Vast majority of global cyber-espionage emanates from China, report finds

Analyses of hundreds of documented data breaches found that hackers affiliated with the Chinese government were by far the most energetic and successful cyberspies in the world last year, according to a report to be issued Tuesday by government and industry investigators.

Although hackers with financial motives are the most common source of data breaches worldwide,China dominatedthe category of state-affiliated cyber-espionage of intellectual property, said the 2013 Data Breach Investigations Report. The report was issued by Verizon’s RISK Team and 18 partners, including officials from the United States and several foreign governments.

~ Click here for the 2013 Data Breach Investigations Report ~

Of 120 incidents of government cyber-espionage detailed in the report, 96 percent came from China; the source of the other 4 percent was unknown, it said.

“This is a pretty shocking statistic,” said Wade Baker, the managing principal for the RISK Team, which provides security consulting.

The report, issued by Verizon every year since 2008, was the first to break out government-affiliated cyber-espionage as its own category, reflecting the rising numbers of such intrusions and the increasingly sophisticated efforts to determine their origins.

“We don’t think there was a super spike in that kind of [cyber-espionage] activity,” Baker said. “It’s more about our ability to find them.”

Chinese officials have consistently denied allegations that their government is a leading source of cyber-espionage and have said that intrusions that appear to emanate from Internet addresses there actually originate elsewhere. Officials at the Chinese Embassy in Washington did not respond to a query about the report on Monday.

The conclusions of the Verizon report track closely with the findings of theNational Intelligence Estimate, a consensus document of U.S. intelligence agencies, and build on numerous other reports singling out China as uncommonly aggressive in cyberspace.

Government officials and outside experts say that several other governments, including those of Russia, Israel and France, also conduct cyber-espionage but not at the scale attempted by China.

“It’s not China alone. Dozens of other countries are involved,” said Shawn Henry, former head of cybersecurity investigations for the FBI who is president of CrowdStrike Services, a cybersecurity company.

The volume of Chinese cyber-intrusions has made identifying them easier because tactics tend to be similar among certain hacking crews, with telltale sections of code sometimes appearing across different pieces of malicious software.

The Verizon report identified 44 million compromised records from 621 confirmed data breaches in 2012, of which 19 percent were the results of government-affiliated espionage. Retail institutions were the most common victims of data breaches, with profit-minded hackers most often based in Romania, the United States, Bulgaria or Russia.

For the cyber-espionage cases, Verizon officials said they named a country only when they could definitively trace the malicious code or tactics of the attack to its origin. Having the intrusion emanate from an Internet address in China, for example, was not sufficient for an attack to be labeled as Chinese, officials said.

Chinese hackers targeted transportation, manufacturing and professional services companies of all sizes, the report said.

Ellen Nakashima contributed to this report.