I've been following on and off over the past year, developments in regards to the PRC's intelligence activities. Especially, since there has been alot of converge about the People's Republic's cyber espionage operations(breaking into secure systems & databases; attempting to put back doors into Chinese made electronic products etc).

Both successful and failed attempts to commit industrial espionage against a number of private sector companies around the globe. As well as the PRC's attempts both real and accused of trying to solicit information from foreign nationals both in mainland China it's self/in other countries, and from the large Chinese diaspora abroad.

I've heard some say that the PRC's intelligence operations against the US exceed those of Russia and even the USSR(in it's later years). I've also read that some nations that have dealings with China such as Canada have had both their prominent private and public institutions thoroughly infiltrated by Chinese intelligence.

However, despite all these instances that are cited both proven and rumored; how big a problem is Chinese espionage actually?

I mean from what I can tell it's well documented that the PRC's intel collection abilities thorough cyber, open-source, and other means appears quite extensive. Not to mention the numerous Chinese communities throughout the world which provide a good resource pool.

I'm also skeptical from all I've been hearing about in terms of the PRC's espionage efforts. Since they seem limited in their ability to infiltrate/subvert organizations. Because the Chinese diaspora and cyber intel collection amongst others only goes so far IMO.

I'd be interested in hearing the opinions of those more knowledgeable then me on this subject. So does the PRC really have that big of a global/western spy operation or is it being hyped to be something larger then it really is?

Here is an article from the Diplomat on these issues.
http://the-diplomat.com/2011/09/19/chinas-growing-spy-threat/

However, despite all these instances that are cited both proven and rumored; how big a problem is Chinese espionage actually?
Massive. The cyber-warfare issue may or may not be hyped or exaggerated; the cyber-espionage issue is not being exaggerated.

These people invent nothing these days and steal everything. It is the greatest transfer of wealth in history – the director of the NSA has said as much.

I'm also skeptical from all I've been hearing about in terms of the PRC's espionage efforts. Since they seem limited in their ability to infiltrate/subvert organizations. Because the Chinese diaspora and cyber intel collection amongst others only goes so far IMO.
Don't be. They have money and they know how to use it; the PRC money has been pumping money into our political system for years to both parties.

Cyber-espionage can go pretty damn far if you stop and think about it. We might be better off printing out every government and corporate secret that we have and just dumping it all into China, just to confuse the SOBs. The NSA has come out and said that some form of computer compromise is the new normal, and that no system is secure – even their own.

Also the US gives the nation of Israel the right to steal whatever the hell it wants in our country; and since the nation of Israel exports little of value other than military technology, Israel inevitably sells its stolen technology to China.

So does the PRC really have that big of a global/western spy operation or is it being hyped to be something larger then it really is?
I think we are only now seeing the tip of the iceberg. The full ramifications wont be seen for decades to come.

I'd say both real and hyped. No doubt there's a threat and an issue, but I also have little doubt that the threat has been oversensationalised. It's also fairly obvious that the same things are being done in the opposite direction, along with various other countermeasures (such as setting up defective or erroneous data for theft). The Chinese are neither omniscient not omnipotent, and the people on the other side are not entirely inept.

Given that as a general rule the most effective intel operations are the ones that remain unknown, it's very difficult to say what's bigger, better, most extensive or most effective.

I'd say both real and hyped. No doubt there's a threat and an issue, but I also have little doubt that the threat has been oversensationalised.
A previous comment of yours in a thread about cyber-espionage demonstrated that you have a poor understanding (http://council.smallwarsjournal.com/showpost.php?p=124261&postcount=3) of information security concepts. Combine that with your reflexive apologizing for China, and I’m not sure your opinion alone on this matter is worth a damn.

It's also fairly obvious that the same things are being done in the opposite direction,
So what? China hardly has significantly s&t worth stealing for commercial or military industrial purposes; they invent nothing, they innovate nothing – all they do is copy and steal.

Given that as a general rule the most effective intel operations are the ones that remain unknown, it's very difficult to say what's bigger, better, most extensive or most effective.
The operations uncovered so-far are pretty damned impressive and were pretty effective.

Only two small stones to throw into this pond.

I have seen a reference to more PLA officers studying at US universities than US military, less certain was this was at Ph.D. level.

Universities here found now a few years ago that virtually all Chinese technical and scientific students made incredible use of the then free university photocopiers.

Universities here found now a few years ago that virtually all Chinese technical and scientific students made incredible use of the then free university photocopiers.
Photocopiers are so last century!: http://www.theaustralian.com.au/news/world/chinese-students-steal-secrets-inventor-james-dyson/story-e6frg6so-1226028900686
(http://www.theaustralian.com.au/news/world/chinese-students-steal-secrets-inventor-james-dyson/story-e6frg6so-1226028900686)

Bourbon: Is the whole of this Red Chinese effort centrally coordinated or is it encouraged in a general sense or do they give out equivalents of letters of marque or what? How do they control something so big or do they even truly try?

Massive. The cyber-warfare issue may or may not be hyped or exaggerated; the cyber-espionage issue is not being exaggerated.

These people invent nothing these days and steal everything. It is the greatest transfer of wealth in history – the director of the NSA has said as much.


Well, "nothing" is obviously an exaggeration, as is "everything".

Aside from the unnecessary exaggerations:


Let's assume you were correct about the "nothing" and "everything". We have a historical precedent for the total exploitation of a country's intellectual property: Germany 1945. All patents, all high profile blueprints - gone to the victors.
What did it mean? Actually, very little.

The real transfer was in the captured or hired technicians and scientists.
Blueprints with no or only minor captured technicians regularly led to minimal or no success.

The German economy had to be rebuilt, but lack of intellectual property was not among the big problems. Not a single major industry collapsed for this reason. The only key industry that shrank badly was the aviation industry, and that had obvious different reasons in both West and East.


The real challenge is to make good and timely use of documents, not to get them in the first place.


Besides; the U.S. isn't that innovative, either.
The majority of American innovation announcements I know were no innovations, but rather revivals of failed ideas or revivals of European innovations. Now imagine how many of the others were no innovations either and I just didn't know their roots!
There's a lot of show aptitude involved that deceives many people.

Combine that with your reflexive apologizing for China, and I’m not sure your opinion alone on this matter is worth a damn.

Since when did failure to panic constitute an apology? Given the nature of the subject, I doubt that any of us is in a position to accurately assess the threat level, and if we were we would not be allowed to post on the subject.

What I said was that threats don't have to be real or hyped, they can also be real and hyped. Virtually all real threats we face are over-hyped, often by people in some way invested in trying to sell us their particular "solution" to whatever threat is in question. That "solution" may be an ideology, a policy, a product, or any number of other things, but if someone needs to invoke fear in order to sell it, there's a good chance that they think the suspension of rational thought is a necessary element of making the sale. Fear is right up there with greed as a marketing strategy.

As a general rule, whenever you read something written by someone who wants you to be afraid, it's time to start taking out grains of salt. That doesn't mean there are no threats, it means that the threats are almost invariably less than what they are hyped up to be.

So what? China hardly has significantly s&t worth stealing for commercial or military industrial purposes; they invent nothing, they innovate nothing – all they do is copy and steal.

Strange how people so incapable of innovation seem, at least according to some, to be so remarkably capable of inventing ways to steal information. How did a bunch of bonehead copycats morph into the omniscient, omnipresent, omnipotent masters of the information universe before whom we must tremble in fear?

Our espionage efforts, cyber or otherwise, don't have to be aimed at stealing their innovations. We'd have our own set of goals, like getting a handle on what they've got, where they got it, what they've done with it, and to what extent what they've done with it actually works. Obviously whatever information is gained from these efforts is not being made public.

We know that they spy on us. We also know that we spy on them. We also know that they will be trying to fool us by leaking wrong information to confuse our spying efforts, and that we are doing the same. It's actually a bit reassuring that we don't hear much, if anything, about the efforts on our side. If they were in the headlines, that would be evidence of failure.

The operations uncovered so-far are pretty damned impressive and were pretty effective.

It would be more impressive if they hadn't been uncovered. Is it not an axiom in the intel world that failure is public and success remains unknown?

Since when did failure to panic constitute an apology? Given the nature of the subject, I doubt that any of us is in a position to accurately assess the threat level, and if we were we would not be allowed to post on the subject.

That is an all purpose good for whatever ails you argument, I don't know and I know that you don't know because if you did you couldn't say but you did so you don't so what I say is just as good as what you say.

And to answer your question, since legitimate concern became hysteria and panic.

That is an all purpose good for whatever ails you argument, I don't know and I know that you don't know because if you did you couldn't say but you did so you don't so what I say is just as good as what you say.

I can't begin to unravel all that, but I doubt that anyone here is in a position to accurately assess the respective extent and effectiveness of US and Chinese cyperespionage efforts.

And to answer your question, since legitimate concern became hysteria and panic.

When we paint the other guys as giants and ourselves as midgets, when we claim that they know everything about our capabilities and intentions and we know nothing of theirs, when we claim that everything they do works and everything we do fails, when we look at them as an inevitably rising economic powerhouse and ourselves as a terminally declining has-been, when we base our fears on speculative projections of what somebody might be able to do in a few decades... then we go beyond legitimate concern and into the realm of hysteria, panic, and overhyped threats perceptions.

hat tip to the Lowy Institute e-briefing for a pointer to a Jamestown Foundation report on Taiwan's intelligence chief's public parliamentary hearing; which ends with this flip side of Chinese espionage:...the Taiwanese record of espionage against China suggests Tsai’s remarks should be taken seriously. In his well-publicized leaked remarks last year, PLA Major General Jin Yi’nan identified several major Taiwanese spy cases, including the party secretary of China’s National Nuclear Corporation (“General’s Spy Comments Reveal More Than Just Espionage,” China Brief, September 2, 2011). A few years previously, Taiwanese intelligence also developed a spy ring at the PLA Air Force Command Academy, including the school president and other members of its leadership (Global Times, February 14, 2011). These Taiwanese successes indicate that, regardless of Taiwan’s own counterintelligence problems, the island’s intelligence services continually have developed high-level sources in Chinese military circles that could inform Tsai’s annual reports to the Legislative Yuan.

Link:http://www.jamestown.org/programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=39420&tx_ttnews%5BbackPid%5D=25&cHash=d76b6a4409571f5330b703805948196e

On Economic Espionage.......notice it begins with the Cold War is not over!! I agree 100% which all this business spying goes with basic Commie Take Over Theroy from the 50's and 60's. But all the left over Hippies are know in senior leadership postions. Just as Lenin dreamed we will be weakened to such a point where the final takeover violence will be minimal. They know how to attack on a Systems Level.....more Deadly Than War.


http://www.fbi.gov/about-us/investigate/counterintelligence/economic-espionage

When we paint the other guys as giants and ourselves as midgets, when we claim that they know everything about our capabilities and intentions and we know nothing of theirs, when we claim that everything they do works and everything we do fails, when we look at them as an inevitably rising economic powerhouse and ourselves as a terminally declining has-been, when we base our fears on speculative projections of what somebody might be able to do in a few decades... then we go beyond legitimate concern and into the realm of hysteria, panic, and overhyped threats perceptions.

I'll tell you what. I'll answer to hysterically panic stricken if you'll answer to complacent appeaser. Deal?

If complacency is the absence of fear, I'll wear that label. It's not a definition I'd use, but some might. Where have I ever advocated appeasement?

I personally think the US education system is a greater threat to American security than Beijing and Goldman Sachs combined, but I guess we all have to be hysterical and panic-stricken over something. I mean, think about it... you live in a country where astrologers outnumber astronomers 100 to 1, and you're worried about the Chinese?

Ok. I sense there's room for a deal here.

You'll be complacent but not an appeaser and I'll be just hysterical but not panic-stricken. How about that?

If I confess to complacency, may I be excused from tearing my hair and rending my garment? I've no great stock of hair to begin with, and garments get more expensive by the day... plus they're all made in China, so I couldn't replace it without subsidizing the evil ones.

My brother who made his engineering Bachelor in Munich told me that his institute of the TU (technical university) had no troubles to find internships for their students but for the Chinese. It seems as if certain things, especially espionage happened rarely with other nationalities but relative often with the latter.

Defense Security Service: Targeting US Technologies: A Trend Analysis of Reporting From the Defense Industry (http://www.dss.mil/counterintel/2011-unclassified-trends.pdf)
....Overall, the majority of collection attempts in FY10 originated from the East Asia and the Pacific region; commercial entities were the most active collector affiliation category for the second year in a row; targeting of information systems (IS) technology more than doubled from FY09; and collectors continued to most commonly use requests for information (RFIs) to elicit information from cleared contractors.

Even as the total suspicious contact reports from industry more than doubled from FY09 to FY10, the East Asian and Pacific region accounted for an even larger percentage of the total in FY10, increasing from 36 percent to 43 percent. East Asia and the Pacific accounted for as much of the total as the next three regions combined. Despite the dramatic increase in the number of reported cases attributed to the second most active region, the Near East, its share of the total actually declined slightly, due to the even greater increase in incidents attributable to East Asia and the Pacific.

As with the East Asia and the Pacific and Near East regions, Europe and Eurasia’s reported collection attempts more than doubled from last year, causing it to displace South and Central Asia as the third most active collector region. Together, East Asia and the Pacific, the Near East, and Europe and Eurasia accounted for over three-quarters of the world-wide total reported collection attempts against the U.S. cleared industrial base.....

I personally think the US education system is a greater threat to American security than Beijing and Goldman Sachs combined, but I guess we all have to be hysterical and panic-stricken over something. I mean, think about it... you live in a country where astrologers outnumber astronomers 100 to 1, and you're worried about the Chinese?All three parts; the first point quite accurately and sadly :( , the last hilariously :D .

Shame that hysteria and panic isn't directed at the pathetic state of our education system which promotes a tendency toward those failings as well as an obsessive desire for safety and comfort couched as risk or harm avoidance. :rolleyes:

This is rather balanced piece of advocacy on the threat from PRC cyber activity, from April 2012 by Jason Healey, Director of the Cyber Statecraft Initiative at the Atlantic Council of the United States (so a 'Beltway Pundit').

In brief a major challenge to the economic sustainability and health of governments and businesses alike.

The threat of Chinese espionage is so critical that the commander of our military cyber defenses has called it the “the biggest transfer of wealth through theft and piracy in the history of mankind.” But the threat is not bad enough to go on the record about the threat, to take risks to share needed information, or even to be willing to tell the Chinese to back off.

These are the government’s Three Silences. Added together I fear they are driving us to defeat.

First: Silence about the threat we face....Second: Silence about practical information which could help the private sector....This leads us to the last silence: Silence to the Chinese about our increasing fury.... By refusing to speak, either to our own people or to the Chinese, we are fighting on an asymmetric battlefield of our adversary’s own choosing. Going public, through naming and shaming those involved, is a winning strategy.

Link:http://www.acus.org/new_atlanticist/governments-three-cyber-silences (http://www.acus.org/new_atlanticist/governments-three-cyber-silences)

This is rather balanced piece of advocacy on the threat from PRC cyber activity, from April 2012 by Jason Healey, Director of the Cyber Statecraft Initiative at the Atlantic Council...
Balanced? I don't read it as such. Hell, he even advocates a position where if an incident even appears as if it came from China, then we don't bother trying to track it - just hold the Chinese government accountable, regardless. And Healey's piece focuses only on the Chinese, which, although China may be the origin of the majority of cyber espionage, the threat is active in all corners of the world.

However, I do agree with Healey about declassification of malware signatures for private sector security. Overclassification is a serious obstacle to efficiency in too many key areas - a problem clearly identified post-911, but still nowhere near adequately addressed.

But back to the issue - Any realistic and practical advocate of cyber-defense should be stressing the growing potential global threat, not scare-mongering against one particular actor - especially when that characterization builds the perception that China is the sole threat. The threat is real, and although espionage originating from China makes up the largest proportion (Russia is a major, sophisticated player as well), that does not excuse minimizing or ignoring the global nature of cyber espionage. And the global threat will only expand and build with the growth and development of technological capabilities - in effect, the cyber threat is the 21st century's arms race, but with a potentially unlimited number of state and non-state players.

Fortunately, those at the dirty-boots level of cyber defense (who are never actually in a position to get their boots dirty) have been well aware of the growing nature of the threat for a long time, and have been actively engaged in the evolutionary and innovative development of counter-measures for just as long. The mouthpieces at the national public level are simply players engaged in what is to be a bureaucratic spillage of blood over securing future funding, as we approach a defense drawdown and cuts that may resemble the immediate post-Cold War era.

1. File under "Quid Pro Quo, Clarice".
2. SWJ needs a "This Thread Useless Without Pics" smiley.


http://www.bbc.co.uk/news/world-asia-china-18299065

Hong Kong-based Oriental Daily quotes the monthly New Way as saying on 25 May that the official "fell into a pretty woman trap" set up by the CIA.

After the two were photographed in secret liaisons, he was blackmailed and agreed to supply secret information to the US, the reports say.

"The destruction has been massive," a source told Reuters.

Jed:

I don't know that much about how this stuff works exactly which is why I am asking. There was a post over at Information Dissemination a few weeks ago and the author advocated allowing individual targets, companies basically, to take active measures (trons dueling trons kind of) to defend themselves if they are the target of cyber attacks or spying. From the tone of the post this does not happen now. What do you think of that? Are they permitted or encouraged fry an attackers machine now and if they aren't, should they be?

Jed:

I don't know that much about how this stuff works exactly which is why I am asking. There was a post over at Information Dissemination a few weeks ago and the author advocated allowing individual targets, companies basically, to take active measures (trons dueling trons kind of) to defend themselves if they are the target of cyber attacks or spying. From the tone of the post this does not happen now. What do you think of that? Are they permitted or encouraged fry an attackers machine now and if they aren't, should they be?
I'm no expert on current corporate countermeasures either, but as far as I know its as you stated: US corporations are tightly focused on defensive measures, but they tend to be passive (at least with those that will discuss or publish security countermeasures in anything resembling a public venue appear to be that way). Some that would like to take active measures are deterred by concerns about legal liabilities resulting from the potential impacts of active measures along the lines of the counterattack type that you suggest - with liability being a constant concern of corporate lawyers in any case.

Sam may have better knowledge of current private sector defensive actions, if he wants to jump in.

Also, there is a government-private sector information sharing entity that has been in existence for a few years now, the Domestic Security Alliance Council (http://www.dsac.gov/Pages/index.aspx), which is intended to facilitate the sharing of critical information between corporations and the FBI and DHS. A substantial part of that is focused on the cyber threat. I'm not saying its really effective, but its there and can be leveraged by the private sector.

And Dayuhan and Ken's remarks about education are also important in the context of an evolving long-term cyber threat - for at least the past two years there have been intermittent reports about the number of computer science grads being too small to meet economic demands, which may or may not also factor in cyber security demands. Hell, just last month the University of Florida was about to eliminate its Computer Science department - while increasing the athletic budget by around $2 million - until a huge outcry resulted in the reversal of that decision. But it remains clear that focus is lacking too many institutions of higher education, let alone our weak and damaged primary education system.

If I were to endorse Chinese activities without giving the rationale, I would have no fear.

Fear arises only if one does not endorse the happenings that create the fear!

An ostrich with its head in the sand, has no fear!

Has anyone here "endorsed Chinese activities"?

Rational assessment of threat needn't produce fear. There's room for disagreement on the extent and nature of threat, but reasonable disagreement is not advanced by panic or hysteria.

...reasonable disagreement is not advanced by panic or hysteria.
But well-crafted and focused panic and hysteria are excellent tools for building project support and raising funds.

A moral panic is caused when an issue threatens the perceived social and the world order.

A moral panic is caused when an issue threatens the perceived social and the world order.

Panic is also often caused when an issue is perceived to threaten that order. The question in that case is whether or not that perception is reasonable. Jedburgh says it well:

well-crafted and focused panic and hysteria are excellent tools for building project support and raising funds.

When somebody wants us to be afraid, there's a very good chance that they're trying to sell something. Always good to take a deep breath and calmly assess the extent to which the alleged issue actually does threaten the social and world order, or any fraction of that order.

When some one tries to sell aggressive intent as a peaceful one, then that does indicate an agenda/ collaborator!

http://online.wsj.com/article/SB10001424052702303918204577446202239267134.html?m od=googlenews_wsj

Good reasons to be circumspect.

Reactions would hardly be termed as panic to those who are interested in ensuring their national interests is not sold off by peaceniks!

Overselling a threat can also be collaboration with an agenda, willing or unwilling. Whose national interests, if anyone's, are being "sold off by peaceniks"?