Monday, March 11, 2013

China Operates the World's Most Successful HoneyPot

The Chinese government has been on a focused mission to increase its technological development for many years. One of the best and most efficient ways that it has of doing this is by making it attractive for foreign high tech companies to open R&D centers in China. In 2000 there were about 100 foreign R&D labs in China. By 2007 there were 1200. Today, Shanghai alone has over 300. In fact, many of the same companies that believe that China is responsible for the vast majority of APT attacks have helpfully delivered some of their own "crown jewels" (i.e., their R&D) inside China's borders including GE, Dell, Microsoft, HP, Intel, Boeing, and EADS to name just a few:
"General Electric Co. plans to invest more than $2 billion in China in technology and financial service ventures and research, adding 1,000 jobs in a country Chief Executive Officer Jeffrey Immelt is targeting for growth. (source)"
UPDATE 30 March 2013: General Electric Co's (NYSE: GE) healthcare unit, the world's biggest maker of medical imaging machines, plans to double its production capacity in China in the years through 2015, GE Healthcare Greater China CEO Duan Xiaoyin told (source via paid subscription).
"The Chicago-based aerospace giant (Boeing) recently partnered with Commercial Aircraft Corporation of China -- or Comac -- to invest in a research project aimed at energy conservation and fuel reduction. (source)" 
 "Dell will likely spend $250 billion in China on procurement and other investments over the next 10 years as it expands in the world's No 2 personal computer (PC) market, the head of its China operations said on Tuesday. (source)"
"Intel Corp. INTC -0.63%  said Tuesday it will form a joint innovation center with Chinese internet giant Tencent Holdings Ltd. (0700.HK) that will focus on developing new mobile computing products. (source)" 
"Hewlett-Packard (HPQ.NYSE) is tapping into China's engineering talent to develop global storage and networking products, as the computer maker prepares to open a research center in Beijing, Bloomberg reported. HP's CEO Leo Apotheker said the company wants to utilize China's R&D capabilities as it seeks to boost sales in other emerging markets. (source)" 
And this is just a tiny sampling. If you're wondering why companies are so willing to open research centers in China, it's because the Chinese government is making them an offer that's hard to refuse.
  • A 50 percent R&D "super deduction" in addition to the actual expense deduction for R&D spending. So if a company spends 10 million yuan ($1.6 million; 1.26 million euros) on eligible R&D it will receive a net benefit of 1.25 million yuan (12.5 percent benefit for every eligible cost);
  • A preferential corporate income tax rate of 15 percent (the standard rate is 25 percent) for companies recognized as a High New Technology Enterprise;
  • A preferential corporate income tax rate of 15 percent for companies recognized as an Advanced Technology Service Enterprise, with qualified incomes exempt from business tax;
  • Exemption from import customs duty and value-added tax on qualified R&D equipment imported by R&D centers.
Here are the industrial sectors that qualify for the above incentives:
  • New techniques or methodologies to extract minerals from complex ore bodies.
  • Improvements to water use and irrigation technologies.
  • Development of innovative functionality and improved approaches to solving software problems.
  • Application of engineering principles, previously developed in the aerospace industry, in, for example, the automotive industry.
  • Computer-aided engineering and simulation software developed as part of a larger R&D project in any industry.
  • Development of new processes and technologies to minimize adverse environmental impacts across all industries.
  • Development of new compounds with improved therapeutic properties.
  • Development of non-destructive testing techniques to analyze material fatigue with pharmaceutical products.
  • Application of off-the-shelf software products in new and previously unproven ways.

Who Needs APT?

Basically China has successfully created the world's largest honeypot for acquiring foreign trade secrets and intellectual property. It's so successful at it that even companies who know better like GE (close ties with Mandiant), Dell (owns SecureWorks), and HP (owns McAfee Fortify) are still running R&D labs there. 

Legal Technology Transfer

Foreign companies who open offices in China hire Chinese engineers and other skilled employees who learn and work on their technologies and thenthey  take that knowledge with them when they leave to work at Chinese firms after a year or two. Additionally, these foreign companies must use China's telecommunications infrastructure for all of their communications (satellite, VoIP, landline, mobile, etc.), which means that all of their confidential communications traffic are subject to collection and monitoring under Chinese law. So while China certainly engages in other espionage-related activities, that isn't it's only means or even its best means to acquire high technology secrets. 

If Not China, Who?

There are many other nations who want the same technology that China wants but who don't have the same drawing power in terms of population density or cheap engineering labor to attract foreign R&D investment. For those countries, cyber espionage is a much more important option and one for which resources are available (i.e., indigenous hacker populations and freely available Chinese-made hacking tools). If companies really want to know who may be targeting their trade secrets, then they should demand to know how incident responders and/or Law Enforcement Organizations are distinguishing between the activities of different nation states; all of whom want to accelerate their technological development by raiding U.S. companies' networks.


  1. Isn't McAfee owned by Intel, not HP? (

  2. It is. Thanks for catching that error. I should have added Intel, in fact, and HP did acquire its own security company - Fortify.