My First-hand Experience with China's Most Successful Technology Transfer Campaign (better than hacking)

There's no doubt that China is on an aggressive technology acquisition track and has been for 20+ years. Way too much emphasis has been placed on the vacuuming of data from U.S. companies through targeted attacks (otherwise known by the marketing buzzword "APT"). That's actually a terribly inefficient way to conduct the scale of tech transfer that China needs and a lot of the data that gets scooped up has low value, which is partly why I believe that hacker groups from many different countries (including China) are the main instigators behind those attacks rather than the PLA or a Foreign Intelligence Service. Small scale hacker groups are like burglars breaking into peoples' houses. They take as much as they can carry and then try to fence the goods for whatever they can get.

The Chinese government has crafted a much more elegant, legal, and precise way to obtain the exact type of technology that they need. They offer tax incentives and access to the biggest market in the world to U.S. companies who open their Research and Development centers in China. To date, over 1200 companies have taken China up on that offer including Boeing, Microsoft, Dell, Cisco, Intel, GE and many, many more. Part of the deal is that these U.S. companies must hire a percentage of Chinese engineers, who stay for a year or two; learn everything they can about the technology of interest, and then leave to work for a Chinese national champion firm or state-owned enterprise.

Here's a recap of my own first-hand experience with this process. As I've mentioned before, Taia Global has a product in development called Chimera. We are building the world's first and largest commercial database of adversary states' research and development priorities, focusing on technologies that are U.S. export-controlled. These represent the creme de la creme of targets for acts of industrial and cyber espionage. I've been searching for a data scientist with a background in document-matching. Being an ex-Microsoft employee, I started with the Microsoft Research website and learned that almost all of the researchers working on NLP and Search topics are at Microsoft Asia (in Beijing). I identified a couple of researchers in the precise field that I was looking for and sent email introductions to both. It turned out that both had left Microsoft Research and went to work for Huawei's internal R&D lab.

The U.S. government fueled by testimony from InfoSec industry experts can complain about Spear Phishing, APT, and Chinese hackers day-in and day-out but that won't begin to address the much more serious problem of how so many top U.S. firms willingly give their intellectual property away for the promise of cheap research costs and lucrative access to a massive Chinese market. What complaining about the Chinese government hacking U.S. corporations will do is keep the conversation in a politically advantageous zone and away from the political minefield that represents US companies exporting their R&D overseas. If you're looking to blame someone for the estimated $300 billion in IP loss that the U.S. suffered last year, start by taking a hard, honest look at what U.S. companies are willing to risk in order to do business in China.


"China Operates the World's Most Successful Honey Pot"


  1. A wonderfully articulate piece. I really enjoyed taking a different stand on the APT. So much focus is on the PLA this and China government that, does no one think that vacuuming up information is one thing; able to get the right information, translate it accordingly, and see if its any value is very time consuming. We are told that China just doesn't target the U.S. but many other countries as well. That means China must have specific language expertise in specific fields (engineering, manufacturing, science R & D). People generally just shrug off that little fact. You hit the nail on the head - what's the risk businesses are willing to put up with doing business in China? That's the main point that needs to be addressed.


Post a Comment