I had the pleasure of speaking at Pace University’s recent Threat Intelligence Forum about what’s really behind Chinese cyberespionage, and I thought it would be useful to replicate that talk here.
There are enough Chinese cyberattacks where it’s fair to say most of us are familiar with the surface picture. There were close to 700 Chinese cyberattacks designed to steal corporate or military secrets in the United States between 2009 and 2014, according to an NSA map released by NBC News.
It’s also important to note the attacks designed for economic theft are only a small piece of the larger picture. Many Chinese cyberattacks are designed to spy on dissidents living abroad, keep tabs on foreign news outlets, spy on governments, or to censor individuals and organizations that are critical of the Chinese regime.
In March, for example, it launched cyberattacks on the anti-censorship website GreatFire.org. In June, it stole 21.5 million background checks from the U.S. Office of Personnel Management on current and former federal employees. In September, the Chinese regime was caught spying on the U.S. government and European news outlets.
The attacks designed for economic theft usually get the most attention—and with good reason. Retired federal prosecutor David Loche Hall explained the economic seriousness of these attacks in his recent book, “Crack99.”
There are 75 industries in the United States identified as intellectual property (IP) intensive, according to Hall. These industries hold 27.1 million American jobs, or 18.8 percent of all employment. Each of these jobs also supports one additional job through the supply chain.
So, when you look at the whole picture, close to 40 million jobs, or 27.7 percent of all employment in the United States, relies on protection of IP. And it’s this IP that the Chinese regime has been stealing with cyberattacks.
Close to $300 billion and 1.2 million American jobs are lost each year to IP theft, according to the Commission on the Theft of Intellectual Property.
“When this innovation is meant to drive revenue, profit, and jobs for at least 10 years, we are losing the equivalent of $5 trillion out of the U.S. economy every year to economic espionage,” said Casey Fleming, CEO of BLACKOPS Partners Corporation, in a previous interview with Epoch Times.
BLACKOPS Partners Corporation provides intelligence and cyber strategy to the Fortune 500. He emphasized that to understand the impact of economic theft, you need to look at the full economic life cycle of raw innovation, including trade secrets, research and development, and information for competitive advantage.
Chinese cyberattacks are also a lot different from other cyberattacks, and this is why experts often place them under a different category.
Cybersecurity company MANDIANT wrote in 2010, “These intrusions appear to be conducted by well-funded, organized groups of attackers. We call them the ‘Advanced Persistent Threat’—the APT—and they are not ‘hackers.’ Their motivation, techniques and tenacity are different. They are professionals, and their success rate is impressive.”
It also notes, “... we’ve been able to correlate almost every APT intrusion we’ve investigated to current events within China.”
So, the big question is what’s really behind the APT. To understand this, you need to understand the structure and operations of the Chinese Communist Party’s (CCP) spy departments.
The overt spy operations are mainly carried out by two departments. The United Front Work Department works to expand the CCP’s sphere of influence in foreign communities, while the Overseas Chinese Affairs Office works to monitor Chinese living abroad and manage the CCP’s overseas systems of governance.
These departments are important to mention here because, while their focus is spying on individuals living abroad, their operations are aided by CCP cyberspy operations that can give them intel on targeted groups or individuals.
As an example, if the United Front Work Department was trying to butter up a U.S. senator, the CCP’s cyberspies could give them information from the senator’s emails or background check, which they can then use.
When it comes to cyberattacks for economic theft, most of these are attributed to the Third Department of the People’s Liberation Army General Staff Department. The Third Department runs the signals intelligence (SIGINT) operations of the CCP.
Alongside the Third Department is the Second Department, which runs many of the conventional human intelligence (HUMINT) operations. Then there’s the Fourth Department that handles the electronics intelligence (ELINT) operations.
There is a lot of overlap in Chinese spy operations. Physical spies may help the cyberspies by “accidentally” infecting a computer in a company where they’ve been planted. The CCP’s hackers may also help cover the tracks of an insider by launching a cyberattack to make it appear information was stolen by a cyberattack, instead of by the insider spy.
These departments handle the bulk of the CCP’s spy operations under its military, and they run large-scale operations. The Project 2049 Institute think tank estimated in November 2011 there were 130,000 personnel under the Third Department. Wall Street Journal estimated the department has 100,000 hackers, linguists, and analysts.
Both the above estimates, however, were based on earlier pictures of the Third Department, which said it has only 12 operational bureaus. It’s now known the Third Department has at least 20 operational bureaus.
The CCP’s cyberspies are also divided into three tiers, as was detailed in the 2013 edition of “The Science of Military Strategy,” published by a People’s Liberation Army research institute. The details were outlined in March by Joe McReynolds, research analyst at the Center for Intelligence Research and Analysis.
The first tier of the CCP’s cyberspies are military units “employed for carrying out network attack and defense,” McReynolds said. The second tier are specialists in civilian organizations—including with government offices—that are “authorized by the military to carry out network warfare operations.” The third are groups outside the government and military “that can be organized and mobilized for network warfare operations.”
The Chinese military also runs front companies to aid in these operations. The FBI’s former deputy director for counterintelligence said the Chinese regime operates more than 3,200 military front companies in the United States dedicated to theft, according to a 2010 report from the U.S. Defense Threat Reduction Agency.
While there is personal financial incentive in the attacks, particularly for Chinese military leaders, the CCP also directs economic theft through central coordination.
One of the main programs directing economic theft is Project 863. A report from the Office of the National Counterintelligence Executive said the CCP’s Project 863 is “emblematic“ of these efforts, as it ”provides funding and guidance for efforts to clandestinely acquire US technology and sensitive economic information.”
Other programs include the Torch Program, the 973 Program, and the 211 Program. According to the book, “Chinese Industrial Espionage: Technology Acquisition and Military Modernisation,” by William C. Hannas, James Mulvenon, Anna B. Puglisi, “Each of these programs looks to foreign collaboration and technologies to cover key gaps, and each reaches out to Western-trained experts for support, both by returning to China and by ’serving in place.'”
At the end of the day, however, all of these systems and policies work together with a common purpose to rob the United States and other countries of innovation in order to feed the Chinese economy.
A report from the U.S.-China Economic and Security Review Commission stated “China depends on industrial espionage, forced technology transfers, and piracy and counterfeiting of foreign technology as part of a system of ‘innovation mercantilism.’”
It adds the CCP “can avoid the expense and difficulty of basic research and unique product development by obtaining what it needs illegally.”