Cyber Menace: Digital Spying Burdens German-Chinese Relations
Companies like defense giant EADS or steelmaker ThyssenKrupp have become the targets of hacker attacks from China. The digitial espionage is creating a problem for relations between Berlin and Beijing, but Chancellor Angela Merkel has shied away from taking firm action.
Very few companies in Europe are as strategically important as the European Aeronautic Defense and Space Company (EADS). It makes the Eurofighter jet, drones, spy satellites, and even the carrier rockets for French nuclear weapons.
Not surprisingly, the German government reacted with alarm last year when EADS managers reported that their company, which has its German administrative headquarters near Munich, was attacked by hackers. The EADS computer network contains secret design plans, aerodynamic calculations and cost estimates, as well as correspondence with the governments in Paris and Berlin. Gaining access to the documents would be like hitting the jackpot for a competitor or a foreign intelligence agency.
The company's digital firewalls have been exposed to attacks by hackers for years. But now company officials say there was "a more conspicuous" attack a few months ago, one that seemed so important to EADS managers that they chose to report it to the German government. Officially, EADS is only confirming there was a "standard attack," and insists that no harm was done.
The attack isn't just embarrassing for the company, which operates in an industry in which trust is very important. It also affects German foreign policy, because the attackers were apparently from a country that has reported spectacular growth rates for years: China.
During a visit to Guangzhou during February 2012, German Chancellor Angela Merkel praised China's success, saying it is something "that can be described as a classic win-win situation."
But the chancellor could be wrong.
For some time now, the relationship between China and the West seems to have been producing one winner and many losers. China is routinely the winner, while the losers are from Germany, France and the United States. They are global companies that are eviscerated by Chinese hackers and learn the painful lesson of how quickly sensitive information can end up in the Far East.
Berlin 's Dilemma
The relentless digital attack plunges the German government into a political dilemma. No government can stand back while another country unscrupulously tries to steal its national secrets. It has to protect the core of the government and the know-how of the national economy, sometimes with severe methods, if the diplomatic approach proves ineffective. Berlin should threaten Beijing with serious consequences, like the ones the US government announced last week.
On the other hand, the German government doesn't want to mar relations with one of its most important international partners. China has become Germany's third-largest trading partner and, from Merkel's perspective, is now much more than a large market for German goods and supplier of inexpensive products. Berlin now views the leadership in Beijing as its most important non-Western political partner.
That may explain why Merkel is addressing the Chinese problem abstractly rather than directly. During the high-level government meetings last August, she reminded the Chinese of the importance of "abiding by international rules." When she sent a representative to Beijing in November to tell senior government officials that Germany condemned the cyber espionage, it was done informally and off the record. In the end, Merkel will accept the ongoing espionage attempts as a troublesome plague that Germany simply has to put up with.
When SPIEGEL first exposed the scope of the Chinese attacks five-and-a-half years ago, then-Prime Minister Wen Jiabao asserted that his government would "take decisive steps to prevent hacker attacks."
But the problem has only gotten worse since then.
1,100 Attacks in 2012
Last year, Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution, reported close to 1,100 digital attacks on the German government by foreign intelligence agencies. Most were directed against the Chancellery, the Foreign Ministry and the Economics Ministry. In most cases, the attacks consist of emails with attachments containing a Trojan horse. Security officials noticed that the attacks were especially severe in the run-up to the G-20 summit, targeting members of the German delegation and focusing on fiscal and energy policy. The Green Party has also been targeted before.
In mid-2012, hackers attacked ThyssenKrupp with previously unheard of vehemence. The attempts to infiltrate the steel and defense group's corporate network were "massive" and of "a special quality," say company officials. Internally, the subject was treated as a top-secret issue. The hackers had apparently penetrated so deeply into the company's systems that executives felt it was necessary to notify authorities. ThyssenKrupp told SPIEGEL that the attack had occurred "locally in the United States," and that the company did not know whether and what the intruders may have copied. It did know, however, that the attacks were linked to Internet addresses in China.
Hackers have also apparently targeted pharmaceutical giant Bayer and IBM, although IBM isn't commenting on the alleged attacks. In late 2011, a German high-tech company, the global market leader in its industry, received a call from security officials, who said that they had received information from a friendly intelligence service indicating that large volumes of data had been transferred abroad.
The investigations showed that two packets of data were in fact transmitted in quick succession. The first was apparently a trial run, while the second one was a large packet containing a virtually complete set of company data: development and R&D files, as well as information about suppliers and customers. An external technology service provider had copied the data and apparently sold it to Chinese nationals.
Seventy Percent of German Companies Under Threat
"Seventy percent of all major German companies are threatened or affected" by cyber attacks, Stefan Kaller, the head of the department in charge of cyber security at the German Interior Ministry, said at the European Police Congress last week. The attacks have become so intense that the otherwise reserved German government is now openly discussing the culprits. "The overwhelming number of attacks on government agencies that are detected in Germany stem from Chinese sources," Kaller said at the meeting. But the Germans still lack definitive proof of who is behind the cyber attacks.
The hackers' tracks lead to three major Chinese cities: Beijing, Shanghai and Guangzhou. And from Germany's perspective, they point to a Unit 61398, which was identified in a report by the US cyber security company Mandiant last week.
In the dossier, which is apparently based on intelligence information, the Washington-based IT firm describes in detail how a unit of the Chinese People's Liberation Army has hacked into 141 companies worldwide since 2006. The trail, according to Mandiant, leads to an inconspicuous 12-story building in Beijing's Pudong district, home to the army's Unit 61398.
- Part 1: Digital Spying Burdens German-Chinese Relations
- Part 2: Chinese Denials
© SPIEGEL ONLINE 2013
All Rights Reserved
Reproduction only allowed with the permission of SPIEGELnet GmbH
- Gunter Glücklich für den SPIEGEL
Click on the links below for more information about DER SPIEGEL's history, how to subscribe or purchase the latest issue of the German-language edition in print or digital form or how to obtain rights to reprint SPIEGEL articles.
- Frequently Asked Questions: Everything You Need to Know about DER SPIEGEL
- Six Decades of Quality Journalism: The History of DER SPIEGEL
- A New Home in HafenCity: SPIEGEL's New Hamburg HQ
- Reprints: How To License SPIEGEL Articles