U.S. spy agencies to detail cyber-attacks from abroad
WASHINGTON — The U.S. intelligence community is nearing completion of its first detailed review of cyber-spying against American targets from abroad, including an attempt to calculate U.S. financial losses from hacker attacks based in China, officials said.
The National Intelligence Estimate, the first involving cyber-espionage, also will seek to determine how large a role the Chinese government plays in directing or coordinating digital attacks aimed at stealing U.S. intellectual property, according to officials who spoke on the condition of anonymity to discuss a classified undertaking.
The Pentagon requested the estimate more than a year ago, and it sparked a broad review of evidence and analysis from the 17 U.S. intelligence agencies. The document has been submitted to the National Intelligence Council, which coordinates such efforts, but it was unclear whether the council had reached or approved final conclusions. The study is expected to be given to policymakers early next year.
U.S. intelligence agencies monitor daily digital assaults from hackers based in China who seek to steal intellectual property from American and other Western companies, current and former intelligence officials said. Intelligence analysts disagree over the extent to which the intrusions are organized by Chinese authorities, but the CIA and National Security Agency have traced cyber-attacks and thefts to Chinese military and intelligence agencies.
“We know much more about who is doing this than we did even two years ago,” one official involved in the effort said. “We have traced attacks back to a desk in a [People’s Liberation Army] office building.”
Some analysts believe the Chinese government has a broad policy of encouraging theft of intellectual property through cyber-attacks, but that it leaves the details to intelligence services, state-owned companies and freelancers. As a result, at least some of the attacks appear poorly orchestrated.
U.S. officials have raised concerns about cyber-espionage with Chinese officials. Beijing has denied any involvement.
Obama administration officials have publicly warned in recent months about threats to national security from cyber-attacks, but they have tiptoed around the issue of who is to blame. “It’s no secret that Russia and China have advanced cyber capabilities,” Defense Secretary Leon E. Panetta said in a speech on Oct. 11 in New York.
Russia engages in cyber-espionage against government targets, as does China, the United States, Israel, France and other nations. But Russia does not systematically steal corporate secrets from U.S. companies to aid its own national companies, U.S. intelligence officials say.
Last week, the congressionally sponsored U.S.-China Economic and Security Review Commission alleged that China has “an elaborate strategy for obtaining America’s advanced technology by subterfuge, either stealing it outright or by requiring U.S. companies to turn over technology to Chinese business partners as a condition for investment and market access in China.”
Part of that strategy relies on computer attacks, the commission said.
“In 2012, Chinese state-sponsored actors continued to exploit U.S. government, military, industrial and nongovernmental computer systems,” the report said. “The volume of exploitation attempts yielded enough successful breaches to make China the most threatening actor in cyberspace.”
Losses from the theft of U.S. intellectual property through cyber-attacks and theft are difficult to quantify but are believed to be in the billions of dollars a year.
In one recent case, Brian Milburn, who runs Solid Oak Software Inc. in Santa Barbara, sued the Chinese government and nine companies for $2.2 billion in January 2010 in federal court in Santa Ana, alleging that his Cybersitter child-monitoring software had been pirated and illegally sold to 57 million users in China. The lawsuit was settled for an undisclosed amount in April, though the Chinese government did not participate in the settlement.
As the lawsuit unfolded, Milburn was targeted for harassment by Chinese hackers thought to have been tracked by U.S. intelligence, according to his Los Angeles lawyer, Gregory Fayer. He said the hackers blocked orders on the Cybersitter website, costing Milburn tens of thousands of dollars in lost sales.
“The guys they put on us were the virtual Chinese A-Team of hackers,” Milburn said in a phone interview Thursday. “They were the most patient people I’ve ever seen. They basically used the same techniques against me that they would use for cyber-espionage.”
Must-read stories from the L.A. Times
Get all the day's most vital news with our Today's Headlines newsletter, sent every weekday morning.
You may occasionally receive promotional content from the Los Angeles Times.