Cyber Kleptomaniacs: Why China Steals Our Secrets

When President Obama expressed “serious concern” about the cyber espionage being conducted against America by its “enemies” in his February 12th State of the Union message, he did not name names. But the statement came just two days after leaks from a US national intelligence estimate identified China as the most serious culprit. In recent months, the administration has been more direct. During his summit with China’s new President Xi Jinping in California in early June, Obama elevated commercial cyber espionage to one of the two leading issues (a nuclear-armed North Korea being the other) that divide the two countries. Secretary of Defense Chuck Hagel had struck a similar chord a few days earlier at his opening address at the Shangri-La Dialogue meeting of defense ministers in Singapore, when he referred bluntly to the Chinese state and military entities that are stealing commercial secrets from American firms in cyberspace. And, in a speech to the Asia Society in New York in March, outgoing national security adviser Thomas Donilon said that cyber espionage by state-based or state-funded entities is now at the “forefront” of American-Chinese relations, adding that “US businesses are increasingly speaking out about their serious concerns about sophisticated, targeted theft of confidential business information and proprietary technologies through cyber intrusions emanating from China on an unprecedented scale.”

The decision by the administration to publicly and explicitly criticize China from the highest levels for its state-sponsored cyber industrial espionage program comes at the end of a long trail of numerous government, congressional, and think tank reports that have documented and measured China’s massive and growing investment in its cyber espionage infrastructure and organization and noted that this activity targets private industry in the US as well as government agencies. This new approach comes in the wake of an explosive report, released in February by the highly respected cyber security firm Mandiant, which accused the Chinese People’s Liberation Army (PLA) of funding and orchestrating an extensive program of cyber espionage and theft against American firms.

The Mandiant report estimated that there were more than twenty “advanced persistent threat” (APT) groups operating from China with the government’s support and funding. It designated one of these groups as APT1, describing it as “one of the most prolific cyber espionage groups in terms of sheer quantity of information stolen” and asserting that APT1 alone has stolen hundreds of data terabytes from at least one hundred and forty-one mostly private firms spread across twenty industries. Two of APT1’s four large networks are located in a PLA compound in Shanghai’s Pudong New Area. Given that the compound is host to the PLA’s Unit 61398, whose mission is to engage in “harmful computer operations,” including obtaining commercially valuable data from foreign enterprises, the report reasonably concludes that APT1 is virtually indistinguishable from Unit 61398. This unit reports to the PLA General Staff Department, which, in turn, reports directly to the Central Military Commission—the country’s top military decision-making body, chaired by President Xi himself. If the report is accurate, it can be safely assumed that China’s top civilian leaders in the Standing Committee of the Politburo are well aware of Unit 61398’s activities—and of APT1’s as well.

Read On

Gordon G. Chang's picture
Around Asia
Follow weekly commentary in Gordon G. Chang's World Affairs blog.

The Mandiant report concludes that the material stolen from US industry includes electronic data on product development and use, test results, system designs and product manuals, manufacturing procedures, business and strategy plans, negotiation and pricing strategies, and details of joint ventures and collaboration with other entities. Minutes of board and executive meetings and the e-mail content of senior employees have also been targeted.


Chinese denials of engaging in such activity are no longer taken seriously. And businesses that once regarded the constant threat of intrusion and theft as the cost of doing business in China now believe, as the Chinese assault intensifies, that a threshold has been crossed. In his opening statement in the October 4, 2011, US House Intelligence Committee hearing on cyber threats, Chairman Mike Rogers commented on corporate America’s growing impatience:

You don’t have to look far these days to find a press report about another firm, like Google, whose networks have been penetrated by Chinese cyber espionage and have lost valuable corporate intellectual property. And that’s just the tip of the iceberg. There are more companies that have been hit that won’t talk about it in the press, for fear of provoking further Chinese attacks. When you talk to these companies behind closed doors, however, they describe attacks that originate in China, and have a level of sophistication and are clearly supported by a level of resources that can only be a nation-state entity. Attributing this espionage isn’t easy, but talk to any private sector cyber analyst, and they will tell you there is little doubt that this is a massive campaign being conducted by the Chinese government.

Estimates by American industry and intelligence agencies put the value of the stolen data in the hundreds of billions of dollars. Washington’s National Counterintelligence Executive flatly stated in a November 2011 report that China is “building its economy” on “US technology, research, and development, and other sensitive forms of intellectual property.”

While the commercial payoffs are readily apparent, China’s cyber espionage program is not without risks. After all, Beijing doesn’t merely seek wealth and power but prestige and influence as well, and a reputation as a cyber outlaw is not the best path to the high level of international legitimacy the regime desperately seeks. And as it becomes more tightly integrated into an interdependent global economy, and the international norms and bodies that regulate and govern it, China is increasingly vulnerable to legal pressures and sanctions, as well as stigmatization by its competitors in the international community.

The Chinese leadership has persisted in its cyber espionage, despite these hazards, because it believes that these activities are essential to the innovation-based economy it sees as its national future. In its twelfth five-year plan (2011–15), the government committed itself to ensuring that the country’s massive state-owned enterprises (SOEs) would continue to dominate key sectors of its economy—perhaps no surprise given that many of China’s unelected leaders and their families personally own large shares of these companies. The five-year plan also identified the country’s key “strategic sectors” on which its future growth, prosperity, and economic strength would hinge: technology, aerospace, telecommunications, energy, transportation, engineering services, and high-tech electronics. These are the same sectors that China’s cyber espionage has targeted.


China’s latest five-year plan incorporated the goals of a previously issued report, the “National Medium- to Long-Term Plan for the Development of Science and Technology.” This 2006 “techno-nationalist” plan called for 2.5 percent of GDP to be allocated to R&D with the goal of reducing China’s dependence on foreign technologies by half by 2020, leading the country to emerge as the world’s dominant innovation leader by mid-century.

China’s state-owned enterprises are viewed as central to achieving this national goal and have been accordingly given lavish access to cheap and often free capital to fund innovation investment. These SOEs, some managed nationally and some locally, own more than two-thirds of the country’s capital and fixed assets, and invest more in the country’s twelve largest economic sectors (with the exception of export manufacturing) than do privately owned businesses. The government places special emphasis on those SOEs that operate in the specially designated “strategic sectors” considered vital to the country’s future global leadership. They include energy and alternative fuel, bio- and nano-technology, high-end and advanced manufacturing, advanced materials such as rare earth metals, and information technology and emerging technologies. In December 2010, Beijing announced that it was prepared to set aside $1.5 trillion mainly for SOEs to invest in these sectors.

The SOEs receive more than three-quarters of all China’s formal financing (i.e., bank loans), usually at below-market interest rates, although they generate only about one-third of national output, according to Minxin Pei, a leading political economist focused on China. Of the nearly fifteen hundred firms listed on China’s two stock exchanges, all but fifty or so are either majority-owned by the state or count the state as the largest and dominant shareholder.

SOEs generate nearly eighty-three percent of the combined revenues and own more than ninety percent of combined assets of the country’s leading five hundred firms. Indeed, the three largest SOEs in China—Sinopec, PetroChina, and National Grid—make more profit than the combined profits of the five hundred largest private firms in the country, according to 2012 figures released by China’s State-owned Assets Supervision and Administration Commission and the National Bureau of Statistics.

Yet although some giants such as Sinopec and China Mobile pile up enormous profits each year, as a whole China’s SOEs perform poorly even with their monopolistic advantages, gargantuan size, and the state support and leverage that accompanies it.

As a whole, China’s locally managed SOEs appear to be the most abysmal performers. According to my analysis of multiple case studies, reinforced by other studies and estimates, about twenty percent of all Chinese SOEs were unprofitable in 1978. Twenty years later, in 1997, the number of unprofitable locally controlled SEOs had doubled. And today, nearly another twenty years later, the number of unprofitable SEOs is more than fifty percent. The 2012 World Bank report China 2030, which looks at structural problems with the Chinese growth model, estimated that the amount of capital input needed to produce one additional dollar of output increased from 2:1 in the 1980s, to 3:1 in the 1990s, to 4:1 early this century, and finally, to the current estimate of 7:1.

Multiple case studies have shown that domestic private sector firms are about twice as efficient in their use of capital, and are three times more efficient than SOEs at generating jobs based on the amount of capital deployed per job. China’s private firms, not the state conglomerates, hold sixty-five percent of all China’s patents and are responsible for three-quarters of the country’s commercialized technological innovations. But while these private firms bring eighty percent of all new domestic products to market, China’s capacity for wholly indigenous innovation remains stifled as a result of domestic anti-competitive practices in favor of SOEs, which continue to dominate the economy despite their poor performance.

One key reason for this disparity is that the typical SOE manager is selected less for his business savvy than for political connections and credentials. Almost all of the SOE senior managers in the centrally managed enterprises are Communist Party members, and in many cases the CEO and party secretary within the company is the same person.

A July 2012 report by McKinsey and Company, one of the world’s leading management consulting firms, notes that the average profit margin of the forty-two Chinese SOEs listed among the Fortune 500’s top international companies was less than half that of their global competitors—this after the government infused them with “massive state subsidies.” Xu Haoxun, McKinsey’s China country director, believes that without the benefit of state subsidies and protections only a handful of these forty-two Chinese SOEs would be authentically competitive.

But now, with China’s labor and production costs rising, the country’s SOE managers are under mounting pressure to increase profit margins. Meeting the five-year plan’s goal to increase profitability and market share—something Xu Haoxun believes is “key to the survival of Chinese enterprises”—means an increased reliance on cyber espionage, no matter the problems with the US and the rest of the West that this initiative may cause.


Stealing information from foreign firms, whether they are located inside China or on foreign soil, is certainly a cheaper and faster way to remedy innovation deficits than to do the hard work of indigenous development Chinese planners identified as a key objective in the 2006 “Plan for the Development.” In its relentless drive to skip steps, Beijing seems not yet to have realized—or been made to realize—that the loss of reputation that comes with being a serial economic rule-breaker carries considerable political and diplomatic risks, chief among them a growing unwillingness of foreign firms to share advanced technologies and processes with Chinese joint venture partners.

Cyber espionage is necessary because China has become stuck between the rock of its lofty goals and the hard place of its modest achievement. Burdened by statism and the anti-competitive practices that breed its gnawing inefficiency, China’s state-owned enterprises cannot innovate at the level and pace that will produce self-sufficiency, much less global leader status. Its private sector, which might actually rock the cradle of innovation, is stifled by an unlevel playing field and stunted by the legal system’s failure to protect intellectual property rights and the judiciary’s refusal to robustly enforce contract law.

This toxic atmosphere is causing those foreign firms with advanced technologies and processes to think twice about basing operations in a China whose communist leaders are mired in zero-sum thinking that says increased market share for foreign firms can only come at the expense of SOEs. While China’s record of genuine innovation remains poor for an economy of its size, it continues to focus on what some experts have termed “engineering-based” and “incremental” innovation. As Professor Dan Breznitz of Georgia Tech puts it, China is looking for a shortcut that does not require “dedication to originality and the large commitment to . . . unique, first-time products.” The aim is to master the art of second-generation innovation, using established technologies to come up with new solutions, give every support to SOEs to bring these technologies to the domestic market before foreign firms can, and then use these foundations to expand into global markets. It is what some experts such as Robert Atkinson, president of the Information Technology and Innovation Foundation, call “innovation mercantilism.”

China’s “national champions” in the state-owned enterprises need to out-perform international commercial rivals to grow their revenues in domestic and foreign markets. Since they appear unable to do this on their own, they use data theft to win the game.

John Lee is the Michael Hintze Fellow and an adjunct professor at the Centre for International Security Studies at the University of Sydney and a nonresident scholar at the Hudson Institute.

OG Image: