A propaganda war brews over Chinese cyber theft, leaving multinational corporations influx.
Propaganda is a time-honored weapon in the conduct of warfare—a truism that China’s leaders have shown they fully appreciate in the ongoing cyber cold war with the U.S.
In the 18 months since American security expert Kevin Mandia publicly fingered a Chinese military unit hacking into the trade secrets of Fortune 1,000 companies, China has effectively turned the tables, lobbing cyber accusations back at Washington. Beijing’s timely—and incredibly effective—ally: Edward Snowden.
“We had been talking about this mass scale of Chinese theft—by some measures the largest theft in all of human history—ranging from sophisticated jet fighter blueprints to soft drink companies negotiating strategies,” notes Peter Singer, author of Cybersecurity and Cyberwar: What Everyone Needs to Know. “This was going to be a major part of the agenda with China. We were laying the groundwork, trying to cajole them and convince them. Along comes Mr. Snowden, and the legs are kicked out from under that narrative.”
Beijing not only trumpets Snowden’s revelations of NSA spying, but is now accusing U.S. tech companies of stealing from and spying on Chinese customers. Google’s efforts to end-run China’s censors have only further inflamed a state-controlled media on the frontlines of this war of words.
Despite a muddled narrative, Chinese cyber theft of trade secrets continues on a grand scale, says Mandia, the executive who released last year’s report documenting cyber attacks by a Shanghai-based military unit. Mandia, who has been investigating foreign hacking since 1997, has come to believe that an entrenched cultural divide stands in the way of any diplomatic progress to control Chinese hacking. While Americans argue that the NSA spies for national security, not commercial theft, the Chinese “think hacking is hacking, regardless of motivation,” says FireEye chief operating officer Mandia, who shared his exclusive story with Fortune last year.
In May, the Obama administration tried to regain the upper hand in the propaganda war with the Justice Department’s grand jury indictment of five Chinese military hackers. While the indictments won’t go anywhere—the men are in China—the effort helps the U.S. build a case should it decide to sharply escalate the conflict by going to a court that Beijing actually cares about: the World Trade Organization. Meanwhile, America’s new ambassador to China, Max Baucus, has publicly warned Beijing that the U.S. won’t stand by while “state actors” commit cyber theft.
So where does that leave companies here and abroad? Sadly, diplomacy is a slow and uneven slog. Unless China can be convinced there is a painful price to pay in the long run, companies in the U.S., Europe, India, and elsewhere remain exposed.
Now is the time to consider ways to help the private sector develop more robust defenses. In today’s environment, executives are reluctant to share information after cyber attacks occur. Therefore, as Mandia often says, “no one gets smarter.”
Graphic Source: Verizon
CYBER THEFT ON THE RISE Until China feels there’s a price to pay for cyber theft in the long run, companies in the U.S. and elsewhere remain exposed.
Singer proposes an approach like that of the government-backed Centers for Disease Control and Prevention—where anonymous data provided by the private sector is deployed on behalf of public health (or in this case, cyber health). “We need a trusted clearinghouse that examines trends, threats, overall ecosystems,” he says.
Costly cyber theft, of course, goes beyond China. Hackers out of Russia staged the largest retail hack in history, stealing 40 million credit card numbers from Target. Retailers like Neiman Marcus had their own costly episodes last year.
Chinese hackers typically don’t steal directly from customers. That’s a signature Russian heist. Neither do they destroy computers or files. You won’t see angry customers boycotting or suing because their credit cards were hacked. Chinese commercial espionage is quieter—but just as nefarious. Which is why we need to get beyond Snowden and make a vigorous case against Chinese cyber theft, even as companies bolster their defenses. Says Singer: “We have to find our narrative. We have to get our moxie back.”
This story is from the July 21, 2014 issue of Fortune.