WASHINGTON — China has stepped up its thefts of American trade secrets through hacking in the past year after a lull during the end of the Obama administration, according to a new report by a leading cybersecurity firm.
“The big headline really is that China is back,” said Dmitri Alperovitch, co-founder of CrowdStrike, which published a midyear report Tuesday describing its observations of Chinese hacks into biotechnology, defense, mining, pharmaceutical, professional services and transportation firms.
“They are back to stealing intellectual property on a massive scale.”
CrowdStrike, other private firms and U.S. intelligence agencies all reported observing a drop-off in Chinese cyberespionage for purely economic purposes after September 2015, when President Barack Obama and Chinese President Xi Jinping agreed to curb the practice. U.S. spy agencies say they don’t engage in espionage for economic purposes.
But over the last year, as the Trump administration has taken an increasingly tough stand on what it considers unfair Chinese trade practices, thefts of intellectual property from U.S. companies by hacking groups linked to the Chinese government are on the rise, private and government experts say.
Alperovitch was among the first cybersecurity researchers to publicly call out China for cybertheft, and his firm was hired by the Democratic National Committee in 2016, leading to the discovery that it had been hacked by Russia. He said his firm is observing an increase in hacks by China’s Ministry of State Security, which he says is far more adept and proficient than the People’s Liberation Army, which previously had conducted most of the hacks into private Western companies.
“That’s troubling, because they’ve always been the better actor,” he said.
Gen. Keith Alexander, while head of the National Security Agency in 2012, described intellectual property theft by China and other adversarial countries as “the greatest transfer of wealth in history,” because, he said, China has built whole industries using stolen formulas, plans and techniques that Western companies spent years and billions of dollars to develop.
In 2014, the Justice Department indicted five Chinese military hackers and accused them of stealing secrets from U.S. Steel, J.P. Morgan, Alcoa, Westinghouse Electrical Co., SolarWorld and the United Steelworkers.
Companies have become much better at detecting and defending against hacks, Alperovitch said, and so the days of hackers breaching a corporate network and remaining hidden there for years as they exfiltrate information are mostly gone.
Now, he said, hackers “may have hours, you may have minutes” before being detected and ejected, but that can be enough to exfiltrate terabytes of valuable data.
The CrowdStrike report does not name its client-victims. It uses code names with some variation of “panda” to denote Chinese hacking groups it tracks using telltale signatures and other intelligence.
The report examines cases in which Chinese adversaries targeted a multinational resources company for reconnaissance purposes and a separate instance when a think tank’s critical data was stolen.
CrowdStrike also documented an upswing in criminal hackers breaking into companies to harness their computing power to mine cryptocurrencies such as Bitcoin.
The firm also observed a surge in the targeting of the biotechnology industry, suggesting industrial espionage against multiple companies in an effort to collect highly specialized research and intellectual property.
China generally denies that it engages in state-sponsored cyberthefts of intellectual property.