WASHINGTON -- U.S. intelligence officials accused China and Russia on Thursday of systematically stealing American high-tech data for their own national economic gain.
It was the most forceful and detailed public airing of U.S. allegations after years of private complaints. U.S. officials and cybersecurity experts said the U.S. must openly confront China and Russia in a broad diplomatic push to combat cyberattacks that are on the rise and represent a "persistent threat to U.S. economic security."
But experts said solving the problem won't be easy.
In a report released Thursday, U.S. intelligence agencies said "the governments of China and Russia will remain aggressive and capable collectors of sensitive U.S. economic information and technologies, particularly in cyberspace."
Speaking at a forum at the National Press Club, Robert Bryant, the national counterintelligence executive, said the U.S. is finally making the charges public because China and Russia are stealing sensitive U.S. technology data.
If Russia and China build their economies on stolen U.S. data, "that's not right," Bryant said. "We want to basically point out what the issue is. We want to be worried and we want to be careful, but we also want there to be an awareness and, frankly, drive that toward solutions where we work together to bring this under control."
The report is part of an increased effort by U.S. officials to highlight the risks of cyberattacks in a growing high-tech society. People, businesses and governments are storing an increasing amount of valuable and sensitive information online or accessing data through mobile devices that may not be as secure as some computers.
The Obama administration has urged individuals and the corporate world to better protect their data. Thursday's report is a clarion call, cybersecurity experts said.
"We should have done this years ago," said James Lewis, cybersecurity expert and senior fellow at the Center for Strategic and International Studies. "We've pretended it hasn't been happening, but that's not the case. I hope this is the first in a series of documents that lays out the huge problem the U.S. is facing."
The U.S. points fingers at Russian and Chinese intelligence services and corporations based in those countries or tied to the governments.
The intelligence report, however, did not say how many of the cyberattacks are government-sponsored and would not name other countries that pose similar but lesser threats. It suggested that U.S. allies may be using their access to American institutions to acquire economic and technology information.
China had no immediate response to the report, which was issued after normal business hours Thursday in Beijing.
China has consistently denied engaging in cyberspying and, at a regularly scheduled news briefing Wednesday, Foreign Ministry spokesman Hong Lei reiterated Beijing's insistence that it also has been attacked.
"China is a major victim of hacking," Hong said. "China is ready to build, together with other countries, a peaceful, secure and open cyberspace order."
He added, "As for the remarks from certain quarters, I would point out that hacking attacks have no boundaries and are anonymous. Speculating on the origin of the attacks without investigation is neither professional nor responsible."
China has been linked to a number of high-profile breaches.
Google Inc., operator of the Internet's most popular search engine, disclosed two sophisticated attacks against its systems that it believes were launched from China. The disclosures touched a nerve for technologists, government officials and human rights advocates alike because of the unique roles Google and the Chinese government have in shaping what is seen -- and not seen -- on the Internet by citizens of the world's most populous country.
In one attack, some of Google's intellectual property was stolen in a computer attack that also targeted at least 20 other large companies. And earlier this year Mountain View, Calif.-based Google said it believes hackers in China broke into the Gmail accounts of several hundred people, including senior U.S. government officials, military personnel and political activists.
The report also noted other incidents linked to China:
-- Last year computer security firm Mandiant reported that data was stolen from a Fortune 500 manufacturing company during business negotiations when the company was trying to buy a Chinese company.
-- Earlier this year, McAfee traced an intrusion to an Internet protocol address in China and said intruders took data from global oil, energy and petrochemical companies.
While officials could not pin down an exact economic cost to the U.S. government and businesses, they said the losses are extremely significant.
"(China's) continued theft of sensitive economic information is a threat to our national security, hurts American businesses and workers, and causes incalculable harm to global economy," said the chairman of the House Intelligence Committee, Rep. Mike Rogers, R-Mich. "This once again underscores the need for America's allies across Asia and Europe to join forces to pressure Beijing to end this illegal behavior."
The escalating rhetoric carries its own political risks, particularly as the U.S. has tried to improve relations with China and Russia. China is a key lender and trading partner, and the U.S. has relied on Beijing to put pressure on its longtime ally North Korea to negotiate over its nuclear program.
Russia, meanwhile, is a key vote in the U.N. Security Council, particularly on issues involving Iran sanctions and nuclear arms reduction.
Both were Cold War enemies whose motives and government workings are often purposely opaque to American partners or competitors.
"We have to start being more confrontational," said Lewis, adding that the U.S. needs to have a more muscular trade policy and make sure that World Trade Organization rules are observed.
The report said foreign intelligence services have used independent hackers as proxies, thereby giving the agencies "plausible deniability."
And it also accused the Chinese of being "the world's most active and persistent perpetrators of economic espionage."
Attacks from Russia are a "distant second" to those from China, according to the report. But it said Moscow's intelligence services are "conducting a range of activities to collect economic information and technology from U.S. targets."
The report said some of the most desired data includes communications and military technologies, clean energy, health care, pharmaceuticals and information about scarce natural resources. Of particular note, the report said, is interest in unmanned aircraft and other aerospace technology.
U.S. officials have called for greater communication about cyberthreats among the government, intelligence agencies and the private sector. The Pentagon has begun a pilot program that is working with a group of defense contractors to help detect and block cyberattacks.
The report, issued by the national intelligence director's office of the counterintelligence executive, comes out every two years and includes information from 14 spy agencies, academics and other experts.
"We have to do a lot to scare those other guys into thinking `don't do it or bad things will happen to you' but after we do that, we have to solve it here, at home," said Alan Paller, director of research at SANS Institute, a computer-security organization.
"We need to say, `if you allow your citizens to attack computers in our country, causing massive damage, we have the right to cause massive damage in your country."'
------
Associated Press writers Christopher Bodeen in Beijing, Sagar Meghani in Washington and Jordan Robertson in San Francisco contributed to this report.
Connect with the Southeast Missourian Newsroom:
For corrections to this story or other insights for the editor, click here. To submit a letter to the editor, click here. To learn about the Southeast Missourian’s AI Policy, click here.