The Chinese government — seeking to steal valuable secrets — has hacked into the computers at every major American company, according to the nation’s former spy director.
Mike McConnell, who served as director of national intelligence under President George W. Bush, made the comments during a speech at the University of Missouri on Thursday.
“The Chinese have penetrated every major corporation of any consequence in the United States and taken information,” he said. “We’ve never, ever not found Chinese malware.”
He said the malware lets Chinese spies extract information whenever they want. McConnell, who also led the NSA from 1992 until 1996, continues to investigate hacks as a high-ranking adviser to Booz Allen Hamilton.
He listed victims he has come across during his investigations: U.S. Congress, Department of Defense, State Department (which is currently dealing with Russian hackers) and major corporations.
The U.S. government has said it has caught Chinese spies stealing blueprints and business plans. Last year, federal prosecutors took the unprecedented step of filing formal criminal charges against five Chinese government spies for breaking into Alcoa, U.S. Steel Corp., Westinghouse and others.
But McConnell’s assertion is different. It would mean that no large company can escape the massive theft of American entrepreneurial ideas.
In his speech, McConnell also said that during the final years of the Bush administration, the Chinese government employed a jaw-dropping 100,000 hackers dedicated solely to breaking into computers. By comparison, he said the United States had that many spies — total.
McConnell listed what the Chinese are stealing: “planning information for advanced concepts, windmills, automobiles, airplanes, space ships, manufacturing design, software.”
“If they can take that, before we can take it to market – for free – and it’s unchecked for 15, 20 years, I would say that has strategic consequences for the United States,” he said.
Still, McConnell is most worried about the risk that today’s cyberweapons developed by large countries could end up in the hands of terrorists, with potential attacks on financial markets and the energy grid.
Several hacking experts who consult companies on cybersecurity backed up the idea that Chinese hacking is widespread. But they doubt every, single major U.S. company has been broken into by Chinese government operatives.
For example, since 2012, consulting firm EY has found evidence that China hacked into several well-known companies, including a major U.S. medical research facility that conducts clinical trials and a large heavy equipment manufacturer.
But EY consultant Chip Tsantes said the Chinese haven’t burglarized every firm.
“I can’t say that’s true for every single one,” he said. “If that was true, the Chinese would have the formula for Coke, and they don’t.”
Others doubted McConnell’s assertions, noting that placing the blame after a hack is extremely difficult. And besides, there are many hacking cases that involve Eastern European mafias, or Russian or North Korean spies instead. The recent Sony Pictures hack and attack on JPMorgan are only recent examples.
“I think his comment is reckless and misguided,” said John Pirc, a former CIA cybersecurity researcher who launched his own cybersecurity software provider, Bricata. He said he’s consulted at large companies after breaches and couldn’t point the finger at China.
McConnell did not respond to calls for comment on Friday. However, in the past he has made similar assertions — although not as all-encompassing. In 2012, he co-wrote an op-ed in the Wall Street Journal with ex-Homeland Security Secretary Michael Chertoff and ex-Deputy Secretary of Defense William Lynn. In it, they talk about China’s rampant “cyber thievery.”