concerted cyber-espionage effort being undertaken against UK business interests by the Chinese People's Liberation Army. The letter noted how, "The activity has led them [CPNI and MI5] to believe that there is a serious and concerted attempt at electronic espionage through every sinew of British industry."

China's in France's business, as well

In mid-September 2007, the secretary general of France's National Defense Office, Francis Delon, confirmed that France had been experiencing similar attacks as those experienced by the U.S. and the UK from China. Delon noted how the Chinese had successfully penetrated the outer levels of the state computer systems. "We have proof that there is involvement with China," he said. But I am prudent. When I say China, this does not mean the Chinese government. We don't have any indication now that it was done by the Chinese People's Liberation Army."

Then in late November 2007, a Chinese trainee at a French auto manufacturer, Valeo, was set to go to trial on the charges that she came to Valeo with the intent to obtain secret commercial and technical information. The trainee's activities were discovered by the new Economic Intelligence Unit which was created in 2005 to assist businesses in fighting industrial espionage. Investigators discovered two files on the trainee's computer. The first, codenamed PL4, involving a project with BMW, and the second, X95, involved work for Renault. Investigators also found a secret list of Valeo's production plans in China.

This apparent use of the intern by the Chinese government to assist an indigenous competitor to Valeo brings to the forefront some fundamental questions, including how deep a background check can be for a student without work experience and whether temporary employees are allowed system access at the same level of their full-time and established colleagues.

Czech Republic notes Russia in its business

As many as half the Russian personnel assigned to the Russian Embassy in Prague are believed to be intelligence officers, according to the information presented in the annual counterintelligence report submitted by the Security Information Service (BIS), the Czech Republic's counterintelligence security service, in late November 2007. The report went on to say that some Russian intelligence officers are operating as journalists within the Czech Republic. "The Russian side wants to achieve and maintain an advantageous position in Czech-Russian economic relations and gain control over Czech entities seeking to enter the Russian markets," the report says. Russia has shown an interest in the Czech nuclear, chemical and biological research.

The Czech Republic has a clear understanding of where its problems originate, and its willingness to confront Russia for its activities is commendable. The question remains, however, as to whether the Czech companies affected by the Russian intelligence activities are being provided sufficient data to protect themselves.

Qatar learns one of its neighbors has eyes on Qatar oil

In late November 2007, a U.S. citizen employee of Qatar Petroleum, John Willis Donez, saw his sentence of life imprisonment upheld by the Qatar appellate court. Donez, was caught attempting to sell what was characterized as "highly sensitive economic information to an Asian country bordering the Gulf," according to the local daily Al-Raya. A search of Donez's home following his arrest discovered a CD containing sensitive information regarding oil fields in the north of Qatar.

We often hear of the "foreign national" threat, and it would seem to apply here in Qatar. In this case, the foreign national, Donez, had no allegiance with or long-term perspective on protecting Qatar's strategic interests (the oil fields).All would benefit if the government of Qatar shared the name of the country and the means by which the covert operation was conducted.

Swedish sees foreign intelligence active

The Swedish Security Service (Säkerhetspolisen, or SÄPO) has revealed via an update to its Web site, dated late November 2007, that 15-plus foreign intelligence organizations are active in Sweden. SÄPO notes, "The intelligence actors active in Sweden or targeting Swedish interests in other countries are working on a broad and systematic scale to access information relating to politics, economy, the armed forces, advanced technology and research." The acquisition of "sources" or "agents" within Swedish companies and government by foreign intelligence officers is of interest to SÄPO, and the organization notes that these intelligence officers often are working under false pretences, such as diplomat, journalist or businessman.

Continuing how only some of these intelligence officers are declared to the Swedish government, SÄPO goes on to note how "signals intelligence," or the interception of wireless communication, in Sweden is not illegal, but interception of a "cable-transmitted signal is illegal." Perhaps SÄPO is signaling to all that their communications in Sweden may be acquired, analyzed and processed by any with the technical capabilities to achieve what is known as SIGINT, or signals intelligence collection.

Korean intellectual property of interest both at home and from afar

In 2007, the Korean National Intelligence Service (NIS) advised that its investigative efforts uncovered and allowed for the indictment of both current and former employees of Korea's second largest automaker, as well as one of the premier steel-making conglomerates, for taking and then sharing intellectual property with Chinese firms. The Korean prosecutor's office and the NIS are focused on industrial spying with a foreign bent.

1 2 3 4 Page 2
Page 2 of 4
7 hot cybersecurity trends (and 2 going cold)