This is first of a three-part series examining the industry fallout from China's alleged cyberspying, and specifically if the spying has hurt the tech industry. Today we review history, piecing together evidence of spying with China's pattern of denial. Science writer Kevin Fogarty takes an in-depth look for EE Times.
Despite years of accusations and mounting evidence that its military intelligence divisions are among the most aggressive cyberspies in the world, China categorically denies digital spying of any kind. Period.
The US indictment of five Chinese military officers for attacks on US companies is an "absurd" effort based on "fabricated facts" made for "ulterior motives" against a country that is the "victim" of online espionage, not the perpetrator, according to a spokesman from the Chinese Foreign Ministry.
"China is a staunch defender of cyber security" that has never "engaged or participated in the theft of trade secrets through cyber means," according to a published statement from Chinese Foreign Ministry spokesman Qin Gang.
No matter how serious the charges or how damning the evidence, the response from China is always an absolute denial, usually followed by counter accusations that China's accusers are the real victimizers.
In April, for example, China deplored the "groundless accusation" in a US government report recommending tighter controls on space technology due to China's efforts to steal it.
In 2013, China categorically denied spying on European diplomats, and went on to say the detailed report from security company Mandiant that laid out details of China's digital spy operation lacked "technical proof" and was inherently flawed because it didn't differentiate between cyberespionage and "everyday gathering" of online information.
Still, the evidence piles up.
The indictment announced by the Dept. of Justice May 19 charged five members of the People's Liberation Army (PLA) of stealing data from the networks of five US companies and one trade union.
The five are officers, senior staffers, or contractors working for the Shanghai-based Unit 61398 of the PLA, which is infamous for the high-volume, heavily automated attacks blamed for the theft of "hundreds of terabytes" of technology blueprints, negotiation strategies, pricing, and financial data and other information from 141 companies and organizations between 2006 and 2013, the vast bulk of them in the US, according to the February 2013 report from security firm Mandiant, which is the most detailed publicly available analysis of the attacks.
Mandiant used more than 3,000 bits of data residue from Advanced Persistent Threat (APT) attacks back to a building in Shanghai that houses the 2nd Bureau of the People's Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, Unit 61398.
The same unit, and its role as a leading cyberspy for both the Chinese military and commercial enterprises, was also described in a 2011 report from similar reports from China-watching think tank the Project 2049 Institute.
Many of the same indicators pointing to Unit 61398's involvement in a five-year series of attacks on more than 70 companies that investigators dubbed Operation Shady RAT were found by McAfee in a 2011 report, later confirmed by Symantec Inc.
"This is the biggest transfer of wealth in terms of intellectual property in history," McAfee VP of threat research Dmitri Alperovitch told Reuters after release of the Shady Rat report. "The scale at which this is occurring is really, really frightening."
Next Page: Spying on the tech industry