The Untold Story Of Chinese Hacking: Outsourcing And Bonuses
Posted on
WASHINGTON: The People’s Liberation Army regularly outsources its hacking, encouraging and co-opting young Chinese programmers to hack and steal information for the greater glory of China’s ruling elite and the state, Breaking Defense has learned.
While very few people will discuss details of the operations, three sources with direct knowledge of the Chinese attacks say that a signficant portion of the $300 billion worth of intellectual property that was stolen last year from the United States — mostly by China — is extracted by programmers who do not wear military uniforms and are not directly employed by China’s enormous espionage enterprise.
This appears to explain why so many Chinese attacks are tracked to Chinese universities. It also helps explain why China’s efforts are so wide-ranging. In keeping with China’s avid pursuit of profits, two sources tell me that the PLA offers hackers bonuses for good work. For example, when Rep. Dutch Ruppersberger unveiled the $300 billion figure for stolen IP during a speech last week at the Center for Strategic and International Studies, he also mentioned that our fertilizer industry was a key target for China last year.
One source said that a hacker might be offered thousands of dollars in cash for a particularly lucrative haul, a pittance compared to the value of the information, but strong incentive for a young computer programmer. It also allows the state to try out youngsters, and those who prove particularly adept at both stealing and covering their tracks are recruited for more serious state-sponsored espionage, or to improve China’s offensive cyber capabilities.
One source close to the military’s cyber community said one of the most discouraging things about the Chinese approach to hacking — both for state espionage and for industrial espionage — is the very basic techniques that the Chinese use to penetrate the shabbily protected American networks and computers. Those simple techniques work largely because American industry does such a “crappy” job of protecting its networks, our source said, voicing a sentiment commonly heard among America’s cyber warriors.
The good news, this source noted, is that the Chinese face an enormously difficult task in combing through the gargantuan quantities of data they steal. Simply assigning people to look isn’t enough. They need to know what matters and what doesn’t and how the information might be used. And that requires highly educated analysts, who are neither cheap nor easily produced. But Chinese industries can help. After all, they are the beneficiaries of much of this information and it is in their interest to make use of it as quickly as possible.
And that is what makes the Chinese hacking threat so enormous. The state pursues the information in foreign countries for the benefit of private industry as well as the state itself.
“A lot of the science, technology, research and development collection seems to support key industries in China indentified as critical to future development,” Larry Wortzel, a member of the U.S.-China Security Review Commission and former intelligence expert on China, said in an email when I asked him about the Chinese hacking. “The organization in the military that would benefit from this type of intelligence is the General Armaments Department.” They make China’s weapons.
China possesses a huge advantage when it comes to hacking, as Wortzel noted: “Remember, US law prohibits our military and national security agency from engaging in espionage to turn information over to our private industries. But in China, these companies can go straight to the PLA to get R&D information.” And they don’t have to cope with privacy laws, civil rights advocates and others who worry about the US government infringing on its citizens’ Constitutional rights.
Subscribe to our newsletter
Promotions, new products and sales. Directly to your inbox.