EX-NSA director: China dominates cyber espionage

At the start, it was mostly vandals writing primitive viruses on their home computers.

Then professional crooks began designing malware. They quickly organized into cyber-crime syndicates.

After that, espionage campaigns arose. Some were likely state-sponsored, as governments have been launching high-tech offensives since at least the '80s.

Now interest in cyber spying has intensified over conjecture that recent breaches at health insurers Anthem Inc. - affecting 78.8 million people, including millions of Georgians - and Premera Blue Cross - 11 million affected - are tied to Chinese-funded hackers.

China denies taking part, but researchers claim there are indications that the world's most populated nation is behind the medical data thefts.

Private researchers are only looking for clues after the fact, though. They can’t possibly monitor all the internet traffic coming out of any one nation.

Governments can, however.

Mike McConnell, former director of the National Security Agency, told the AJC that “most nation states engage in industrial espionage.”

The reason: to gain an economic edge over others.

“The French; the Israelis; the South Koreans; the Japanese. (Almost) everybody is doing this at some level, particularly when they have state-sponsored enterprises,” said McConnell, who was the director of national intelligence under Presidents Bush and Obama

For instance, The Boeing Co. was targeted by French spies in the 1990s, according to The Seattle Times.

In the wake of the Cold War, that country coveted the engineering and sales tactics of Boeing, which competes with French-led conglomerate Airbus.

McConnell is now a senior executive advisor at Booz Allen Hamilton, a government contractor that briefly employed NSA whistleblower Edward Snowden – whom McConnell denounces.

China criticism

He said he has no direct knowledge of the origins of the Anthem and Premera breaches, adding he suspects they were carried out by conventional identity thieves rather than China or some other nation.

Still, China is among the most prolific practitioners of economic espionage as it seeks to innovate at all costs, McConnell said.

“They’re probably 80 percent of what’s going on in the world, now,” McConnell said.

China recently disclosed it has a cyber warfare unit, news website The Daily Beast reported.

McConnell has been a longtime and outspoken critic of China's cyber activities. In 2012, he and two other ex-national security officials penned a Wall Street Journal column on the topic.

This month, McConnell expanded on his thoughts during a lecture at the University of Missouri.

"From the U.S. Congress, to the Department of Defense, to the private sector, we have never, ever not found Chinese malware embedded in a system so that they can extract it," he said during the lecture, which was posted on Youtube.

Most speculation around the recent health insurer breaches assumes that the Chinese might be interested in building databases on people in businesses and governments.

The idea is that while a hacker might not be able to breach the security of. say, the President’s computer, that person might be able to infiltrate all the systems surrounding the Commander in Chief, in essence making the job of spying easier.

‘Spear phishing’

“To be successful in penetrating computer systems, one of the most common techniques is to do some social engineering and by that you would find two people in a corporation. They know each other. They are emailing each other,” McConnell said.

“When Joe clicks on the attachment, the Chinese now have him. They would have a penetration into that corporation to plant malware to subsequently extract information.”

That’s called “spear phishing.”

“What they would do is capture the information, encrypt it and then send it back to China,” McConnell added.

“So, if the organization became aware that something was leaving their organization they wouldn’t know what it is, because it’s encrypted.”

McConnell said the U.S., U.K, Canada, Australia and New Zealand, among others, don’t engage in economic espionage, primarily as a result of a free market society.

“We can’t reward private industries,” he said. “We wouldn’t be allowed to pick the winners and the losers.”

Regardless, McConnell said recent hacks at Anthem and Premera smack more of conventional criminal behavior. Financial data bundled with personally identifiable information — Social Security numbers and addresses, for example — are valuable to thieves.

That doesn’t rule out the possibility that state-sponsored hackers run criminal enterprises as a sideline, or that governments collude with criminal organizations with or without those crooks’ knowledge.

U.S. companies hurt

In his interview with the AJC, McConnell also said last year’s revelations that the NSA collects internet communications from several American tech giants has hurt Silicon Valley companies.

He said the accusations, brought to light by Snowden, created the perception that it may be risky to do business with certain U.S. companies.

“And perception turn into reality when a German company can say to the German public: ‘Don’t use Google or Microsoft or Yahoo or Oracle. Don’t use that because the U.S. government is causing them to make them give that [information] to the U.S. spying system.’

“That’s a false accusation. But to deny it you have to prove the negative.

“So what’s happening is U.S. technology companies are feeling the pinch in the market because the competitors in those foreign countries are using the Snowden claim to make the representation that you should use a German system, or use a French system, or use a whatever system, because you can’t trust those Americans.

“As it turns out there are more checks and balances and oversight and review in the US system then there is in any other system in the world.

“And, as a policy, we haven’t done economic espionage in our history… because if we got the information what would we do with it? … We can’t reward private industries.”