From what I understand many corporate victims of Chinese industrial espionage since 2008 specifically declined to pursue prosecution for fear of what it would do to their existing or potential for business with Chinese entities and individuals.[0]
And this was despite a Justice Department that was chomping at the bit to prosecute Chinese industrial espionage. I bring this up because I think this shows why leaving weighty matters involving the security and future of your country up to corporations is a poor idea, especially when corporations are motivated solely by profit as corporatists gleefully remind us at all times.
FYI, I don't assume that Chinese companies don't do hacking. It's just that the article was about hacking by the Chinese state and why American companies have been reluctant to come forward as victims of this hacking.
And this question in a sense has little to do with China in particular. When someone is victimized by an individual or institution that has considerable power over them, are they reluctant to come forward? You bet they are. The only thing that can convince them is an individual or institution that can protect them.
The US government cannot protect a US company doing business in China. Is this something like an "abusive relationship", sure but so are a lot of things.
This should be an important topic of conversation in technology. Similar to other real threats to U.S. companies and citizens, Chinese espionage is the real deal.
It's unfortunate that Mr Xi was caught in the crossfire. But, it's not like he was held in prison without justice. In this case, the justice system worked itself out, and Xi was shown to be innocent. He was not, as far as I can tell from reading the article, deemed guilty until proven innocent. He was suspected of a crime, the evidence showed that he had not committed a crime, and the charges were dropped.
But, generally, I think the U.S. is much too lax in its patrolling of Chinese espionage. Things have been out of control for many years, at least for the couple decades that I've worked in research and development. Too often, at conferences and trade shows, have I seen the roving groups of Chinese with their video cameras and notebooks, blatantly stealing ideas and IP. Several times, I've witnessed suspicious Chinese citizens coming to work for tech companies, straight from China, being overly interested in details of IP, then mysteriously quitting, without a trace. It's a real problem.
Finally. It's refreshing to see US try to drive a stake between the corporate interests and a big monolithic government. This is a country that is spying on economic allies all over the world and callaborates by horse trading secrets to corporate interests. I understand that they can't talk about the length of the list, who is on it or the crimes they comitted, but just knowing they they have a list feels like justice to me, and these hackers will face retribution.
China has to realize that it is hurting the financial position of the entire country and it's own credibility, by funneling secrets to private companies. If the reverse were true in the US, companies funneling secrets to the governement, it would be treason. America has the advantage of complete isolation of the government and corporations, which just isn't possible in a communist nation, so only in the most extreme cases do the two share finances or data.
China approves state sanctioned hacking against their allies and citizens in private companies and it gives them an unfair advantage. If private companies had that sort of clout in the US, you would see laws structured favourably for corporations and they would yield a lot more political influence. China is the kind of country that would commit industrial espionage against private companies it is allied with economically and politically. If it were possible for them to configure Danish and Malaysian servers via network and physical intrusion, they would be able to tactically engineer a super virus that would affect >50% of a whole country, not to mention collatoral damage. It would hurt the companies reputation, jeopardize it's secrets and causing them millions in damages as well as the hundreds of thousands affectd.
The article says:
"Chinese prosecution would entail the United States sharing evidence linking the cyberintrusions to the individuals. And to do so could compromise sensitive information on how the U.S. government tracked the suspects."
THESE ARE HACKERS. We shouldn't be afraid to get a win once in a while. We have to do something and a good first step would be to go to China, and tell them how we caught them breaking into private companies in the US and abroad, and we were able to document these records. They need to know that if they hit a multinational, a data center, resedential citizens, etc. that we are there, we will catch you and we will bring you to justice.
Im glad the US is taking a stand against this. I look forward to watching these hackers face trial, but ultimately, their government and citizens should be ashamed of themselves. It's a shame the Cyber Security bill failed to pass the senate a few months ago, that way organizations would monitor for cyber threat indicators and they would be forced to protect us from these hackers. I think I echo the words of the unnamed source, when I say "Look, here’s these guys. Round them up".
Well, according to the US Department of Justice, China is behind 90% of espionage and industrial theft cases that it has handled over the past 7 years [1]
To use a less biased source [2], SCMP (which is a HK newspaper now owned by Jack Ma, founder of Alibaba) mentioned:
John Demers, assistant attorney general in the Justice Department’s national security division, said that by stealing trade secrets through computer intrusions and the co-opting of company insiders, China had “turned the tradecraft of its intelligence services against American companies”.
Between 2011 and 2018, Demers said, more than 90 per cent of his department’s cases alleging “economic espionage on behalf of a state” involved China. Among such cases are the recent prosecutions of Chinese national Xu Yanjun, suspected of trying to steal trade secrets from US and European aerospace companies, and 10 other Chinese intelligence agents suspected of similar offences.
“The playbook is simple,” Demers said. “Rob, replicate and replace.”
I find these attempts to distinguish between different state sponsored criminals to be a diversion and subterfuge.
Whether China or the US re-allocates your IP, you can expect a competing product made in China. That you might have a relationship with one of them probably doesn't change anything unless they actually think your firm is the best one for the job of maximizing the results on their tax base.
I mean maybe I'm wrong; would it make any sense that these Republics take private corporate property more seriously other parts of their Constitutions they have violated at least until caught?
The US makes the claim China does not and former president and CIA head George Bush floated corporate espionage as THE plan for handling the absurd costs of "intelligence" criminals after the cold war..
I'm always astounded that working in a competitive market seems to blind people to significant stated facts of the environment their market is operating in.
In nature, it might make sense to just outrun the weakest, after all, a bear has a limited appetite. But superpowers have unlimited apetites and will collapse like the USSR if they should ever expand slower than cancer.
I don't understand why this isn't a more widely-held sentiment. There's been instance after instance of corporate espionage in Western companies involving Chinese actors in the past 2 decades.
A history of espionage and theft of trade secrets demonstrates the necessity of concern.
"Xiaoqing Zheng who holds dual-citizenship in the United States and China, used elaborate and sophisticated methods to steal countless digital files containing trade secrets from General Electric regarding their wind turbine technology"
https://blog.twinstate.com/news/ge-trade-secrets-theft
"According to today’s conviction, Xu attempted to steal technology related to GE Aviation’s exclusive composite aircraft engine fan – which no other company in the world has been able to duplicate – to benefit the Chinese state."
https://www.justice.gov/usao-sdoh/pr/jury-convicts-chinese-o...
" A notable example is the 2014 lawsuit by T-Mobile, in which Huawei was accused of, among other conduct, sending an engineer to a T-Mobile facility to see "Tappy," the company's computer driven robot with a mechanical arm used to test smartphone screens to improve the reliability of its handsets. The engineer slipped one of the robot's fingertips into his laptop bag but was caught on camera"
https://www.mondaq.com/unitedstates/trade-secrets/1052104/th...
"A former associate scientist was sentenced to 24 months in federal prison in federal court today for stealing proprietary information worth more than $1 billion from his employer, a U.S. petroleum company."
https://www.justice.gov/opa/pr/chinese-national-sentenced-st...
There are dozens of such visible cases. The vast majority of trade-secret theft is uncaught.
I worked for one of the largest Corporations in technology back in 2005. We opened a facility in China for manufacturing and another smallish one for R&D. Our corporate network was constantly probed from these locations. There were several attempts to access financial data and other sensitive areas of our network. Whenever ever we brought the perpetrators forward to explain their actions, they immediately resigned without saying a word (would just walk out). Even the factory managers would remain quiet. It came to our attention many of the employees were part of the PLA, planted on the inside.
I believe it is impossible to operate a facility in China without having the PLA operatives on the inside. It's part of the risk companies take to do business in China.
In China, there is no difference between international espionage and corporate espionage. Their Ministry of State Security has proved this again and again.
Stealing intellectual property from companies advances their military goals.
The amount of autonomy and legal recourse of a private corporate entity in China compared to the United States. While the US does not have a great track record (Room 641A, National Security Letters, v-chip, putting export controls on strong encryption, etc) entities like the EFF and ACLU, plus corporate entities have successfully and repeatedly pushed back.
I am not an expert on Chinese corporate entities, but my anecdotal observations from working in companies with arms in China has been it's always a very careful process to not annoy the government, as it means losing everything with little recourse.
Edit: The implication is that, if the government of China, was exceptionally interested placing a backdoor in the software of a Tencent system, they may not be able to reasonably object. Where if the FBI came to Apple, (and we know they have) they can say no. [1]
Would you get tried in the US for interning at a company and then go to a competitor with all your inside knowledge ? [edit: barring a paid non compete agreement]
Then a step further from that, sure there are laws to prevent you from wholesale lifting corporate data and bringing them out as you leave, but as many laws it will be extremely difficult to detect and prove that happened in many low profile cases. That's why instead of just relying on the law you'll lock usb ports monitor network activity and get laptops returned when someone leaves.
It's kinda like preventing shop lifting, you know it will happen at some scale.
> US company / Chinese gov
How much leverage do you thing a Chinese company has to if a three letter US agency spies on them and pass the info to US companies ? And would you argue that scenario wouldn't happen if a specific Chinese company had a decisive advantage that could severly hurt US interests ?
I don't understand why people are discounting the fact that the said companies wants to do business in China and you can't do that by accepting the Chinese state is trying to hack their companies.
IMHO, this is a very big aspect and companies lie all the time. Even if this came out to be false, they don't get as much heat as they would get now.
I'm in doubt about any real negative diplomatic or economic repercussions that prolific Chinese computer espionage has yielded for China. The strongest American responses to Chinese espionage have been from the Google and Github corporations. The U.S. government issues tepid responses [1] [2] [3] to incidents that would be considered some of the most impressive and extreme acts of espionage. (The U.S. government issued indictments for the operators behind [2], but this is essentially a no-op since they need to be on U.S. soil to be arrested.)
The fact is that the major powers of the world conduct espionage and that disclosures are not handled as acts of war. Discovered spies are typically placed in a persona non grata diplomatic status and granted safe passage back to their home countries. See U.S. spy Ryan Fogle. [4]
I don't mean to pick on China; I addressed it because it was the example you gave. Every major power has had at least one widespread computer espionage campaign discovered by Kaspersky, Symantec, Mandiant/FireEye, etc.
China protecting their own IP does not preclude China conducting industrial espionage in other countries; for that matter, the US NSA conducts industrial espionage in other countries for the benefit of US companies.
Corporate and national espionage are as old as time, and senior leadership needs to wise up to this threat. China is running the most broad and sophisticated IP espionage campaign in history, and most companies think a 15m PowerPoint about not responding to phishing emails is sufficient protection against this. Until we get some strong legislation on corporate data security, this is just going to keep happening.
Industrial espionage can be an existential matter for companies. They rarely make the headlines but there's plenty of court cases like AMSC vs Sinovel, where Sinovel (China) stole the control software AMSC had developed and pretty much ruined them as a company.
And this was despite a Justice Department that was chomping at the bit to prosecute Chinese industrial espionage. I bring this up because I think this shows why leaving weighty matters involving the security and future of your country up to corporations is a poor idea, especially when corporations are motivated solely by profit as corporatists gleefully remind us at all times.
[0]https://www.npr.org/2019/04/12/711779130/as-china-hacked-u-s...
reply