Tag Archives: Trade Secrets

U.S. initiative warns firms of hacking by China, other countries

FILE PHOTO: A Chinese flag flutters at Tiananmen Square in central Beijing, China June 8, 2018. REUTERS/Jason Lee

By Jonathan Landay

WASHINGTON (Reuters) – The Trump administration on Monday launched a drive to push U.S. firms to better protect their trade secrets from foreign hackers, following a slew of cases accusing individuals and companies of economic espionage for China.

U.S. companies hit by recent attacks included Hewlett Packard Enterprise Co and International Business Machines Corp

The National Counter-Intelligence and Security Center, which coordinates counter-intelligence efforts within the U.S. government, launched the outreach campaign to address persistent concerns that many companies are not doing enough to guard against cyber theft.

The Center is worried about cyber attacks on U.S. government agencies and the private sector from China, Russia, North Korea and Iran.

“Top corporate executives and directors should know the intent of our adversaries and what they are trying to do economically to gain the upper hand,” William Evanina, a veteran FBI agent who oversees the center, said in an interview. “We are not saying don’t invest in China or with China, but know the risk.”

The drive targets trade associations across the United States and their members. Videos, brochures and online informational materials describe the threat posed by cyber espionage and other methods used by foreign intelligence services.

One brochure details methods hackers use to break into computer networks and how they create fake social media accounts to deceive people into revealing work or personal details. It outlines ways to protect information, such as researching apps before downloading them and updating anti-virus software.

The first parts of this administration outreach effort called,”Know the Risk, Raise Your Shield,” focused mainly on federal workers. The new phase follows a series of cases announced by the U.S. government against individuals and firms for allegedly stealing government secrets and proprietary information from U.S. companies for China’s benefit.

Nine cases announced since July 2018 included the unsealing last month of an indictment of two alleged hackers linked to China’s main spy agency on charges that they stole confidential government and corporate data. The pair allegedly belonged to a hacking ring known as APT 10.

Evanina said the new campaign also focuses on what he called Moscow’s aggressive, persistent attacks on computer networks of critical U.S. infrastructure, which includes power grids and communications, financial and transportation systems.

China and Russia have repeatedly denied conducting such attacks.

The most serious threats now facing companies, Evanina said, are efforts to plant malicious software in components purchased from suppliers or to substitute counterfeit parts for genuine products.

Companies need to take greater care to counter those efforts and in vetting new hires because of the growing danger of employing people acting for foreign powers, he said.

(Reporting by Jonathan Landay; Editing by David Gregorio)

U.S., allies to condemn China for economic espionage, charge hackers: source

FILE PHOTO: U.S. President Donald Trump takes part in a welcoming ceremony with China's President Xi Jinping at the Great Hall of the People in Beijing, China, November 9, 2017. REUTERS/Damir Sagolj/File Photo

WASHINGTON (Reuters) – The United States and about a dozen allies are expected on Thursday to condemn China for efforts to steal other countries’ trade secrets and technologies and to compromise government computers, according to a person familiar with the matter.

Australia, Britain, Canada, Japan, the Netherlands, New Zealand and Sweden are expected to be involved in the U.S. effort, according to the source, who spoke on condition of anonymity.

The U.S. Justice Department also is expected later on Thursday to unveil criminal charges against hackers affiliated with China’s main intelligence service for an alleged cyber-spying campaign targeting U.S. and other countries’ networks, according to the source.

The Washington Post first reported the coming action on Thursday.

The suspected hackers are expected to be charged with spying on some of the world’s largest companies by hacking into technology firms to which they outsource email, storage and other computing tasks. The attacks began as early as 2017.

Cloudhopper is considered a major cyber threat by private-sector cybersecurity researchers and government investigators because of the scale of the intrusions.

Over the past several years, as companies around the globe have sought to cut down information technology spending, they have increasingly relied on outside contractors to store and transfer their data.

When a managed service provider is hacked, it can unintentionally provide attackers access to secondary victims who are customers of that company and have their computer systems connected to them, according to experts.

The timing of the action may further escalate tensions between Washington and Beijing after the arrest of Meng Wanzhou, the chief financial officer of Chinese telecommunications giant Huawei Technologies, in Canada at the request of the United States.

The action also comes just weeks after the United States and China agreed to talks aimed at resolving an ongoing trade dispute that threatens global economic growth.

(Reporting by Diane Bartz, Lisa Lambert and Susan Heavey; Editing by Will Dunham)

Chinese economic cyber-espionage plummets in U.S.: experts

Hand in front of computer screen

By Joseph Menn and Jim Finkle

SAN FRANCISCO (Reuters) – The Chinese government appears to be abiding by its September pledge to stop supporting the hacking of American trade secrets to help companies there compete, private U.S. security executives and government advisors said on Monday.

FireEye Inc, the U.S. network security company best known for fighting sophisticated Chinese hacking, said in a report released late Monday that breaches attributed to China-based groups had plunged by 90 percent in the past two years. The most dramatic drop came during last summer’s run-up to the bilateral agreement, it added.

FireEye’s Mandiant unit in 2013 famously blamed a specific unit of China’s Peoples Liberation Army for a major campaign of economic espionage.

Kevin Mandia, the Mandiant founder who took over last week as FireEye chief executive, said in an interview that several factors seemed to be behind the shift. He cited embarrassment from Mandiant’s 2013 report and the following year’s indictment of five PLA officers from the same unit Mandiant uncovered.

Prosecutors said the victims included U.S. Steel, Alcoa Inc and Westinghouse Electric. Mandia also cited the threat just before the agreement that the United States could impose sanctions on Chinese officials and companies.

“They all contributed to a positive result,” Mandia said.

A senior Obama administration official said the government was not yet ready to proclaim that China was fully complying with the agreement but said the new report would factor into its monitoring. “We are still doing an assessment,” said the official, speaking on condition he not be named.

The official added that a just-concluded second round of talks with China on the finer points of the agreement had gone well. He noted that China had sent senior leaders even after the U.S. Secretary of Homeland Security pulled out because of the Orlando shootings.

China’s Foreign Ministry, the only government department to regularly answer questions from foreign reporters on the hacking issue, said China aimed to maintain dialogue on preventing and combating cyber-spying.

“We’ve expressed our principled position on many occasions,” ministry spokeswoman Hua Chunying told a daily news briefing on Tuesday. “We oppose and crack down on commercial cyber-espionage activities in all forms.”

FireEye said that Chinese intrusions into some U.S. firms have continued, with at least two hacked in 2016. But while the hackers installed “back doors” to enable future spying, FireEye said it had seen no evidence that data was stolen.

Both hacked companies had government contracts, said FireEye analyst Laura Galante, noting that it was plausible that the intrusions were stepping stones toward gathering information on government or military people or projects, which remain fair game under the September accord.

FireEye and other security companies said that as the Chinese government-backed hackers dropped wholesale theft of U.S. intellectual property, they increased spying on political and military targets in other countries and regions, including Russia, the Middle East, Japan and South Korea.

Another security firm, CrowdStrike, has observed more Chinese state-supported hackers spying outside of the United States over the past year, company Vice President Adam Meyers said in an interview.

Targets include Russian and Ukrainian military targets, Indian political groups and the Mongolian mining industry, Meyers said.

FireEye and CrowdStrike said they were confident that the attacks are being carried out either directly by the Chinese government or on its behalf by hired contractors.

Since late last year there has been a flurry of new espionage activity against Russian government agencies and technology firms, as well as other targets in India, Japan and South Korea, said Kurt Baumgartner, a researcher with Russian security software maker Kaspersky Lab.

He said those groups use tools and infrastructure that depend on Chinese-language characters.

One of those groups, known as Mirage or APT 15, appears to have ended a spree of attacks on the U.S. energy sector and is now focusing on government and diplomatic targets in Russia and former Soviet republics, Baumgartner said.

(Reporting by Joseph Menn in San Francisco and Jim Finkle in Boston; Additional reporting by; Megha Rajagopalan in Beijing; Editing by Jonathan Weber and Richard Chang)