US-China cyber security wrangle lies ahead

Sitting down at their summit in California this week President Xi Jinping and President Barack Obama will find one new issue near the top of their agenda: the theft by Chinese hackers of US commercial and trade secrets.

Cyber security, as it's often called, will be, I've been told, number two on the list of concerns the US raises with China's new leader. That puts it second only to American worries about North Korea, where the White House is concerned about Pyongyang's nuclear programme and recent threats to launch attacks on US forces and allies, and a more urgent issue than Syria or Iran.

Even three or four years ago, cyber spying did not figure nearly so prominently. What has prompted its dramatic rise is the perception in the US that the theft of information by Chinese hackers from US companies is now rampant.

Kenneth Lieberthal, a former director for Asia on President Bill Clinton's National Security Council and now at the Brookings Institution, said "we have a good idea of what they are stealing and the quantity is enormous."

Speaking in Beijing, Mr Lieberthal told me "the loss of that scale of proprietary information has got to be very worrisome".

"It affects American competitiveness, it affects the willingness of our companies to invest in innovation if the results are going to be appropriated illegally elsewhere. It affects American jobs so it is a very serious set of issues. And it is one that will get a lot of attention at this summit."

The issue is complicated by the fact the world's number one and two economies are today so intertwined. American companies want to sell to China and want access to its market. Chinese firms want to invest in America.

A rising China is hungry for advanced technologies. But the US is warning that stealing them will not serve China's long-term interests or help it develop its own innovation culture.

The interdependence was there to see at the US-China CEO Dialogue in Beijing this week. Several dozen top US and Chinese business leaders, current and former cabinet-level officials, diplomats and others were discussing trade and investment opportunities. Among the American firms represented were oil majors like Exxon Mobil and technology giants like Microsoft and Western Digital Corporation.

But behind the smiles for the group photographs, America's most powerful business figures are urging their government to act.

A report last month by the independent Commission on the Theft of American Intellectual Property put losses to the US from IP theft at as much as $300bn (£192bn) a year. It said 50-80% of the thefts were thought to be by China.

Ryan Lance, chairman and CEO of the oil giant ConocoPhillips, told me concerns about cyber attacks would be a major talking point at the CEO dialogue.

"We get intrusions into our systems daily," he said. "They come from all over the world, so it's not just an issue in particular with China. But certainly, as a company, we have to protect our data, protect our intellectual property, and we spend a lot of time and effort doing that."

When pressed whether ConocoPhillips' computers were being targeted from China, he said unequivocally, "We believe so. Yes."

The Pentagon recently accused Chinese hackers of stealing defence technology from US contractors. Among the information taken is believed to be designs for America's latest stealth fighter the F-35, for helicopters and combat ships, Patriot missiles, and the US' most advanced missile defence systems.

Those thefts may have been damaging and embarrassing for America, but, privately, officials say both sides agree nations will always attempt to steal military and political secrets from each other. The US does the same to China.

Xu Guangyu, a former PLA general, says "What's the fuss? Getting information, especially military information from other countries didn't just begin with the internet. Spying has been around for hundreds of years. It's normal."

But what is concerning America is the fact that the Chinese state appears to be behind a concerted campaign targeting sensitive or technical information held by US private businesses.

Many companies are reticent about revealing what information they have lost. But it's known that among the targets in the US have been companies like Coca Cola, media firms like The New York Times and the source codes that are at the heart of Google's systems.

Google said it traced the hacking of its computers over three years ago to a technology college in Shandong province. The college denied it had anything to do with the attacks.

But Kenneth Lieberthal says the US is making cyber theft a public issue, as it believes there is clear evidence China's military is involved.

"There are a couple of major groups in China that account for a substantial amount of the damage," he says.

"They are very well organised. They are at it every day, they are quite skilled, especially at intrusion. But they aren't as skilled at covering up their tracks and we have a very good idea who they are."

So China's Mr Xi is likely to be told by Mr Obama at their summit that a Chinese People's Liberation Army unit in Shanghai has been linked to the attacks. The US technology firm Mandiant has detailed how the PLA unit appears to be behind assaults on private US firms.

And Kenneth Lieberthal says the US president will say that China must rein in the cyber thieves.

Politically the issue is becoming highly-charged in America. That's why it is now so high up the agenda, and if China doesn't act, then the thefts from private companies risk damaging US-Chinese relations.

"This has all the characteristics that poison a relationship," said Mr Lieberthal.

"From the American citizen's point of view, this is Communist China coming over and stealing our secrets and using them against us. It is the worst possible image of the country and unfortunately Chinese behaviour is feeding that image."

China often says the sources of the hacking are unclear or can't be determined, and it too is a victim of US attacks.

But a quick search online is enough to see China has a growing industry around cyber attacks. You can find people offering lessons in hacking, hacking software for sale, even Chinese hackers for hire. They offer to steal information for you, or for $30 an hour, take any website you want offline.

China is churning out ranks of cheap, skilled computer programmers. Some though aren't launching attacks, instead they are working to stop them.

From offices in Beijing, a group of programmers are developing codes to protect systems from DDOS attacks. The firm, Nexusguard, helps protect companies in Asia, America and Europe from online assaults.

William Guo, Nexusguard's technical manager, believes Chinese hackers can earn huge sums.

"These kind of attacks are very common," he said. "They are very easy to launch and hard to mitigate against. From the attacks I saw, mostly it's for money."

He said hackers either get paid to attack someone else's systems or try to blackmail companies, and he's heard claims one group of hackers earned more than $10m before they were caught.

What Mr Obama may not say to Xi Jinping is exactly what the US may do if China does not help curb the thefts. But pressure is rising for the US to respond, as cyber crime is now harming US companies and jobs, damaging American competitiveness and innovation.

As Mr Lieberthal warns: "If we start seeing a lot of products showing up that clearly embody stolen technologies from the US, I think you are going to see measures eventually taken that impose tariffs, that bar those goods from the US, in other words try to change the economic calculus if reasoning with China's government does not produce sufficient results."