Forgot your password?
typodupeerror
China Businesses Security United States

Richard Clarke: All Major U.S. Firms Hacked By China 311

Posted by Soulskill
from the information-liberation-cyberarmy dept.
bdking writes "Former White House cybersecurity advisor Richard Clarke says state-sanctioned Chinese hackers are stealing R&D from U.S. companies, threatening the long-term competitiveness of the nation. He said, 'The U.S. government is involved in espionage against other governments. There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. We don’t hack our way into a Chinese computer company like Huawei and provide the secrets of Huawei technology to their American competitor Cisco. [He believes Microsoft, too, was a victim of a Chinese cyber con game.] We don’t do that. ... We hack our way into foreign governments and collect the information off their networks. The same kind of information a CIA agent in the old days would try to buy from a spy. ... Diplomatic, military stuff but not commercial competitor stuff.'"
This discussion has been archived. No new comments can be posted.

Richard Clarke: All Major U.S. Firms Hacked By China

Comments Filter:
  • You don't say... (Score:5, Insightful)

    by betterunixthanunix (980855) on Tuesday March 27, 2012 @02:10PM (#39487487)
    Yeah, it is not as though the US uses its own signals intelligence agency to spy on foreign businesses and pass R&D secrets to domestic firms...

    http://en.wikipedia.org/wiki/ECHELON#Controversy [wikipedia.org]
    • by durrr (1316311) on Tuesday March 27, 2012 @02:14PM (#39487549)

      yes but the US government is the good guys. Haven't you heard?
      Everyone else is the bad guys.

      And if we have to lie a bit to make the US government look better, then it's for a good cause.
      Now shut the fuck up before your ass is NDAAed

    • by Travoltus (110240) on Tuesday March 27, 2012 @02:17PM (#39487597) Journal

      Well done for pointing that one out, though. :D

    • by wisty (1335733) on Tuesday March 27, 2012 @02:17PM (#39487599)

      Also, were it not for western industrial espionage against China, we wouldn't have paper or porcelain or tea.

      The US doesn't steal commercial know-how because they already have plenty. China is decades behind (in some areas), and can benefit a lot from acquiring foreign IP.

      In fact, China's subsidies of industrial inputs (land, energy, water, steel, etc) are there to drag in foreign manufacturing. Want to guess why they want everything made in China? It's so they can figure out how to make it themselves.

      It's a hell of a lot better than invading resource-rich countries to try to build up your industrial base. And if no-one ever stole secrets, we'd still all be in the dark ages.

    • by na1led (1030470) on Tuesday March 27, 2012 @02:26PM (#39487713)
      I want access to all the X-Files!
    • by Dhalka226 (559740) on Tuesday March 27, 2012 @02:44PM (#39487971)

      Does it bother anybody else that the source in question is as bad as it is?

      I looked at the source for the claim that the US has engaged in industrial espionage, which points to a 194 page report from a European commission and which the person who made the claim is clearly hoping was too long for anybody to read.

      The only point relevant to the claim is this:

      The United States readily admits that some of its intelligence service's activities also concern industry. This includes, for example, monitoring of the observance of economic sanctions, compliance with rules on the supply of weapons and dual use goods, developments on commodities markets and events on the international financial markets. The rapporteur's findings are that the US services are not alone in their involvement in these spheres, nor is there any serious criticism of this.

      In other words, the industrial espionage they know about is something they aren't even willing to criticize.

      Further along, under a big heading "Is ECHELON suitable for industrial espionage?" they go on to explain that if it finds any, it was an accident.

      The strategic monitoring of international telecommunications, can produce useful information for industrial espionage purposes, but only by chance. In fact, sensitive industrial information is primarily to be found in the firms themselves, which means that industrial espionage is carried out primarily by attempting to obtain the information via employees

      (their emphasis)

      In other words, they took two paragraphs and three bullet points to say "no, they wouldn't bother using ECHELON for this."

      It is followed by a chart of cases of industrial espionage (with no explanation as to how they arrived at any of the entries), and the only entry that may relate to ECHELON (rather than using an agent or taking photographs) is a 1994 NSA action where they intercepted calls and faxes related to how Airbus was bribing Saudi Arabian officials to win a contract. Those dastardly Americans! It's so rude to use spy on the competition when they're just trying to bribe somebody. Gosh! And yet still, I'm just supposing this entry is in any way related to ECHELON since it makes no such claim.

      I am not claiming the US does not engage in this kind of behavior; they probably do, and for all I know they've been caught red-handed at it too. But this report is not proof of that, even if we were to take Wikipedia as a great source of anything to begin with.

      • Re:You don't say... (Score:3, Interesting)

        by lcam (848192) on Tuesday March 27, 2012 @04:21PM (#39489251)

        I am not claiming the US does not engage in this kind of behavior; they probably do, and for all I know they've been caught red-handed at it too. But this report is not proof of that, even if we were to take Wikipedia as a great source of anything to begin with.

        Masterfully put.

        In fact, there is no proof the US does not engage in this kind of behavior. Since the general presumption is that they do engage in these types of activities, to point out equivalent Chinese activities and call it "unlawful" or in someway try to take the high moral ground in regard to the issue is what we know of as hypocrisy.

        Whether or not such activities are negative, as far as the human race is concerned, is questionable. Especially if you observe US and Chinese activities from a culturally relative (ie free of political motives) standpoint. Perhaps we can all agree that whatever conclusion governments may make regarding the issue of espionage, whether it be commercial in nature of not, is always based on some political motivation. In this case maybe the US wants more polarization of US citizens so they may (who knows) more easily identify who are the terrorists.

    • by jeffmeden (135043) on Tuesday March 27, 2012 @02:48PM (#39488041) Homepage Journal

      Yeah, it is not as though the US uses its own signals intelligence agency to spy on foreign businesses and pass R&D secrets to domestic firms...

      http://en.wikipedia.org/wiki/ECHELON#Controversy [wikipedia.org]

      So the two big claims are one of uncovering a bribery ring (hard to say that it is nefarious to report a crime) and one of passing along secrets about wind power despite the company in question filing a patent for said technology some two years before they were "gifted" this information?

      Sounds *just like* the endless parade of reports about china-based attackers specifically breaking in to US and international firms in search of IP. /sarcasm

    • by Colin Smith (2679) on Tuesday March 27, 2012 @03:03PM (#39488227)

      Processes, secrets, entire facilities wholesale to China.

    • by dargaud (518470) <[slashdot2] [at] [gdargaud.net]> on Tuesday March 27, 2012 @03:20PM (#39488465) Homepage
      Yeah, my beer went through my nose when I read "Diplomatic, military stuff but not commercial competitor stuff". The US has been proven over and over again to have used its very many 'intelligence' agencies [wikipedia.org] (1271, un-freaking-believable) to gather commercial information for the express interest of private US companies. It's not even the stuff of conspiracy theorists as they've been documented by the victim countries themselves.
    • by jythie (914043) on Tuesday March 27, 2012 @03:42PM (#39488749)
      Not only that, but there have been historical cases of the US government overthrowing entire governments at the rest of US companies. There were quite a few nasty cases of agricultural importers wanting to keep near slave labor and using the CIA or military to get rid of reform governments.

      I will take China's tactic of hacking the US's tacit of assassination (character or literal) and overthrowing any day.
    • Re:You don't say... (Score:3, Interesting)

      by fullback (968784) on Tuesday March 27, 2012 @07:01PM (#39490979)

      The U.S. government tapped phones of Japanese car makers to pass information to U.S. unions for bargaining. They stole manufacturing secrets from a German wind turbine company to give to a U.S. competitor. They stole data and passed on trade secrets to U.S. call phone companies.

      This Richard Clarke is either incredibly naive or a bold liar. I would say the latter, since it seems to be a standard practice in Washington D.C.

  • by grasshoppa (657393) <{skennedy} {at} {tpno-co.org}> on Tuesday March 27, 2012 @02:12PM (#39487511) Homepage

    Having worked for a few firms in the IT division, I can say this isn't surprising...at all. Between clueless management and the inability to grasp IT's value and contribution to a company, it'd have been news if they HADN'T been cracked wide open.

    When you mix in outsourcing, the argument can almost be made that this is exactly what these firms WANT to happen.

    • *is, not isn't. It's one of those days.

    • by Billly Gates (198444) on Tuesday March 27, 2012 @02:37PM (#39487875) Journal

      The accountants have a point.

      Sales make money. You cost money.

      Which would you maximize and which would you minimize? A cost center or a profit center? That is business 101.

      I always advice IT people to work in a technology company. Otherwise you will always be undervalued and underpaid. Same is true if you are a financial wizard. You can make a good upper middle class salary at a regular company. However, working at a bank you will be a multi millionaire instead with that background because you add value and contribution to your company MUCH more.

      In the past we were once valued as profit centers and assets as great productivity gains were realized switching to computers then desktops, then spreadsheets, email, and so on and so on. Today, a nerd is not someone who can turn on a PC and use a formula in a spreadsheet. Everyone can do this. Therefore, we do not offer anything of important value except when something blows up.

      Anyway the risk is well worth the effort of massively increased sales and low cost labor. As long as the share price goes up and the CFO and CEO can get their bonuses from the cost savings and profit center increases then all is good even if it does get hacked.

      • by Pieroxy (222434) on Tuesday March 27, 2012 @02:45PM (#39487985) Homepage

        True, 100% true. I wish I still had mod points.

      • In the past we were once valued as profit centers and assets as great productivity gains were realized switching to computers then desktops, then spreadsheets, email, and so on and so on. Today, a nerd is not someone who can turn on a PC and use a formula in a spreadsheet. Everyone can do this. Therefore, we do not offer anything of important value except when something blows up.

        This is precisely the attitude I was talking about; management and bean counters fail to appreciate just how important IT is. You only touch on one, very small, aspect of our jobs. In fact, IT holds as much, if not more, liability as HR; we protect the company in countless ways, and accordingly, our skillsets need to be varied. I need to be at least semi-competent in every skill set necessary to successfully run a company; HR, legal, finance, project management to name the generics, not to mention the specific core competency of the business. And then, on top of all of that, I need to be an expert in various IT technologies. If I fail in any of those responsibilities, I expose the company to serious liability ( oh, you were ignorant of some obscure PCI requirement? Fined. Oh, you didn't realize employee records needed to be handled a certain way legally? Fined. ect... ).

        That's what IT is about; not building workstations or servers. It's managing the information in the corp, with the goal to create an efficient organization.

  • Riiiiight. (Score:5, Insightful)

    by cpu6502 (1960974) on Tuesday March 27, 2012 @02:15PM (#39487565)

    The government routinely shares information with its defense contractors. Where that information comes from? The corporation does not ask.

  • by Galestar (1473827) on Tuesday March 27, 2012 @02:16PM (#39487577)
    ...we don't do the same kind of spying they do. Our spying is okay, theirs is evil.
    • by Baloroth (2370816) on Tuesday March 27, 2012 @03:33PM (#39488649)

      You say this jokingly, but it is in a very real way true. It is always in the best interest of a government to be well informed, and for their, uh, "friends" (the quotation marks are not optional in this case) to not be. Which means it is perfectly consistent for a government to protest foreign intelligence gathering, while conducting their own. It is hypocritical, in a way, but in another way it isn't.

      Same holds true of nearly every kind of advantage (economic, military, or political). A country wants itself to have it, but not its (potential) enemies. Nothing about that is actually contradictory, unless you are an outside observer who treats every country as being perfectly equal. No such observer exists. Even third parties are inevitably biased, through personal interest or simply prejudice against one side or another.

  • Food for thought (Score:2, Informative)

    by schrodingersGato (2602023) on Tuesday March 27, 2012 @02:18PM (#39487605)
    Yeah its underhanded and shitty, but if we keep playing by the same rules, awe shouldn’t be surprised when nations life china surpass us. I’m not saying I agree with their practices at all, but this is a new reality that needs to be accepted and overcome.
  • What? (Score:5, Interesting)

    by Anonymous Coward on Tuesday March 27, 2012 @02:18PM (#39487607)

    Did he just admit that his government hacks into other governments computer systems to steal diplomatic and military secrets? Did obama not say that cyber warfare like that is testimount to an act of war? If it's not and its ok for them to do it why are they trying to get that uk civilian hacker Gary Mckinnon for doing the same thing to them and saying its wrong and illegal when he did it to them but not when they do it themselves?

  • by cjonslashdot (904508) on Tuesday March 27, 2012 @02:19PM (#39487627)
    Yeah, we just overthrow governments and set up their elected officials to take the blame: https://en.wikipedia.org/wiki/1953_Iranian_coup_d'%C3%A9tat [wikipedia.org]
  • by Nyall (646782) on Tuesday March 27, 2012 @02:20PM (#39487633) Homepage

    I'm wondering when/if a U.S. company is going to sue China and go after their assets. Namely the Chinese government's stake in U.S. debt.

  • by larsl (30423) on Tuesday March 27, 2012 @02:21PM (#39487649) Homepage

    Clarke is either wrong or lying. It is documented that the CIA spies on Airbus to help Boeing get contracts.

  • by mark-t (151149) <`markt' `at' `lynx.bc.ca'> on Tuesday March 27, 2012 @02:21PM (#39487651) Journal

    Those are the words of somebody who is feeling more than just a tad defensive, and trying to justify their own actions because of how they know it would look.

    I'm not saying he was lying, but from where I sit, it sure looked like he was just trying to make excuses.

    It just seems to scream points #7, #9, and #14 from this list [ethicsscoreboard.com], and raises some red flags, at least.

    • When you are dealing with such a subject of industrial espionage, the first obligation is to defend the country. While you might be able to use some random site's recommendations to make a case against it, national security will trump them every time. Whether it is some offshoring lobby, industrial espionage, or some other group that wants to attack the US, the author is correct to say how bad it is.

      But don't let facts get in the way of your anti-American beliefs.

  • by sethstorm (512897) on Tuesday March 27, 2012 @02:24PM (#39487681) Homepage

    This is what we get when we get too friendly with nations that are still despotic in nature, reserving freedom for the few businesses and not the many. They are used to take away freedom from people under the canard of "competitiveness", something that is only used to wash the blood from indefensible actions.

    Shame we can't have a national security directive to kill offshoring - since it is about the only thing that can kill this for good. It may not be the cleanest answer, but it is the one that cuts the lobbyists out of the equation. If we want offshoring, it cannot be in the current form - a form that is only used as retribution for successes and security gained by First World citizens. It must be in a form that clearly prioritizes citizens of all skill levels first for hiring and training (to get rid of the skill-level complaints) for long-term & direct hire jobs (to obliterate the permatemp culture); it cannot be simply a way to exact concessions in the name of Ricardian economics.

  • by future assassin (639396) on Tuesday March 27, 2012 @02:24PM (#39487689) Homepage

    'The U.S. government is involved in espionage against other governments. There’s a big difference, however, between the kind of cyberespionage the United States government does and China.

    Kinda like

    'The U.S. government is involved in torture against non US citizens There’s a big difference, however, between the kind of torture the United States government does and China.

  • by k6mfw (1182893) on Tuesday March 27, 2012 @02:30PM (#39487763)

    the grass is green and the sky is blue.

    <gripe> I mean really, what else do you expect. Don't outsource design and manufacturing to China like so many US companies have done. Cylon kill switches anyone?
    </gripe>

  • by Jim Buzbee (517) on Tuesday March 27, 2012 @02:31PM (#39487795) Homepage
    I don't doubt that a lot of cyber-spying is going on, but also note that Clarke is now CEO of Good Harbor Consulting [goodharbor.net], which coincidentally makes a boatload of money dong Cyber consulting. The more frenzy he whips up, the more money he rakes in.
    • by zbobet2012 (1025836) on Tuesday March 27, 2012 @02:44PM (#39487949)

      While it is true he makes more money the bigger the frenzy, keep in mind that doesn't necessarily mean he is incorrect or acting immorally. If he believes there is a problem, thinks there is a market for fixing it, and is attempting to raise awareness of the problem he may way be acting in a correct manner. In short conflict of interest is not proof of incorrectness.

      So yes by all means take him him with a grain of salt, but also actually look at the evidence he presents.

  • by 3seas (184403) on Tuesday March 27, 2012 @02:37PM (#39487879) Journal

    ....bull shit, upon bull shit upon ....repeat to infinity.... spy vs. spy idiocy as seen in MAD mag.

  • by geoffrobinson (109879) on Tuesday March 27, 2012 @02:44PM (#39487963) Homepage

    If you want access to China's market, you have to build in China. And if you are building in China, China is figuring out how you build things.

  • by Maximum Prophet (716608) on Tuesday March 27, 2012 @02:46PM (#39488007)
    Most large companies I've worked for won't use the *published* best practices of companies like Google or Microsoft, what makes anyone think that a large company can make any use of secret information that can't be verified?
  • Oy Vey! (Score:5, Insightful)

    by alexborges (313924) on Tuesday March 27, 2012 @02:47PM (#39488017)

    "The U.S. government is involved in espionage against other governments. There’s a big difference, however, between the kind of cyberespionage the United States government does and China. The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing [many believe that Chinese hackers gave Boeing secrets to Airbus]. "

    Here is a hint: start doing it, you dumbasses. Im no expert in chinese culture, but i've been studying their story with reverse engineering and the way they've built their home industry to come to the conclusion that, to the chinese, this is business as usual.

    You may be appalled by it, you may cringe with moral sentiment (and stubborn western-european hypocrisy), but you don't just stand there. Have a strategy to take a blow-by-blow approach to this and counterattack.... and maybe then you will realize all your strict IP laws and magical thinking make no sense at all in this brave new world.

    Snap out of it NOW!

  • by humphrm (18130) on Tuesday March 27, 2012 @02:49PM (#39488043) Homepage

    "Communist" China is no more. China is state run capitalism.

  • by HBI (604924) <kparadine@gma i l . c om> on Tuesday March 27, 2012 @02:59PM (#39488165) Homepage Journal

    1. To China, US technological superiority in the commercial sector IS a national security issue, so Clarke is just being disingenuous here. If the US were in the same role, we'd steal their commercial secrets, too. The fact that we don't want to just illustrates the advantage.

    2. If we hadn't outsourced the more polluting and less skill intensive parts of our manufacturing base, we wouldn't be in this position.

    2a. I know the thought pattern - I had it as a child back in the 70s - it was the "brown hordes" thought. What would happen if all the poor people in the world stormed the borders of the US? To avoid that, it sort of compels our hand to distribute the wealth and make this less desirable. So we did. Made it easy as hell for companies to outsource operations to the former Third World.

    2b. The delusion started when people like GHW Bush claimed that we'd have an information economy. So the only advantage that the US would have was information? We'd all sit in offices and type things to each other? Seems like an invitation for people to steal our information and produce stuff that we can no longer produce ourselves.

    At this point the whole plan looks like a suicide pact. Leave H1B out of it, and it's still a disaster. The tards in power aren't connecting the dots, even now.

  • The EU, US, and others need to get off our high Pre-WWI moralistic espionage horse. Cyber-espionage is a pre-WWIII essential to national security and may be the only way to prevent WWIII nation-devastation.

    A tit-4-tat cyber-cold-war is the best way to keep the government of CN from perceiving US, EU, and RU as virtual-tigers, and/or having foolish corporate interest politicians enter into a vintage pre-WWII "Appeasement Peace Conference" with CN.

    We need to start state cyber-espionage to obtain all domestic, diplomatic, economic, corporate, and military information and appropriately share with US, EU, and RU ... countries and companies.

    As they have exploited US and EU, so must we exploit CN. Do it now or regret it later.

  • Its war (Score:5, Insightful)

    by AdmV0rl0n (98366) on Tuesday March 27, 2012 @03:14PM (#39488383) Homepage Journal

    The West was on top. So its a target. Its values are oppsed by the enemy.

    War comes in multiple forms. There isn't any requirement for someone to fight you directly. The lessons of this are available through history. The problem is that in general, the population is cretinously stupid. In the west, in america, and prevelent on Slashdot.

    The chinese long ago choose war with the west. And yes, this white house commentry is correct. Its years late to the party though. The chinese choose to make information and IP collection a military grade target, and applied military level resources to the task in hand.

    In exchange for taking all your information, IP and data, they then went back to said companies and said - we can do what you do, at a 10th of the price.
    Que economic damage doubled.

    At no point have I see anything - anywhere thats showing any willingness to even begin to face up to this challenge.

    Cutting to the chase, they do not have to use bombs and direct weapons to eliminate your factories, to commit economic damage, to diminish your state, lower your standard of living, and damage your way of life. If the end justifies the result - then its a valid technical stragetic aim. Its been and remains a highly effective strategic application of a militaristic and political plan.

    Assuming nothing is done, and its simply allowed to continue, then you will simply see a spiralling issue of damage here, and benefit there. A zero sum game that favours only one side.

    And there is no simple answer. In the west, we're so stupid, over payed, flabby, lazy and ill led that it will be a long time before an equalisation of fundamentals allows a reverse of the flow. American or Euro workers will still be paid many times the cost of a chinese worker. Even if you steal back the tech at a later date, the damage is largely done because you can't undercut enough to make stuff at the same cost level. But your structure will still have to pay out multiple times the cost to the now millions of unemployed. Que strike 3 of the cost of the enemy strategic plan.

    And how will you defend yourselves?
    With windows based networks that are an unholy security mess?
    With a military thats suffering the same windows based security mess?
    With open source software bases that however anyone might paint it, has enough security issues that its not a trivial issue?

    All of these are treated like a play ground by the enemy. A proverbial open door.
    Security worsens every day, and in the west IT is in most places simply treated as a red headed step child and an overhead people would like to eradicate if they could.

    Until companies and governments get serious, its only going to worsen. And while this is the state of play - with no penalty for the chinese - its well worth playing to a very full extent. At the end of the day, in the west, as the unemployed grow, eventually your customers will dwindle. The fact you get your shit made in the enemy factory now won't help you find exhausted customers in your home lands, and you are not going to outsell Lenovo in china to make up the now drastic shortfall. In the end, binning your own workers in exchange for cheap goods made in china has a culmative effect in you losing your own customers. The unemployed can't really buy from you, and that will turn to bite sooner or later.

    It could be ended tommorow assuming some spine can be found.
    A singular threat of complete bans on any chinese imports - on scale and across the western would would have sobering affect on the chinese. And at the same time reparations and damages should gained. And some spine should be found, because everyone basically knows this is going on, and has been for an extended period.

    China does not give a shit about you, or the west. It will under cut you, subsidise fuel to its operations, steal your data, rob you of your intellectual property, and take your job or life away from you. Its operating on the correct directive which is self interest. The nations and people's

  • is done by corporations against each other.

    China, as it emerges from communism and state enterprises, has retained the espionage function at the government level.

    Natural suspicion between Chinese firms will take care of this evolutionary holdback.

  • Hacking vs murder (Score:3, Insightful)

    by mr_lizard13 (882373) on Tuesday March 27, 2012 @03:36PM (#39488695)
    I like how China wages war against other countries. They attack over fibre cables, snitching intellectual property.

    Kind of refreshing really, when compared to western countries who send in tanks, warheads and troops and murder innocent civilians.
  • by mrquagmire (2326560) on Tuesday March 27, 2012 @03:37PM (#39488705)
    ...maybe we should start. The US government seems to be the only one in the world that doesn't display any interest in keeping its own businesses here and employed with its own citizens.

    I'm not saying we should go out and steal foreign companies' IP, but our government really does need to step up and start protecting its citizens jobs and creating an environment where businesses don't have an incentive to move production, profits, taxes, and jobs overseas.
  • Where's the +0 "Sadly true" moderation?

  • by Tablizer (95088) on Tuesday March 27, 2012 @03:53PM (#39488899) Homepage Journal

    free offsite backups

  • by Kirth (183) on Wednesday March 28, 2012 @05:10AM (#39494311) Homepage

    "The U.S. government doesn’t hack its way into Airbus and give Airbus the secrets to Boeing"

    That is a good one. Who then told Boeing of the bribes Airbus gave to some middle-eastern officials, so Boeing could match up? I can't find it anymore, but I think it was in the late nineties. And the information about the bribes DID come from US secret services.

Aren't you glad you're not getting all the government you pay for now?

Working...