Regardless of what you think of ex-intelligence agent Edward Snowden’s reasons for making public a trove of U.S. national data, you have to agree it’s somewhat ironic that the first country he fled to was China (Hong Kong).

Why? According to a major report on data breaches China is the lead offender when it comes to spying, stealing, and co-opting other countries’ and businesses data, products, inventions and more.

The “2013 Data Breach Investigations Report,” conducted by telecommunications giant Verizon, says things have gotten so bad that much of the “security community has adopted an ‘assume you’re breached’ mentality.” [1]

Billion Records Compromised

The report lays out a whole list of security issues facing the global community. These range from your regular run-of-the-mill hacker to very specialized, state-sponsored attacks. In the nine years Verizon and its partners have been conducting these security assessments, they have uncovered “more than 1.1 billion compromised records.”

And who does the report say is the biggest perpetrator of these cyber crimes? China, or as the report states, “state-affiliated actors tied to China are the biggest mover in 2012. Their efforts to steal IP comprise about one-fifth of all breaches in this dataset.”

The worst thing about the massive effort conducted by Chinese computer geeks – official and unofficial – is that the U.S. and other countries make it so easy for the Chinese to do what they do. At a 2013 hearing conducted by the U.S. House Energy and Commerce Oversight Subcommittee, James A. Lewis, a senior fellow and program director at the Center for Strategic and International Studies, testified that the Chinese don’t “need super cyber warriors. They need a guy in a t-shirt to overcome the truly feeble defenses” [they encounter]. He says many U.S. companies are inept when it comes to cyber security. And the Chinese are taking full advantage of the situation. Larry M. Wortzel, a commissioner on the congressional U.S. – China Economic and Security Review Commission also testified that, in “my experience with China they will steal and reverse engineer anything they can get their hands on.”

How weak are the defenses employed by U.S. and western countries? The Verizon report says that 76 percent of computer breaches occur because the criminal exploits weak or stolen credentials (such as from employees), 52 percent comes from some sort of hacking, 40 percent comes from malware, 35 percent are due to physical attacks on systems, and 13 percent come from misuse and abuse of privileges assigned to people who work in a company or in a governmental entity.

Not Only China

Foreign sources of cyber crimeCredit: Verizon

While China is the main culprit in the world of cyber crime, other countries are very busy as well. The Verizon report details the top 10 “actors” in terms of bad activity (they may or may not be criminal, but they do present security problems and are often financial or espionage related) by foreign countries. Leading the pack is China with 30 percent of the reported problems. China is followed by Romania (28%), the U.S. (18% - think of organized crime and the like), Bulgaria (7%), Russia (5%) and several other countries to lesser degrees.

What To Do?

The extent and continuing nature of cyber crimes is daunting, the Verizon report suggests several actions that can and should be taken. Among them are: doing away with unnecessary data (stuff that sits on networks for years but is rarely checked, deleted, or placed in a more secure location), invest in strong security programs (but no program is safe if it’s not regularly checked and updated), share information (not your business plans, but evidence of cyber crime activity and the like) with law enforcement and with others in your business community, and remember that there is no perfect system of security – everything needs customization and appropriate attention to changes in security driven by the crooks that keep changing their tactics to get by anything you do to counter them.


1. “2013 Data Breach Investigations Report” -