The Omnivore Bites Back

Okay, okay, I should have used a pun on “Echelon” for my title here, not “Carnivore.” After all, it was that earlier SigInt program that the US and its Anglophone partners used to steal industrial secrets in the 1990s.

The point being that, while I am concerned by McAfee’s description of the extent of the data theft carried out in the last six years using a hack it calls Shady RAT, I am also cognizant that the US has used equivalent tactics to steal intellectual property in the past and present.

What we have witnessed over the past five to six years has been nothing short of a historically unprecedented transfer of wealth — closely guarded national secrets (including from classified government networks), source code, bug databases, email archives, negotiation plans and exploration details for new oil and gas field auctions, document stores, legal contracts, SCADA configurations, design schematics and much more has “fallen off the truck” of numerous, mostly Western companies and disappeared in the ever-growing electronic archives of dogged adversaries.

What is happening to all this data — by now reaching petabytes as a whole — is still largely an open question. However, if even a fraction of it is used to build better competing products or beat a competitor at a key negotiation (due to having stolen the other team’s playbook), the loss represents a massive economic threat not just to individual companies and industries but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape and the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world, not to mention the national security impact of the loss of sensitive intelligence or defense information.


McAfee provides all the clues to make it clear China is behind these hacks–though it never says so explicitly.

The interest in the information held at the Asian and Western national Olympic Committees, as well as the International Olympic Committee (IOC) and the World Anti-Doping Agency in the lead-up and immediate follow-up to the 2008 Olympics was particularly intriguing and potentially pointed a finger at a state actor behind the intrusions, because there is likely no commercial benefit to be earned from such hacks. The presence of political non-profits, such as the a private western organization focused on promotion of democracy around the globe or U.S. national security think tank is also quite illuminating. Hacking the United Nations or the ASEAN (Association of Southeast Asian Nations) Secretariat is also not likely a motivation of a group interested only in economic gains.

The report is perhaps most interesting because of some of the entities–along with the defense contractors and US and other government agencies–described as targets of this hack: a number of construction companies (which could include companies like KBR), real estate firms, various state and county governments, two think tanks, and the NY and Hong Kong offices of a US media company. These are where the secrets China wants to steal are kept.

The problem, of course, is that our intellectual property is one of the few advantages the US has left. Our exports are increasingly limited to things that rely on legally enforcing intellectual property to retain its value: drugs, movies and music, software, GMO ag. Which sort of makes China’s ability to sit undetected in the servers of these kinds of organizations for up to 28 months a bit of a problem.

Good thing the FBI is busy going after hacktavists and whistleblowers instead.

17 replies
  1. tib says:

    The idea of intellectual property is misguided. In the information age ideas that are kept secret are worthless, ideas have value when they are used, shared and put together to build new ideas.

    One of the most valuable US intellectual properties, the Android mobile operating system, is open source and free to anyone who wishes to use it. Both Android and the iPhone iOS are build on the open source Unix operating system.

    The US IP that is most valuable, and most worth stealing, can be had for free, McAffee notwithstanding.

  2. Gitcheegumee says:

    I don’t know if any here recall EW hosting an interview with Tim Shorrock,here at the wheelhouse,last year.

    Here is an excerpt from Shorrock:

    Shorrock describes, for example, [Mike] McConnell’s key role in the formation of the Intelligence and National Security Alliance (INSA), a trade organization that serves as a bridge between large intelligence contractors (like Booz Allen, SAIC, Computer Sciences Corporation, and ManTech) and the officers from CIA, NSA, and DHS who join them on the board of the organization. “INSA,” Shorrock explains, “is one of the only business associations in Washington that include current government officials on their board of directors.” Shorrock describes how INSA worked with the DNI (back when John Negroponte was DNI and McConnell was head of INSA and a VP at Booz Allen) to foster information sharing in the intelligence community–including with contractors. He reports that, for the first time in 2006, INSA’s contractors were consulted on the DNI’s strategic plans for the next decade. And Shorrock describes one intelligence veteran wondering “if INSA has become a way for contractors and intelligence officials to create policy in secret, without oversight from Congress.”

    McConnell, after nurturing this enhanced relationship between contractors and government intelligence services, ascended to serve as DNI. He was, Shorrock points out, “the first contractor ever to be named to lead the Intelligence Community.” Once confirmed, McConnell immediately buried a report assessing the practice of outsourcing intelligence. And he worked to further expand the ties between government spying and its contractors.


    [The warrantless wiretap program] not just about Bush and Cheney ignoring laws and spying on citizens (though it is that). It’s that, in the name of fighting terrorism, the Bush Administration is creating a monstrous new Intelligence-Industrial Complex in which intelligence contractors and the government collaborate–with little oversight–to snoop at home and abroad.

    NOTE: re 2006

    “He reports that, for the first time in 2006, INSA’s contractors were consulted on the DNI’s strategic plans for the next decade.” It may be coincidence,but this fiits with the time frame McAfee quotes as the beginning of historically unprecedented transfer of wealth.

    Incidentally, was there ever an actual figure provided as to how many contractors actually have security clearance?

  3. Gitcheegumee says:

    FDL Talks Intelligence Contracting with Tim Shorrock | Emptywheel

    Jul 21, 2010 – … not least when we hosted Tim Shorrock–who wrote the book on intelligence contracting, Spies for Hire–for a book salon two years ago. ……/fdl-talks-intelligence-contracting-with-tim-shorrock/

  4. rugger9 says:

    Pointing fingers at China’s government is quite warranted, but it is doubtful anything will be actually DONE about these blatant violations [along with the currency manipulations] of the PRC’s treaty obligations with the various powers. This was all well known prior to Shrub pushing through Most Favored Nation status as a payoff for something the PRC did [or extortion] for him. After all, this is the same government that forced down a P-3 Orion in international airspace to get the latest spook gear off of it [Shrub did nothing about this ACT OF WAR, BTW], and sent the plane back to us in a box. It’s a wonder Shrub didn’t deliver Taiwan tot he PRC in a box as well.

    The Sovs did the same thing, e.g. why build IP/tech if you can steal it? One of their most famous early attempts was the “Yankee” class boomers, so called because the design was taken from the Revell model found in the craft stores. Rumor has it the earliest ones didn’t have the shielding needed for safe reactor ops [the model didn’t have any], not sure how true that one is in terms of scuttlebutt. The PRC is following a well-tested method for coming up to speed quickly, and they are motivated.

    On our side, Bushie incompetence guaranteed there would be holes, and the burrowers are still there. If there is a quid pro quo between Darth/Shrub operatives and the PRC, and I wouldn’t put it past the Bushies to do something like this to America, I think we will see something happen pretty soon, perhaps using the DPRK as the proxy. Just how compromised our defense systems are will be apparent then. Also note that PRC is notorious for finding ways to sidestep the Commerce Department restrictions on materials, routinely creating new shell companies when old ones are found out. In addition, while there are those that claim the PRC spends far less on defense than we do, there are some things to keep in mind: first, the MoD has many satellite companies and wholly-directed if not technically owned subsidiaries, meaning that the dollar estimate on defense is quite low. Nothing happens there on that scale without state approval, whether implicit or direct, and the government spies ensure compliance, and these are operations expected to deliver information for their masters. The fact that the entire government system is geared toward information acquisition cannot be ignored.

    FWIW, what keeps the PRC out of Taiwan is the lack of amphib assault capability, combined with the fact they have no real carriers for air assault/support [though this last is just about to change with the work on the Russian-supplied ship their rebuilding, she’s in sea trials I believe), combined with the treaty of mutual defense we have with Taiwan dating to 1949. I’m sure Shrub had that on the chopping block as a giveaway, but he ran out of time in office.

  5. rugger9 says:

    The issue regarding the pervasive government control becomes more telling [damning] when we look at the responses and excuses for the various poisonings brought on by melamine, lead paint, poisoned drywall, swapped chemicals to mask problems, etc., etc., perpetrated by the Chinese contractors. Not only has the PRC donr nothing about these, they never paid any $$$ out to those hurt and/or killed by their poisoning. The PRC knew the garbage they were sending out, knew it would kill Americans, and they are just fine with doing that.

  6. Gitcheegumee says:

    ACLU of Connecticut Seeks Details on Government Phone Tracking …

    Connecticut Watchdog – 50 minutes ago
    The ACLU of Connecticut sent FOI requests today to the Connecticut State Police and … about calls to and from 180 mobile phone numbers from nine carriers, …14 related articles

    ►ACLU Seeks Details on Government Mobile Phone Tracking in Massive ……/aclu-seeks-details-government-mobile-phone-tracking- …51 minutes ago –

    NOTE: Many states have joined this effort ,not just Connecticut.

  7. Gitcheegumee says:

    “historically unprecented transfer of wealth” brought this to mind:

    Goldman Sachs Loses Grip on Its Doomsday Machine: Jonathan Weil …

    Jul 8, 2009 – Never let it be said that the Justice Department can’t move quickly when it gets a hot tip about an alleged crime at a Wall Street bank.

    NOTE: Anyone recall the Russian GS programmer ? This Bloomberg piece addresses some interesting queries?

  8. William Ockham says:

    A few comments on this based on a quick “over lunch” reading of the MacAfee article:

    1. I’m not so sure that China is the only possible suspect. North Korea seems a likely possibility. Look at the trend in victims. It starts in South Korea. Also, this attack was cheap. It didn’t take a lot of money or skill. The stuff used was off-the-shelf malware in common circulation.

    2. There’s a lot missing from this story. MacAfee doesn’t want to admit how many of these victims were using MacAfee’s software and still got hit.

    3. Don’t click on links in emails, even from people you know. For example, my William Ockham email account was hacked very briefly (less than 5 minutes) on Monday (at 2:33pm CST). In that time, at least two people in this community (John Forde and John Lopresti) got emails from me with links to an untrustworthy site. In this case, the links were pretty obviously bogus, but a more clever hacker would have crafted a better attack url. The attacker also sent the same link to my real work account (FYI, my name is not really William Ockham). If I had clicked on it, it is entirely possible that my work laptop would have been infected and my employer would have been “pwned”. I have admin privileges on my machine and complete access to essentially all the data in my organization. Just think, if it had been the shady rat they would have eventually been able to steal Karl Rove and Scooter Libby’s identities. Seriously, we’ve got the data necessary to do that.

    [And before anyone asks, yes, it is a constant temptation, but, no I’m not going to do anything bad to the Cheney-Bush gang.]

  9. rugger9 says:


    Of course only FISA as far as I know permits warrantless wiretapping and only if one of the targets is foreign or a foreign agent. I’m not sure PATRIOT extended this elsewhere [i.e. the thoroughly abused NSLs were needed] as I recall the discussion was about the retroactive immunity for the telecoms, but even FISA has the 72 hour window after which warrants are required. But, news like this ought to give LIEberman wet dreams. Too bad it’s a state agency doing this, not feds, and so would be uncovered by any federal regulation [GWOT-tm being their meal ticket], maybe their looking for speeders. Either way it’s an abuse of power.

  10. emptywheel says:

    @William Ockham: Wait. All these years and you just now tell us that you’re not really William Ockham? Well, I should think you could have let us know sooner!

  11. William Ockham says:

    @emptywheel: I know you are joking, but I outed myself way back at TNH when your book was published.

    OT: There is an interesting discussion going on over at TPM about anonymity, pseudonymity, etc.

    You can only comment on that particular page with your Facebook account. I don’t have one, but perhaps I should create one for William Ockham. When I finally got around to getting a Twitter account, William Ockham was taken (apparently by a real William Ockham from Austria). I had take WilliamOckhamTX on Twitter…

  12. Garrett says:

    I noticed probes on my servers, coming from China, starting around 2006.

    And that my local swamp of infested Verizon DSL home customers had an astonishing interest in my database ports. Mostly the Windows database ports. But all of them.

    I wrote it off as zombie machines seeking email accounts to use to spam Viagra and fake Rolexes.

    commercial benefit to be earned from such hacks.

    Zombie email spamming was the standard explanation of the time. But with hindsight, about the database port probes: perhaps not.

  13. rugger9 says:

    @William Ockham:

    Just so you know, North Korea = China.

    Something like 90% of the DPRK’s energy comes from the PRC, so the DPRK does the PRC’s bidding. The DPRK is useful as a distraction when the PRC is up to something else.

  14. Gitcheegumee says:

    rugger9 @ 2:26pm”

    Global Research has an impressive collection of pieces written by Tom Burghardt.

    Here is the latest title and worth a look:

    The Obama Administration’s “Secret Law” to Spy on Americans
    – by Tom Burghardt – 2011-07-31

    The FBI isn’t the only agency shielded by the Justice Department under cover of bogus “state secrets” assertions by the Obama administration.

  15. alinaustex says:

    Given how badly Obama caves on what we hold dear -ie good jobs here , not bad trade deals over there
    Should we not have a primary debate -any chance of doing that ?

Comments are closed.