Petronella Blog Archive

Visit our New Blog

How Bad is Chinese Hacking?

Blog Post

That a lot of cyberattacks come from China is not exactly unknown, but just how widespread and costly is Chinese hacking?

Over the last few years, Chinese agents have stolen a ridiculous amount of email, passwords and other data from American companies to benefit Chinese companies.  Some of the information stolen includes business strategies and industrial designs for products that have been shipped back to the US at a lower cost.

There have been numerous cases where China stole from competitors or even companies they were working with in the US:

  • During a trade dispute, China is accused of having stolen 7,0000 employee passwords from ATI.
  • Alcoa had almost 3,000 emails stolen, including close to 900 attachments, during negotiations with a business firm in China.
  • The FBI notified SolarWorld that China had allegedly stolen business strategies, P&L statements, research and development information and more.  SolarWind didn't even know there had been a leak.
  • U.S. Steel developed specialized piping used for fracking, but then started noticing the same piping being sold by state-owned companies from China at much lower prices.  This eventually led to sanctions being leveled at China.
  • Westinghouse was negotiating with a Chinese company to build several nuclear power plants.  China was then suspected of stealing 1.4 gigabytes of data, including designs file and sensitive email communications.

Why does this happen so much?  Chinese hackers are savvy.  One trick is to spoof or even use email accounts of high-ranking employees to gain extra information or access.  If your boss sends you an attachment, you're not likely to question it, right?  Why would you suspect there's malware loaded in the file?

The attacked companies are usually cognizant of internet security.  Malware scans are done and employees are made aware of security measures and practices, but it's just not enough.  What can be done?  One solution is to basically rebuild the internet.  Another solution, which is foolproof but comes with some obvious downsides, is to just unplug.