Chinese Cyberespionage Crackdown Prompts Look At Intellectual Property Theft


Cyberespionage has been a poorly documented, longstanding problem, say solution providers. The indictment of five Chinese People's Liberation Army officers for their alleged role in hacking into U.S. computer networks to steal intellectual property is a sign that businesses need to take IP theft more seriously, they add.

The U.S. Department of Justice handed down the indictment Monday, charging that the men allegedly hacked into the networks of a number of companies, among them Alcoa and Westinghouse Electrics Co. The proprietary information sought by the hackers allegedly was passed on to Chinese-owned companies in an attempt to copy the processes and reproduce similar items, according to the indictment.

The theft of trade secrets, manufacturing plans and other highly sensitive intellectual property has been a serious concern for years, but security experts say the threat is poorly documented because most businesses are not required to publicly disclose data breaches involving the theft of the information. Intellectual property theft was at the heart of a report issued last year by Alexandria, Va.-based Mandiant (acquired by FireEye) on a Chinese group linked to sustained cyberespionage activity. The move by the Justice Department is not likely to have a measurable impact on global espionage, said Jon Heimerl, a senior security strategist at Solutionary, an Omaha, Neb.-based managed service provider and subsidiary of the NTT Group. Private and government-backed espionage will continue regardless of how this particular case progresses, Heimerl said.

[Related: Verizon 2014 Data Breach Report: The Bad Guys Are Winning]

"These activities could be considered 'crimes' by any and all foreign governments," Heimerl said. "By any number of international standards, it would not be surprising at all to see more lawsuits filed as a result of eavesdropping or corporate spying."

The indictment alleges the five officers stole design and technical specifications, email and financial information from U.S. private sector businesses. The men are assigned to People's Liberation Army Unit 61398, a hacking group that allegedly steals information to give an advantage to state-owned companies and other interests in China, said U.S. Attorney General Eric Holder in a statement.

 “The indictment alleges that these PLA officers maintained unauthorized access to victim computers to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises," Holder said. "In some cases, they stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In others, they stole sensitive, internal communications that would provide a competitor, or adversary in litigation, with insight into the strategy and vulnerabilities of the American entity.”

At Westinghouse, the intruders allegedly stole design specifications for pipes, pipe supports and pipe routing designed for nuclear power plant buildings. At aluminum producer Alcoa, one of the hackers allegedly stole thousands of email messages and attachments from the company's systems regarding a partnership between Alcoa and a Chinese state-owned company.
 

NEXT: Some Firms Fail To Address Data Security Lapses