in the past few years i saw an incredible increase in the amount of “public” news about espionage against different western countries and usually coming from far-east, typically china.
China want to be the largest economic power within 2020 and it’s following a grow rate of 8% per year. Their “controlled” capitalism without the inefficiency of the democracy it’s something that’s beating the western countries, less efficient because democratic.
China, in order to quickly grow it’s R&D capacity make an extensive use of espionage, it’s estimated that Chinese government have more than 1.000.000 intelligence agents worldwide.
And they know how to do espionage, their “spy” does not cost that much like western countries’ spy, less guarantee, less payments.
Also they are using cyber espionage as an important source of information and competitiveness against western countries companies and government R&D results. China is so un-cooperative that now also western countries spying each other, or even Russian, use chinese internet space as the “start base” for their internet based espionage activities.
I knew of a USA phisher that used to build it’s own trojan with a chinese version of Windows Xp with a chinese version of the Microsoft Visual Studio development suite. Why? For information deception, in order to tweak the forensics effort of the FBI analyst and have them think that it’s own attacks was coming from China!
Any investigators that see an attack coming from china typically think “oh shit, it comes from china, we’re lost”, and now even cybercrime use China like a far-west, untouchable base for cyber attacks.
Back tracing attacks coming from china it’s like trying to find out what’s inside a black hole, it’s a one-way trip and no information comes back.
To give better an idea of what i am speaking about just get the following list of reference:
How do the western countries defend themself?
That’s a nice points to speak about because there’s no simple way to defend against espionage other than considering it like a serious and concrete threat.
Governments should be able to get more understanding that their approach to informations systems and information security policy must not only exists on paper but also be applied everywhere in order to be effective. Governments are complex organizations and only a few are enough smart to be able to quickly and efficiently make security policies really be implemented organization-wide. But they are trying to, especially the most competitive ones like USA, UK and Germany .
Companies instead should acquire awareness of the problem that is present, available, concrete as concrete is the chance that someone enter into the offices to steal good (not for espionage). For that reason companies place alarm systems, access control with badge, camera monitoring systems.
But espionage does not mean fighting and protecting against poor thieves but instead against more sophisticated, either technically and socially, attacker that can use old school intelligence techniques always effective. Getting employed and stealing information while working. Simulate to be customers to establish a link trust with a salesman and then find a reason to let him execute some malicious software “hey, but my modellization software demostrate that your model used to measure the performance of your product it’s not the one you advertised. Check it out, see your self with the software we used!”. What do you think the salesman will do in order to catch the prospect customer?
Only awareness, knowledge about the issues can make such risk to be considered seriously.
Governments should provide financing to industrial associations, chamber of commerces and similar agencies in order to make such awareness national wide and let entrepreneurs became conscious and became prepared to recognize, identify and stop espionage activities.
The law perspective
Governments should strenghten their laws in order to be able have the required rights tools to enforce the protection from espionage.
Look at the analysis made by my smart cousin Angelo Pietrosanti on espionage “Is the European R&D Equally protected from espionage as in the US R&D?”
|Country||Civil Sanction against trade secret threat||Criminal Sanction against trade secret threat||Year of last modificationg|
|USA||5 mln $||up to 10(for domenistic) or 15 (for foreigners) Years of Jail||1996 (Economic Espionage Act)|
|Germany||YES||up to 3 Years of Jail||1986|
|France||0.03 mln $||up to 2 Years of Jail||1992|
|Italy||YES||up to 2 Years of Jail||1942|
|Switzerland||YES||up to 3 Years of Jail||1986|
|Finland||YES||up to 3 Years of Jail||1990|
|Sweden||YES||up to 6 Years of Jail||1990|
|The Netherlands||YES||up to 4 Years of Jail||1992|
What this table show?
- Outdated law (except USA)
- Not so serious sanctions against espionage activities. (except USA)
Maybe some european policy on this could help.
We are in an economic war where the winner is not the one having more forces, but the one being more technologically advanced, and economically clever.
Chinese are demonstrating to be enough aggressive and clever, will the western countries be able to react both on the defense and the attack in this war?