U.S. Biopharma Firms Hit by Cyber Attacks from China
By Shannon Ellis
SHANGHAI While the presidents from the U.S. and China have met in a summit to address human rights and cyber-attack issues, it's become clear that U.S. biopharmaceutical firms have not been immune to targeted hacking out of China. These efforts may have yielded valuable data from clinical trials or drug registration applications.
Since the earliest identified cases in 2008, there has been a visible uptick in the number of hacking incidents involving biotech firms, according to Mandiant, a cyber-security consulting firm in the U.S.
The firm, the first to provide evidence of a coordinated hacking campaign by the Chinese government, said the number of hostile threats against biotech and pharmaceutical companies jumped to 4 percent of all the activity it responded to last year, up from 1 percent.
"In 80 percent of the network compromises Mandiant has observed in the biotechnology and pharmaceutical industries, the threat activity was associated with Chinese government-sponsored Advanced Persistent Threat [APT] groups," Senior Threat Analyst Laura Galante told BioWorld Today. There may be as many as 20 such groups operating in China.
Mandiant rose to prominence after it identified a specific unit of the Chinese military which it identified as APT1 as a main driver of hacking attacks and tracked the group's operations to a building in Shanghai's Pudong district.
The increased activity against biotechnology firms coincided with the inclusion of pharmaceuticals and health care as strategic growth industries in China's 12th Five Year Plan (FYP), that covers 2011-2015.
"We believe that organizations in all industries related to China's strategic priorities are potential targets of APT1's comprehensive cyber espionage campaign," Mandiant reported. "Our observations confirm that APT1 has targeted at least four of the seven strategic emerging industries."
Access to biopharma company networks would open up to the Chinese hackers drug trial information, chemical formulas and confidential data for all drugs sold in the U.S. market.
Typical attacks take the form of malware that comes in through e-mail attachments. Another approach is for hackers to infiltrate the networks of service providers and use them to attack target companies.
Chinese hackers have taken as much as 6.5 terabytes of information from a single company over a 10-month period, though it was not publically disclosed which company.
To date, however, it is difficult to say how the data have been used, and Mandiant stops short of explaining. Nor is it clear who may ultimately benefit or whether any biotechnology firms in China even state-owned ones have profited. Mandiant suggested a way has been found to commercialize the data to justify the size of the program, which likely employs hundreds of people and makes use of at least 1,000 servers, but there is no clear evidence.
"We judge that cyber espionage is one of the means employed by the PRC to meet the larger economic and social goals identified in the 12th FYP," Galante noted. "Beijing employs a variety of legitimate methods to fulfill this agenda but also uses computer network operations to steal global pharma corporations' IP. The PRC likely intends to use stolen IP to bolster its domestic pharmaceutical market."
The issue of hacking has been on the table in U.S.-China relations for several years. In November 2011, a combined report by 14 U.S. intelligence agencies named China as the main source of hacking threats in the world. The Chinese Ministry of Foreign Affairs has said on numerous occasions that it is, in fact, the real victim of U.S. attacks and that China "oppose(s) hacking attacks of any form."
China's Ministry of Foreign Affairs spokesperson, Hong Lei, said on June 4 that China and the U.S. have agreed to set up a cyber-working group under the China-U.S. Strategic Security Dialogue framework.
"China stands ready to engage in constructive dialogue with the U.S. on the issue of cyber security based on mutual respect and mutual trust," Lei said during a press conference. "Both sides have agreed to establish a cyber-working group within the framework of China-U.S. Strategic Security Dialogue. We hope that both sides could take an even-tempered and level-headed approach to the issue, build up understanding and consensus and enhance cooperation through dialogue and communication so as to jointly build a peaceful, secure, open and cooperative cyberspace."
Cyber security and IP were at the top of the agenda during meetings between President Xi Jinping and President Barack Obama in Palm Springs, Calif. last week.
Suite: 1100 | Atlanta, Georgia 30346, USA
In the U.S. and Canada: 1-800-477-6307
Outside the U.S.: 1-770-810-3144
In the U.S. and Canada: 1-800-336-4474
Outside the U.S.: 1-215-386-0100
Hours: Monday - Thursday, 8:30 am - 6:00 pm EST
Friday, 8:30am - 4:30 pm EST
Sign up for Perspectives FREE e-mail newsletter