American Businesses Stayed Quiet On Chinese Hackers, Amid Concerns For Profits The U.S. has largely failed to stop Chinese cybertheft of U.S. companies, but the companies themselves led the charge in keeping it under wraps.
NPR logo

As China Hacked, U.S. Businesses Turned A Blind Eye

  • Download
  • <iframe src="https://www.npr.org/player/embed/711779130/712862564" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
As China Hacked, U.S. Businesses Turned A Blind Eye

As China Hacked, U.S. Businesses Turned A Blind Eye

  • Download
  • <iframe src="https://www.npr.org/player/embed/711779130/712862564" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

AILSA CHANG, HOST:

Chinese cyber theft costs the U.S. economy at least $57 billion a year. That's what top government officials tell NPR. And that theft means lost jobs and lost wages for Americans. Three successive administrations have known about this problem and tried to deal with it. Their efforts have been largely unsuccessful. The cyberattacks have continued for nearly 15 years.

ARI SHAPIRO, HOST:

NPR and the PBS show "Frontline" have been trying to figure out why it's so hard to stop the theft. We found that one of the biggest hurdles isn't China. It's the victims - U.S. businesses. They've kept the U.S. government from acting against China, and they've made millions playing both sides of the fence. NPR's Laura Sullivan reports.

(SOUNDBITE OF TRAIN WHISTLE)

LAURA SULLIVAN, BYLINE: High above Pittsburgh on the 25th floor of an old Gothic revival building, former U.S. Attorney David Hickton sits at his desk under the photographs of five men who once worked for the Chinese government.

DAVID HICKTON: That's the wanted poster for the China case.

SULLIVAN: When Hickton took over for the Western District of Pennsylvania in 2010, he'd only been on the job a few weeks when he said he started getting calls from local companies. They told him they thought China might be inside their computer systems.

HICKTON: I literally received an avalanche of concern and complaints from companies and organizations who said, we are losing our technology - drip, drip, drip. And we don't have any apparatus in place to deal with it.

SULLIVAN: Hickton opened an investigation and set his sights on a particular unit of the Chinese military - Unit 61398. Hickman and others watched how unit officers sitting in an office building in Shanghai broke into American companies' computers at night. They stopped for an hour break at lunch and continued in the afternoon.

HICKTON: They really were using a large rake - think of a rake you rake leaves in the fall - they were taking everything. They were taking personal information. They were taking strategic plans. Then they just figured out later how they were going to use it.

SULLIVAN: It had been going on for years.

HICKTON: When I learned that we could actually pin the tail on the cyber donkey, the cyber donkey being Unit 61398, it just meant that we had a chance to actually bring the case.

SULLIVAN: But when he went to the companies, eager for them to be plaintiffs, an odd thing happened. None of them wanted any part of it. The same companies that had been complaining and new companies that had no idea they had been stolen from didn't want to be involved. Hickton says they told him they had too much money on the line in China.

Even today, five years later, Hickton still won't name most of the companies involved, and they have never come forward. Eventually, he was able to convince a handful of Pittsburgh-based companies to join the case. Mostly, he says, because he grew up here and went to school with a lot of the managers.

How many other companies do you think you could have included in this case?

HICKTON: How high can you count?

SULLIVAN: No.

HICKTON: Yeah. How high can you count? We've made a terrible mistake by being so secret about our cyber work. We have not fairly told the people we represent what the threats are.

SULLIVAN: For years, that threat remain largely underground. Government and business leaders say that wasn't an accident. U.S. companies have demanded secrecy, even in the face of outright theft. In interviews with NPR, U.S. companies said they had too much money at stake and said they had a responsibility to shareholders to manage theft problems quietly.

But now the impact of that secrecy is coming to light. Companies face hundreds of millions of dollars in future losses by keeping a secret that hand-tied U.S. officials and ultimately failed to hold China to account. It wasn't supposed to be this way. U.S. officials had high hopes when China joined the World Trade Organization in 2001.

MICHAEL WESSEL: There was a honeymoon period in the first six or seven years, a desire to try and make things work.

SULLIVAN: Michael Wessel has been a commissioner on the U.S. government's U.S.-China Economic and Security Review Commission. He says starting around 2006, businesses began coming to him saying China had stolen their designs or ideas or had pressured them into taking partnerships and taken their technology. But just like with David Hickton, Wessel says they wouldn't come forward.

WESSEL: The business community wanted the administration to come in hard without anyone's fingerprints being on the reasoning behind it. They wanted the profits, but they also didn't want the possible retribution.

SULLIVAN: Wessel says that was never going to work. The U.S. could have brought criminal cases forward, enacted sanctions or opened investigations if a company would let them. Wendy Cutler was a veteran negotiator at the office that could have done some of that enforcement, the Office of the U.S. Trade Representative. She said it wasn't just that U.S. businesses were hesitant to come forward in specific cases. She says the businesses didn't want them to take action in any cases.

WENDY CUTLER: U.S. enforcement officials were not as effective if we don't really have the U.S. business community supporting us but also providing us the information. You know, looking back on it, in retrospect, I think we probably should have been more active and more responsive. We kind of lost the big picture of what really was happening.

SULLIVAN: Court cases and documents from recent years offer a clue into what experts believe was happening. The Chinese government has been accused of stealing everything from vacuum cleaner designs to solar panel technology, to the designs of Boeing's C-17 aircraft. China has broken into gas companies, steel companies and chemical companies.

Not long ago, Chinese government companies were indicted for dealing the secret chemical makeup of the color white from DuPont. Chinese hacking made occasional headlines, but none really grabbed Americans' attention until January 2010...

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED JOURNALIST #1: Finally tonight, Google's China threat.

SULLIVAN: ...When an American company did come forward...

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED JOURNALIST #2: The world's leading search company announced yesterday it had discovered what it called a highly sophisticated and targeted attack.

SULLIVAN: ...Google decided to do what no other company had done. They announced the theft and publicly blamed the Chinese government. Thirty-four other well-known American companies had also been hacked, But to this day, most have kept it a secret. NPR tracked down 11 of the companies - none of them would comment on the hack.

James McGregor is the former chairman of the American Chamber of Commerce in China and was there at the time. He says the companies even kept the business organizations from speaking out.

JAMES MCGREGOR: What they should have done is held a press conference and said, we 35 businesses have been hacked, and you would put it right back on China. Instead, they just all hid under a rock and pretended it didn't happen.

SULLIVAN: McGregor says their silence left little room for punishment. And worse, he said, it hid the extent of the problem. Dmitri Alperovitch was one of the first to see it. He was working at a security firm in Atlanta during the Google hack. One afternoon, Google called, said they needed backup. Alperovitch is a well-known cyber sleuth. He says when he took a look, he was stunned.

DMITRI ALPEROVITCH: I knew pretty much right away that this is something very different. For the first time ever, we were facing a nation state, an intelligence service that was breaking into companies - not governments, not militaries, but private sector organizations.

SULLIVAN: Where was the U.S. government on all of this?

ALPEROVITCH: The U.S. government was nowhere to be seen.

SULLIVAN: Evan Medeiros was on staff at the National Security Council at the time and a top China specialist under President Obama. He says they didn't turn a blind eye. Obama signed an agreement with China to address the hacking. But he says the administration also had other priorities - North Korea, Iran, the economy, climate change.

EVAN MEDEIROS: Direct confrontation with China does not usually result in lasting solutions.

SULLIVAN: It seems like not confronting China did not provide any solutions either.

MEDEIROS: I mean, if you want big structural change, it takes time. The question is, do you want to play checkers? Do you want to play chess?

SULLIVAN: But without repercussions, the attacks continued. In the year after the Google hack, Dmitri Alperovitch uncovered two more serious intrusions into American companies. In the fall of 2011, he went to the White House to warn officials about what he had found. He sat down in the Situation Room with half a dozen top administration leaders.

ALPEROVITCH: I got the distinct impression that none of this was news. And when I pressed them on why they were not taking stronger action against China, their response was it's complicated.

SULLIVAN: Did they explain that?

ALPEROVITCH: Yes. Essentially, the answer was, we have a multifaceted relationship with China. Some of those same companies that were being victimized by China also wanted to continue doing business in China.

SULLIVAN: So I asked James McGregor, the American business representative from China.

How can businesses walk into United States agencies and complain about being treated unfairly if they're the ones that are preventing any action from being taken?

MCGREGOR: Well, sometimes two things can be true at the same time. Companies were afraid of China. There's this whole Tony Soprano side of the party that will come in and teach you a lesson and you better not complain. American business companies did what they - their incentives are to make money, you know.

SULLIVAN: How's that working out for them?

MCGREGOR: Well, it's - let's just say they're now facing - they're woke, you know.

SULLIVAN: Today, McGregor advises dozens of companies doing business in China and says that awakening has meant acknowledging they've got a problem. China's no longer an up-and-comer. It's a true competitor closing in on America's high-tech sector. And officials are beginning to ask whether years of theft and hacking have given China an edge the United States will no longer be able to stay in front of or whether U.S. government agencies will be able to catch up on enforcement.

Top government officials told NPR federal agencies are years behind where they could have been if the theft had been openly addressed. Even at the Pentagon, as late as 2014, cyber theft from China was not one of the department's top priorities.

ROBERT SPALDING: Our intelligence agencies were looking at the Middle East. They were looking at the Russians. We had more Pashto Urdu speakers than we had Chinese speakers in the intelligence apparatus.

SULLIVAN: Air Force Brigadier General Robert Spalding worked for the Joint Chiefs of Staff and was a China expert for the National Security Council. He had never given the issue much thought. But in the fall of 2014, he loaded a confidential briefing into his computer. It was case after case where the Chinese government had stolen the product designs from almost a dozen high-tech American companies.

SPALDING: It immediately changed my conception, my view of the world. I realized I did not know how the world worked.

SULLIVAN: Spalding says he made it his mission to get the word out to other government agencies. But even in 2015, he says he was met mostly with a shrug.

SPALDING: We went to Commerce, and we went to Treasury and U.S. Trade Representative and State Department. The two responses we got were, oh, my gosh, this is really, really bad. And the second one is, that's not my job. And that was almost the universal answer that we got. Every time we went to a senior leader - bad problem, but not my problem.

SULLIVAN: Spalding, who retired from the Air Force last year, says in the final years under President Obama and now under President Trump, agencies are finally starting to take some action. The Justice Department is bringing criminal cases. The trade office is investigating China's dealings. And both administrations have brought concerns to the Chinese directly. But Spalding says it may have come 10 years too late.

SPALDING: We all missed it. We have to understand the problem and then get to work on it.

SULLIVAN: Today, the Trump administration is wielding billions in trade tariffs to bring China to the table on a host of issues and hopes to negotiate an end to cyber theft as part of any trade agreement. But it may be years before the American public has a full understanding of what it has lost. Laura Sullivan, NPR News.

Copyright © 2019 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.