-
27 Cyberespionage
- Georgetown University Press
- Chapter
- Additional Information
291 27 Cyberespionage A clever computer programmer in the immediate future will unleash electronbased “cyberagents” to recover more vital information in a day than a thousand fictional James Bonds could recover in a lifetime. KEITH MELTON, intelligence historian, “Spies in the Digital Age” According to a report from the NCIX on cyberespionage, when FBI agents arrested Boeing engineer Dongfan Chung in 2008, they discovered 250,000 pages of US government documents squirreled away in his home, roughly the equivalent of four, four-drawer filing cabinets.1 Jonathan Pollard, who provided Israel with an estimated 1 million pages of documents during his spying career, packed satchels full of materials, smuggled them out of his office, and stuffed them into a suitcase for delivery to his handlers. Pollard first came under suspicion when a fellow employee noticed him lugging batches of documents from his office building and reported the incident, which led to an investigation and the spy’s arrest. (Pollard’s story is recounted in detail in chapter 16.) As these examples illustrate, the storage and transmission of secrets are risky elements of espionage and can lead to a spy’s demise. In the past, intelligence services have surmounted these obstacles by using various devices, such as microdots or miniature cameras to film documents, but even these methods entail risk. Now, however, government secrets, like much of the Espionage in the New Millennium 292 world’s information, reside more in computers than in locked cabinets or vaults. Advances in computing technology are ideally suited to espionage and have significantly reduced the risk of clandestine communications. Spies like Pollard and Chung can now transmit larger volumes of computer data at higher speeds by means of smaller and thus easily concealed devices. As the NCIX report notes, the bulk of materials found in Chung’s house could easily fit on a cheap compact disk.2 The same documents could be downloaded as well to a small flash drive or memory card capable of storing large amounts of information, then hidden in an innocuous-looking file on a computer and instantly transmitted by a spy to his handlers. The storage capacity of these portable devices will continue to increase exponentially in the future. At some point, a spy may be able to download the complete holdings of entire agencies into such devices. Aside from the threat from insiders, remote cyberintrusions eliminate the foibles of the human spy—his risky downloading of information at his job, forensic audits of his computer usage, or simple mistakes that could lead to detection.3 These remote intrusions are commonly described with the term “hacking,” that is, the unauthorized access to and manipulation of information systems. In the early days of hacking in the 1970s, young electronic engineers and computer scientists applied their skills to mischief making or small-scale theft. By the end of the 1980s, early evidence of computer hacking for espionage had surfaced. A cabal of West German hackers approached the KGB to sell the fruits of its computer penetrations to steal defense and technology information from US government computer systems. Clifford Stoll, a researcher at the Lawrence Berkeley National Laboratory, discovered an unauthorized user on the lab’s network and doggedly tracked the hacker until he was finally identified and arrested by the German authorities. Stoll kept a daily log of his activities and documented the hunt in The Cuckoo’s Egg, one of the early landmark studies of cyberespionage.4 Computer hacking contributed significantly to a dramatic increase in economic espionage. The digital theft of US trade secrets has resulted in substantial commercial losses to both large and small companies in a broad spectrum of industries. Accurate financial losses are difficult to calculate. As the NCIX report notes, estimates range widely, from $2 billion to $400 billion.5 The victims often do not even know that their proprietary informa- [3.238.161.165] Project MUSE (2024-03-28 22:45 GMT) Cyberespionage 293 tion has been stolen; in other cases, companies are reluctant to report computer intrusions out of concern for reputational damage. And companies use different criteria to estimate losses, which also contributes to the wideranging estimates. Despite the lack of exact estimates, the losses are sizable and cost corporations—and, ultimately, consumers—billions of dollars. The NCIX report was the first comprehensive and publicly blunt admission by the US government that the PRC is the major perpetrator of cyberespionagetostealAmericanmilitary ,economic,andtechnologicalinformation. This allegation was based on considerable evidence. In the past decade...