Russia, China 'aggressive' cyberspies, U.S. report frets

It's like the Cold War never ended: U.S. intelligence agencies see Russia and China as the most significant threats to the nation's interests.

The difference this time is that the field of engagement isn't proxy states in Eastern Europe and Southeast Asia, but in the vast digital reaches of cyberspace.

In a new report to Congress, titled "Foreign Spies Stealing US Economic Secrets in Cyberspace," the Office of the National Counterintelligence Executive (ONCIX) points to "significant and growing threats to the nation's prosperity and security" from other nation states, including historic foes and even some U.S. partners and allies.

But it's those foes from the Cold War decades that followed World War II that draw the greatest attention in the report.

• Chinese actors are the world's most active and persistent perpetrators of economic espionage. US private sector firms and cybersecurity specialists have reported an onslaught of computer network intrusions that have originated in China, but the IC [intelligence community] cannot confirm who was responsible.

• Russia's intelligence services are conducting a range of activities to collect economic information and technology from US targets.

"We judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace," the report says.

The ONCIX has released a number of economic espionage posters intended to promote greater counterintelligence awareness. One that clearly has China in mind features a computer chip labeled "Made in the USA" and the coy but pointed phrase "Stolen and transferred to an unnamed country with a cool wall, great noodles and countless cyber hackers."

As for the threat from Russia--which comes across as a distant second compared with China--the report cites, among other things, the arrest in June 2010 of 10 Russian Foreign Intelligence Service "illegals" who it says were tasked with collecting economic and technology information.

The areas of greatest interest to foreign cyper-interlopers, the report says, include "backbone" information and communication technology; business information on scarce natural resources or that gives an edge in negotiations; military technologies such as unmanned aerial vehicles; and civilian and dual-use technologies in fast-growth areas such as clean energy and pharmaceuticals.

The report also points to threats from "disgruntled insiders" who may leak corporate trade secrets or critical U.S. technology to the likes of WikiLeaks and other "hacktivist" groups.

But while the ONCIX report highlights the threats to U.S. economic security, it acknowledges the difficulty of putting a hard number to that: "Economic espionage inflicts costs on companies that range from loss of unique intellectual property to outlays for remediation, but no reliable estimates of the monetary value of these costs exist."

Cyberespionage and other surreptitious online activities can be notoriously hard to document, but some high-profile examples have emerged in recent months. In August, for instance, security company McAfee reported on Operation Shady RAT, which it described as a "historically unprecedented" operation in which information was stolen from scores of public and private companies in 14 countries.

Earlier in the year, McAfee called attention to what it termed the "Night Dragon" attacks that sought to steal e-mail and other sensitive information from companies in the oil and energy industries. And also this year, a breach involving RSA's SecurID authentication devices apparently led to cybersnooping at three big U.S. defense contractors.

A common thread in each of those incidents? Strong suspicions that China was lurking somewhere in the shadows.

Update 11:19 a.m. PT: Added more information from the report and more background on cyberespionage activities.