House Intel Chairman Blasts China on Cyber-Economic Espionage

The chairman of House Permanent Select Committee on Intelligence blasted China on Tuesday  for what he called “pervasive Chinese economic cyberespionage. “  During a hearing on cybersecurity issues, the  chairman of the committee  Rep. Mike Rogers (R-Mich.) discussed his worries over widespread efforts by China to steal intellectual property from companies that could harm U.S. companies and bring widespread economic impacts.

Rogers referred to  the highly sophisticated hacking of Google and other companies in late 2009 that went undetected until January 2010.  The hacking of Google’s network was intended to gain access to the email accounts of human rights activists in China.

“There are more companies that have been hit that won’t talk about it in the press, for fear of provoking further Chinese attacks.” Rogers said, “When you talk to these companies behind closed doors, however, they describe attacks that originate in China, and have a level of sophistication and are clearly supported by a level of resources that can only be a nation-state entity.”

“I don’t believe that there is a precedent in history for such a massive and sustained intelligence effort by a government to blatantly steal commercial data and intellectual property.” Rogers said. “China’s economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy.”

At the Hearing Arthur Coviello  the chief executive of RSA, the security division of the EMC Corp.  testified about a breach of its firm’s own intellectual property that was compromised known as Secure ID. The RSA Secure ID technology is used widely by numerous firms and government agencies, including the FBI.

“Secure ID  is a very, very successful technology for preventing unauthorized access to networks and companies’ infrastructure from outside.  If you could possibly compromise Secure ID, you could get in as — and be  recognized as an employee of the organization, even though you were an attacker,” Coviello said at the hearing.  Coviello also said that RSA’s own systems were compromised from targeted emails sent to company employees.

Computer security experts and U.S. officials believe the RSA breach were carried out by entities in China. U.S. and FBI officials also believe China was behind high-profile computer intrusions into the International Monetary Fund and NASDAQ computer systems demonstrating the increasing sophistication of their efforts.

“Corporate America continues to be routinely compromised by the growing prevalence of advanced  threats, and our nation’s intellectual property continues to flow into the wrong hands and erode our global competitiveness,” Kevin Mandia the CEO of security firm Mandiant testified at the hearing.

While not mentioning China, Mandia noted that many companies are exposed when they are working on deals overseas such as mergers and acquisitions or working with law firms.

“I think the information that they’re seeking depends on industry.” Mandia said. “If you’re a blue chip American organization, we’ve seen the targeting of … email essentially.  It is the ability to get the firms that are doing M&A [mergers and acquisitions] in other parts of the world.  During these negotiation periods we see heightened activity in the theft.”

“When we see companies that are doing business on a global scale doing mergers and acquisitions in other regions of the world, we’re seeing predominantly attacks being focused against the law firms and those companies that are purchasing companies who are  doing mergers and it’s — the attacks are generally geared toward  email, getting email and getting documents in regards to the folks  involved in that merger and acquisition.”