Five Eyes intel chiefs warn China's IP theft program now at 'unprecedented' levels
Spies come in from the cold for their first public chinwag
Intelligence chiefs of the Five Eyes alliance today warned that Chinese government spies stealing IP and other sensitive data from private companies pose an "unprecedented" threat to national security.
The five from the US, UK, Canada, Australia, and New Zealand all appeared together on stage for the first time ever at a summit hosted by Stanford University's Hoover Institution, a public policy think tank. The discussion, hosted by former US Secretary of State Condoleezza Rice, centered on emerging technology and securing innovation.
Will Chinese giants defy US sanctions on Russia? We asked a ZTE whistleblowerREAD MORE
"There is no greater threat to innovation than the Chinese government," said FBI Director Christopher Wray.
This threat goes well beyond the traditional nation-state spies stealing government secrets from other counties, added Australian Security Intelligence Organisation Director-General Mike Burgess.
"The threat is that we have the Chinese government engaged in the most sustained, scaled, and sophisticated theft of intellectual property and acquisition of expertise that is unprecedented in human history," Burgess said.
This is challenging in its "scale and breadth," said Wray, citing the PRC's hacking program, which he has repeatedly said is bigger than that of every other nation's combined.
"Combine that with human intelligence operations," Wray said, noting that this includes not just "traditional spies" stealing trade secrets from private-sector businesses and research institutions.
Chinese President Xi Jinping's cyber squads also recruit non-traditional spies such as business insiders and use "seemingly innocuous joint ventures investments," Wray added. "So part of what makes it challenging is all of those tools deployed in tandem at a scale that the likes of which the world has never seen."
Zeroing in on emerging tech
Increasingly, Chinese government IP thieves are focusing on emerging technologies – AI, quantum computing, biotechnology, robotics, and automation. The especially worrisome part of those efforts, according to the Five Eyes, is that China and other adversarial nations like Russia and Iran don't consult laws or safeguards when deploying such technologies.
Using AI as an example, Wray said: "Right now, where it's most dangerous is essentially taking junior varsity bad actors and bringing them to the varsity level. But in fairly short order, we're going to be seeing AI taking the varsity level athletes to a whole other level of dangerousness."
- China caught – again – with its malware in another nation's power grid
- Five Eyes nations detail dirty dozen most exploited vulnerabilities
- US Navy sailor admits selling secret military blueprints to China for $15K
- US cyber chiefs warn AI will help crooks, China develop nastier cyberattacks faster
AI can be used to scan for vulnerabilities to exploit, and to write code to exploit those vulnerabilities, according to Wray.
The Register observes that AI's ability to write malware is disputed by private security researchers. The consensus seems to be that AI can help experienced coders save time and has the potential to write exploit code by itself. But at this point, AI still requires human intelligence to create malware.
Wray said that miscreants are also using AI to pull off more sophisticated spear-phishing attacks. AI is also good at producing content for disinformation campaigns, including deepfake audio and images, and China is already taking full advantage of this capability, he added.
"AI [can] enhance things like virtual kidnappings, where parents get a call and they think their child's been kidnapped," Wray said. "But now AI can mimic your child's voice, so it sounds even more credible."
AI's nastier applications means that government spies, and not just those from China, are interested in stealing data from and recruiting insiders at startups, universities, and other organizations developing these emerging technologies.
"If you are working at the cutting edge of technology today, you might not be interested in geopolitics, but geopolitics is certainly interested in you," said MI5 Director General Ken McCallum. "Lots of people who, perfectly understandably, may not previously have thought that national security had anything to do with them do need to think about this in a new way."
To this end, Tuesday's summit also included discussions between the Five Eyes intelligence leaders and business execs about expanding private-public partnerships to better protect innovation and national security.
These "Five Principles," as the intel chiefs called them, will "better inform innovators around the types of threats we face and what they can do about it," said Andrew Hampton, Director-General of the New Zealand Security Intelligence Service. ®