When Chinese Hack Chinese
Image Credit: Tom Thai

When Chinese Hack Chinese

0 Likes
4 comments

Whenever the United States raises computer attacks that appear to come from computers based in China, Chinese government officials are quick to point out that they are also victims. “The fact is that China itself faces a rapid rise of cyber-crimes and attacks,” the Chinese Embassy to the United Kingdom said last week.

These claims are usually made to draw attention to hacks that come from outside China— “according to the 2010 report by the China National Computer Emergency Response Team, nearly half of Trojan server and Zombie server attacks on Chinese computer systems came from outside China”—but the Yangtse Evening Post has an interesting article on cyber espionage ordered by one Chinese firm on a potential supplier. The story goes like this:

A Nanjing-based company invested over 1 million RMB ($160,000) in developing new publishing software, receiving patents and grabbing a relatively large size of the market. After short negotiations over licensing the software, a Shanghai company decided the fee was too expensive and set about trying to steal the source code. 6,000 RMB ($945) was set aside for the job. The original person contracted to conduct the operation found it too difficult and so posted the job online. Eventually, a hacker named Liu, a graduate of a top university, a software engineer at another university, and a member of the hacker community took the job. It took him “no more than a few hours. Customers told the Nanjing-based company that its software was now available in Shanghai, and, after examining the software and finding it virtually the same as the original product, the company reported it to the Public Security cyber group.”  In what the newspaper calls the first case of “illegal acquisition of computer information systems data” uncovered by Nanjing police, Liu, and the two others were arrested.

Three issues emerge from this story. First, at least in cases where the intellectual property has an immediate market use, the actor is just as likely to be criminal or commercial as it is state or state-sponsored. If even small Chinese companies are adopting cyber espionage as a business strategy, controlling the problem is going to be extremely difficult.

Second, almost anyone could be a target. I heard this when I was in Germany and Switzerland, where there’s deep concern about protecting the manufacturing competitiveness of small and medium-sized enterprises.  If you have any type of market or price advantage based on intellectual capital, there may be a small company targeting you. And given how hard it has been for the big companies to develop effective cyber security, the small companies are going to be even more vulnerable.

Third, this isn’t good for China’s long-term goal of building an innovative economy. It is hard to see why small companies would invest 1 million RMB in R&D when they can steal it for 6,000 RMB. This threat to the innovation economy may be the one silver lining to extremely dark skies. If Chinese policymakers see cyber espionage as a big enough threat to their own companies, then they are more likely to actually begin to control hackers.  But that “if” is pretty conditional—policymakers would need a comprehensive view of (and authority over) innovation and espionage, and they would also have to be motivated to control hacking focused on both domestic and foreign companies.  In fact, the simplest thing to do would be to protect innovative Chinese firms while continuing attacks on foreign ones.

Adam Segal is the Ira A. Lipman Senior Fellow for Counterterrorism and National Security Studies at the Council on Foreign Relations. He blogs at Asia Unbound, where this piece originally appeared.

Comments
4
Observer
November 18, 2011 at 10:35

What chinese in china would not do to make some money? Dirty meat, explosive melons, dirty cooking oil, shoddy buildings that collapse, crashed trains, dirty air and water, etc. and now this?

Steal, steal, steal, and steal some more, long live the ccp.

srp
November 17, 2011 at 16:04

I heard a Microsoft executive working in Asia who claimed that as more Chinese companies have IP to protect, the government is getting more serious about enforcing its laws against piracy. But he had nothing to say about the hacking issue–I suspect a similar dynamic may take hold.

JUSTSAYNO
November 17, 2011 at 15:11

Industrial espionage is prevalent in most nations. Larry Ellison of Oracle famously hired private detectives to gather information in competitors’ garbage. Of course, this was before the internet became popular. China definitely needs to improve it’s IP laws, it’s stifling innovation. On the other hand, even with good IP laws companies will not stop other companies from hiring the talents from competitors. The bottom line is that if companies want to “steal” intellectual properties from other companies, it can do so as long as it pays enough.

Yang zi
November 17, 2011 at 11:49

This is a very good case, China need to get really serious about IP protection, raise the punishment, award whistle blowers.

Share your thoughts

Your Name
required
Your Email
required, but not published
Your Comment
required

Newsletter
Sign up for our weekly newsletter
The Diplomat Brief