Google's carefully worded announcement last week that it had experienced "a highly sophisticated and targeted" cyberattack in China caught the attention of both human-rights advocates and industrial espionage experts, though for quite different reasons.
Activists focused on a Google statement that a primary goal of the attack had been to access the Gmail accounts of Chinese dissidents. Espionage experts, however, were drawn to Google's acknowledgment that the cyberattack "resulted in the theft of intellectual property."
Those words say a lot. "Intellectual property" means knowledge and ideas. It's what makes innovation possible, and it can include everything from secret formulas to computer source code. Google is among the most innovative companies on the planet, and someone in China has been stealing its secrets. Some China experts see this as the real story behind Google's threat to pull out of China.
"For Google to have made such a profound decision, to turn its back on the fastest-growing economy in the world, it had to have been more than a bunch of dissident e-mail accounts," says James Mulvenon of the Defense Group consultancy.
A Race To Pass The West
Mulvenon and others see the cyberattack on Google and more than 30 other companies in the context of China's determination to catch up and pass its Western rivals, economically and militarily. Progress in this area, however, is constrained by China's authoritarian character, with a legal and economic environment that is not always conducive to creativity. It's hard to imagine a company like Google or Microsoft or Apple starting on its own in China.
Without sufficient incentives and resources to develop their own cutting-edge technology, the Chinese may be tempted simply to acquire plans and ideas from the foreign companies that have already developed them.
"Western multinational companies are just finding it increasingly hard to do business in China, make profit in China, when facing a government that is so systematically trying to transfer innovation to China and using seemingly every tool at its disposal to do that," Mulvenon says.
Penetrating U.S. Defense Firms
The official U.S.-China Economic and Security Review Commission, in a report released two months ago, highlighted what it said was China's "increasingly aggressive" efforts to obtain U.S. technology, through "stepped up" cybertheft. The commission suggested that the Chinese have penetrated many U.S. defense companies, with the intention of stealing U.S. technology secrets.
"It saves them money," says Larry Wortzel, a longtime China espionage expert who serves on the commission. "It saves them their own research and development effort, and it leapfrogs Chinese industries ahead even though they may not have put the money into the research."
Countries steal secrets from each other all the time. But experts say the Chinese are virtually unmatched when it comes to cybertheft.
"They are so sophisticated. They are amazingly, complexly driven," says Stephen Spoonamore, a high-tech entrepreneur who has worked for years defending clients from Chinese hackers. The Chinese are so good at breaking into other people's computer systems, he says, that it's almost impossible to keep them out.
"If you create 50 or 60 or 70 units of a few dozen very good hackers apiece," Spoonamore says, "and then you add rows and rows and rows of control room monitors, [to follow an adversary's computer network operations], and if you pair those things up and run it 24-7, you're going to win. Period."
Spoonamore, now the CEO of ABS Materials, has a solid reputation in the Internet security business but says he has mostly given up his consulting work out of frustration with Chinese hackers.
Chinese Government Role Suspected
For the U.S. government, a pressing question is who exactly is behind all the cyberattacks that originate in China. Given speed-of-light transactions on the Internet, it's hard to identify the source of an attack with certainty. The congressionally appointed U.S.-China Economic and Security Review Commission, in its November report, pointed to "circumstantial and forensic evidence [that] strongly indicates the involvement of Chinese state or state-supported entities."
"When you see human espionage directed against specific technologies like quiet submarine drive systems [or] naval propulsion systems, and cyberattacks to extract exactly the same information, a reasonable analyst will conclude that it is probably government-directed," says commission member Wortzel.
Human spies and computer hackers looking for the same defense secrets at the same time. Who but a government would be directing an effort like that? It's a glimpse of 21st-century cyberwarfare.
Copyright 2022 NPR. To see more, visit https://www.npr.org.