CIO — It has become an article of faith in the information security world that the Chinese government is behind many advanced persistent threats (APTs)—sophisticated, long-term cyber-attacks that target companies for their intellectual property and trade secrets. Expressing the belief is easy, but proving it has been another matter. But one security firm may have the proof.

[Slideshow: Did China's Army Hack U.S. Companies? ]

"It's very difficult to identify the extent of the risk," says Peter Toren, a former federal prosecutor in the Computer Crimes & Intellectual Property Section of the U.S. Department of Justice; Toren is now an IP and computer crimes expert with Weisbrod Matteis & Copley and author of Intellectual Property and Computer Crimes.

"In computer hacking, you really only learn about the successful hacks, and even then it's only the proverbial tip of the iceberg," Toren says. "Many companies are reluctant for a variety of reasons to report a breach."

"It's also very difficult, especially with China, to identify who's sponsoring the attacks," Toren adds. "In China, the line between the private enterprise and the state-owned enterprise can be very muddy and blurred. It's very difficult to distinguish between the two."

However, Toren notes that about 30 percent of the cases the U.S. government has brought under the Economic Espionage Act of 1996 have had some sort of Chinese connection. The first trial conviction under the act involved Dongfan Chung, a Chinese native working as an engineer at Boeing. Chung spent 30 years providing U.S. aerospace technologies to China, including details on the U.S. Space Shuttle Program and Delta IV rocket. He was sentenced to 16 years in prison in February 2010.

U.S., Allies Must Pressure China to Stop Cyber Espionage

"There is a rich history over the centuries of governments and militaries conducting espionage on each other to better understand each other's plans, intentions and capabilities," U.S. Rep. Mike Rogers, chairman of the House Intelligence Committee, said in the opening statement of a hearing on cyber threats in 2011.

"These espionage activities over the years, however, have largely been focused on collecting intelligence on foreign governments and militaries, not on brazen and wide-scale theft of intellectual property from foreign commercial competitors," he added. "You don't have to look far these days to find a press report about another firm, like Google, whose networks have been penetrated by Chinese cyber espionage and have lost valuable corporate intellectual property."

Rogers noted that many targets of these attacks won't talk about it in the press.

Continue Reading