Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

As China Hacked, U.S. Businesses Turned A Blind Eye

Top government leaders told NPR that federal agencies are years behind where they could have been if Chinese cybertheft had been openly addressed earlier.
Bill Hinton Photography
/
Getty Images
Top government leaders told NPR that federal agencies are years behind where they could have been if Chinese cybertheft had been openly addressed earlier.

Technology theft and other unfair business practices originating from China are costing the American economy more than $57 billion a year, White House officials believe, and they expect that figure to grow.

Yet an investigation by NPR and the PBS television show Frontline into why three successive administrations failed to stop cyberhacking from China found an unlikely obstacle for the government — the victims themselves.

In dozens of interviews with U.S. government and business representatives, officials involved in commerce with China said hacking and theft were an open secret for almost two decades, allowed to quietly continue because U.S. companies had too much money at stake to make waves.

Wendy Cutler, who was a veteran negotiator at the Office of the U.S. Trade Representative, says it wasn't just that U.S. businesses were hesitant to come forward in specific cases. She says businesses didn't want the trade office to take "any strong action."

"We are not as effective if we don't have the U.S. business community supporting us," she says. "Looking back on it, in retrospect, I think we probably should have been more active and more responsive. We kind of lost the big picture of what was really happening."

None of the dozens of companies or organizations that NPR reached out to that have been victims of theft or corporate espionage originating from China would go on the record.

And for its part, the Chinese government officially denied to NPR and Frontline that it has been involved in such practices.

Wendy Cutler, a former diplomat and negotiator at the Office of the U.S. Trade Representative, told NPR that U.S. businesses wouldn't let the trade office take direct action on their behalf in Chinese cybertheft cases. Here she delivers a 2015 speech at the Asia Society in Hong Kong.
Bruce Yan / South China Morning Post via Getty Images
/
South China Morning Post via Getty Images
Wendy Cutler, a former diplomat and negotiator at the Office of the U.S. Trade Representative, told NPR that U.S. businesses wouldn't let the trade office take direct action on their behalf in Chinese cybertheft cases. Here she delivers a 2015 speech at the Asia Society in Hong Kong.

But that's not what former U.S. Attorney David Hickton found. When he took over in the Western District of Pennsylvania in 2010, he says, he was inundated with calls from companies saying they suspected China might be inside their computer systems.

"I literally received an avalanche of concern and complaints from companies and organizations who said, 'We are losing our technology — drip, drip, drip,' " he says.

Hickton opened an investigation and quickly set his sights on a special unit of the Chinese military — a secretive group known as Unit 61398. Investigators were able to watch as the unit's officers, sitting in an office building in Shanghai, broke into the computer systems of American companies at night, stopped for an hour break at China's lunchtime and then continued in the Chinese afternoon.

"They were really using a large rake — think of a rake [like] you rake leaves in the fall," he says. "They were taking everything ... personal information, strategic plans, organizational charts. Then they just figured out later how they were going to use it."

But when Hickton went to the companies, eager for them to become plaintiffs, he ran into a problem. None of the companies wanted any part of it. Hickton says they had too much money on the line in China.

"What we were tone-deaf to is [that] we seemed to think we could just walk in and wave the flag of the USA," Hickton says, "and it just didn't work."

Even today, five years later, Hickton still won't name most of the companies involved — and they have never come forward.

Eventually he was able to convince five largely local companies and the steelworkers union to come forward, mostly, he says, because he grew up in Pittsburgh and went to school with a lot of the managers.

David Hickton, then the U.S. attorney for the Western District of Pennsylvania, speaks during a 2014 announcement of indictments against Chinese military hackers. With him are then-Attorney General Eric Holder (left) and John Carlin, then the assistant attorney general for national security.
Alex Wong / Getty Images
/
Getty Images
David Hickton, then the U.S. attorney for the Western District of Pennsylvania, speaks during a 2014 announcement of indictments against Chinese military hackers. With him are then-Attorney General Eric Holder (left) and John Carlin, then the assistant attorney general for national security.

"I knew these people," Hickton says. "They trusted me. ... We couldn't ask them to be patriotic at the expense of engendering a shareholder case."

But, he says, he could have included hundreds — or even thousands — more.

"We've made a terrible mistake by being so secretive about our cyberwork," he says. "We have not fairly told the people we represent what the threats are."

Government and business leaders interviewed by NPR and Frontline said individual companies were making millions of dollars in China over the past decade and a half and didn't want to hurt short-term profits by coming forward. They demanded secrecy, even in the face of outright theft.

But now the impact of that secrecy is coming to light, they say. Companies are facing hundreds of millions of dollars in future losses from the theft, and U.S. officials say they are years behind trying to tackle the problem.

Michael Wessel, commissioner on the U.S. government's U.S.-China Economic and Security Review Commission, says it wasn't supposed to be this way. U.S. officials had high hopes when China officially joined the World Trade Organization in 2001.

"There was a honeymoon period in the first six or seven years, a desire to try [to] make things work," Wessel says.

But, he says, starting around 2006, businesses began coming to him saying that China had stolen their designs or ideas or had pressured them into partnerships and taken their technology.

Just like with Hickton, Wessel says, they wouldn't come forward publicly.

"The business community wanted the administration to come in hard without anyone's fingerprints being on the reasoning behind it," he says. "They wanted the profits, but they also didn't want the possible retribution."

Wessel says that was never going to work. While nothing in the original trade agreements specifically mentions cybertheft, the U.S. could have brought criminal cases forward, enacted sanctions or opened investigations under rules set up by the World Trade Organization — if a company would let it.

Court cases and documents from recent years offer a clue into what experts believe has really been going on. The Chinese government has been accused of stealing everything from vacuum cleaner designs to solar panel technology to the blueprints of Boeing's C-17 aircraft.

Hackers from China, often with ties to the government, have been accused of breaking into gas companies, steel companies and chemical companies. Not long ago, Chinese government companies were indicted for stealing the secret chemical makeup of the color white from DuPont. China developed its J-20 fighter plane, a plane similar to Lockheed Martin's F-22 Raptor, shortly after a Chinese national was indicted for stealing technical data from Lockheed Martin, including the plans for the Raptor.

Chinese hacking made occasional headlines, but none really grabbed Americans' attention. There was one exception.

In 2010, Google went public in announcing that it had been hacked by the Chinese government. Thirty-four other American companies that were also part of the hack stayed silent. Most have kept it a secret to this day.

A man places flowers outside Google's Chinese headquarters in Beijing on Jan. 15, 2010. The tech giant's accusation that year that it had been hacked by China cast light on a problem few companies discuss: the pervasive threat from Chinese-based cybertheft.
Vincent Thian / AP
/
AP
A man places flowers outside Google's Chinese headquarters in Beijing on Jan. 15, 2010. The tech giant's accusation that year that it had been hacked by China cast light on a problem few companies discuss: the pervasive threat from Chinese-based cybertheft.

NPR tracked down 11 of the total 35 companies. All of them either did not respond to NPR's request or declined to comment.

A former top Google official who was closely involved in managing the hack told NPR that Google was "infuriated" that no other company would come forward, leaving Google to challenge China alone.

"[We] wanted to out all of the companies by name," said the official, who spoke on the condition their name not be used because they did not have permission from Google to speak about the incident. "One of the companies we called, said 'Oh, yeah, we've been tracking this for months.' It was unbelievable. The legal department talked us out of it."

"We felt like we stood up and did the right thing," the former official said. "It felt like Helm's Deep, the battle from The Lord of the Rings in which you're impossibly surrounded and severely outnumbered."

They just all hid under a rock and pretended it didn't happen.

James McGregor, a former chairman of the American Chamber of Commerce in China, who was there at the time, says the companies kept even business organizations like his from speaking out.

"What they should have done is held a press conference and say, 'We 35 businesses have been hacked,' and you would have put it right back on China," says McGregor. "Instead, they just all hid under a rock and pretended it didn't happen."

McGregor says their silence left little room for punishment, and worse, he says, it hid the extent of the problem.

Across the ocean, cybersleuth Dmitri Alperovitch was sitting at his desk at a security company in Atlanta when Google called looking for backup. He says when he took a look, he was stunned.

"I knew pretty much right away this is something very different," says Alperovitch, who is co-founder of the cybersecurity firm CrowdStrike. "For the first time we were facing a nation-state and intelligence service that was breaking into companies — not governments, not militaries, but private sector organizations."

But, he says, U.S. government officials were nowhere to be seen.

"They did not even publicly concur with the attributions that Google had made at the time," he says.

Dmitri Alperovitch, co-founder of the cybersecurity firm CrowdStrike, said he was stunned after Google announced it was hacked by China. Here he speaks during the Milken Institute Global Conference in California on May 1, 2017.
Patrick T. Fallon / Bloomberg via Getty Images
/
Bloomberg via Getty Images
Dmitri Alperovitch, co-founder of the cybersecurity firm CrowdStrike, said he was stunned after Google announced it was hacked by China. Here he speaks during the Milken Institute Global Conference in California on May 1, 2017.

Obama administration officials say they did not turn a blind eye to the Google hack or cybertheft from China.

The administration was struggling with other important priorities, such as North Korea, Iran, the economy and climate change, says Evan Medeiros, Obama's top China specialist and then a staffer at the National Security Council.

"Direct confrontation with China does not usually result in lasting solutions," Medeiros says, noting that President Obama secured an agreement with Chinese President Xi Jinping to halt the attacks and put together a regional trade agreement — the Trans-Pacific Partnership — to add pressure.

But neither measure lasted.

"Hindsight is always 20/20," he says. "I wish that we had spent more time ... finding creative ways to punish them for creating a nonlevel playing field."

Without those punishments, the attacks continued.

In the year after the Google hack, Alperovitch uncovered two more serious intrusions that, he says, involved thousands of American companies.

In the fall of 2011, he went to the White House to warn officials about what he had found. He sat down in the Situation Room with a half-dozen top administration leaders.

"The most surprising thing to me was the lack of surprise," Alperovitch says. "I got the distinct impression that none of this was news. When I pressed them on why they were not taking stronger action against China, their response was, 'We have a multifaceted relationship with China.' "

Chinese President Xi Jinping shakes hands with then-U.S. President Barack Obama following a news conference in Washington, D.C., on Sept. 25, 2015. During the visit, the two leaders announced an agreement to halt cyberattacks.
Pete Marovich / Bloomberg via Getty Images
/
Bloomberg via Getty Images
Chinese President Xi Jinping shakes hands with then-U.S. President Barack Obama following a news conference in Washington, D.C., on Sept. 25, 2015. During the visit, the two leaders announced an agreement to halt cyberattacks.

Alperovitch says White House officials told him that some of the same companies that were being victimized by China also wanted to continue doing business in China.

"They didn't want to take any action that would jeopardize that billions of dollars of trade we were doing at the time," he says.

Ask McGregor, the American business representative, how companies can complain about China's behavior to the U.S. government while simultaneously preventing the government from taking strong action, and his answer is blunt.

"Companies were afraid of China," he says. "American business companies' incentives are to make money."

McGregor today advises dozens of American companies in China, and he says they are confronting a new reality. China is no longer an up-and-comer — it's a true competitor and quickly closing in on America's high-tech sector. McGregor says company leaders are beginning to ask whether years of theft and hacking have given China an edge that the United States will no longer be able to stay in front of.

And U.S. government officials are asking whether federal agencies will be able to catch up on enforcement.

Top government leaders told NPR that federal agencies are years behind where they could have been if the theft had been openly addressed.

Even at the Defense Department, as late as 2014, cybertheft from China was not one of the Pentagon's top priorities.

"Our intelligence agencies were looking at the Middle East, at the Russians," says Air Force Brig. Gen. Robert Spalding, a China expert who worked for the Joint Chiefs of Staff and the National Security Council.

He says he had never given the issue of Chinese cybertheft much thought. But then, in the fall of 2014, he loaded a confidential briefing into his computer. It was case after case in which the Chinese government had stolen the product designs from almost a dozen high-tech American companies, in a couple of cases almost putting them out of business.

"It immediately changed my conception, my view of the world," he says. "I realized I did not know how the world worked."

U.S. President Donald Trump and Chinese President Xi Jinping leave an event in Beijing on Nov. 9, 2017. The Trump administration, and the Obama administration before that, have brought cybertheft concerns to the Chinese directly.
Nicolas Asfouri / AFP/Getty Images
/
AFP/Getty Images
U.S. President Donald Trump and Chinese President Xi Jinping leave an event in Beijing on Nov. 9, 2017. The Trump administration, and the Obama administration before that, have brought cybertheft concerns to the Chinese directly.

Spalding says he made it his mission to get the word out to other government agencies. But even in 2015, he says, he was met mostly with a shrug.

He says he went to the departments of Commerce and the Treasury, as well as the U.S. Trade Representative and the U.S. State Department.

"The two responses we got were, 'Oh my gosh, this is really, really bad.' And the second one is, 'That's not my job,'" Spalding says. "That was almost the universal answer we got every time we went to a senior leader. Bad problem but not my problem."

Spalding, who retired from the Air Force last year, says in the final years under Obama and now under President Trump, agencies are finally starting to take some action. The Justice Department is bringing criminal cases, the trade representative's office is investigating China's dealings and both administrations have brought concerns to the Chinese directly.

But, Spalding says, it may have come 10 years too late.

"We all missed it," he says. "We have to understand the problem and get to work on it."

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Laura Sullivan is an NPR News investigative correspondent whose work has cast a light on some of the country's most significant issues.