Hit by Chinese Hackers Seeking Industrial Secrets, German Manufacturers Play Defense

A wave of attacks by Chinese hackers on Germany's cutting-edge manufacturers is raising alarm in Berlin and prompting the government to step in to defend the country's competitive edge.

The small and midsize companies that make Germany an export powerhouse have landed in the crosshairs of foreign hackers attracted to the firms' valuable but often poorly protected intellectual property, German intelligence officials warn.

Some 65% of German manufacturing and technology firms were hit by cyberattacks in 2016, compared with 62% in the U.S. and 50% in the U.K., according to insurer Hiscox Ltd. Germany's BfV domestic intelligence agency estimates German firms lost EUR55 billion euros ($65.3 billion) to espionage, sabotage and data theft last year, up from EUR51 billion in 2015.

Spooked by the losses, the German government is now moving to shield companies from state-backed hackers and criminal gangs, offering to pay to harden the defenses of Germany's most vulnerable firms. Industry groups are also reaching out to members about the threat.

"The German economy is the focus of industrial espionage," Hans-Georg Maassen, head of Germany's domestic intelligence agency, said in July. "Attacks have increased over the last two years."

Two years ago, the U.S. and China signed an agreement not to support hacking aimed at industrial espionage. But despite high-level talks, German officials have yet to secure a similar deal. The G-20, which includes China and Germany, announced a pact against commercial cyberespionage in 2015.

In June 2016, a delegation led by German Chancellor Angela Merkel flew to Beijing for talks on the matter. While Chinese officials led by Premier Li Keqiang told Ms. Merkel that Beijing would protect German firms' intellectual property in China, they didn't agree to stop hacking.

As Chinese attacks on U.S. companies have eased, Germany has become a bigger target, according to Nigel Inkster, senior adviser to the International Institute for Strategic Studies in London.

In a faxed statement, China's Ministry of Foreign Affairs said it was unaware of the German allegations but reiterated Beijing's official position that it "resolutely opposes" cyberhacking in every form.

"If the relevant parties have definitive evidence of hacking attacks, they can provide it to the Chinese side and we will handle it according to the law," the statement said. It added that, "baseless accusations and speculation are not only unprofessional, they also do nothing to solve the problem."

German firms lead the world in advanced-manufacturing patents, with 3,917 filed last year versus 1,410 by U.S. and 860 by Japanese companies, according to the World Intellectual Property Organization. The world's third-largest exporter spends 2.9% of gross domestic product on research and development, a higher percentage than the U.S. and the U.K do, according to the most recent figures from the Organization for Economic Cooperation and Development.

Large multinationals can afford to protect their property. Not so the more than 3.5 million small and midsize businesses -- known collectively as the Mittelstand -- that produce more than half of Germany's economic output and sell the tools, parts and components that power factories around the world, experts say.

"The ignorance at smaller firms is extreme," Alexander Dörsam, head of IT security at computer-security firm Antago GmbH said. "The founders of the company are often its leaders. They are older and don't understand the technology."

China has long fed its voracious appetite for German technology via Chinese regulations and directives that force foreign investors to share knowledge with local partners and by acquiring German businesses. But China's spy agencies have also joined the hunt, counterintelligence officials here say.

Deutsche Telekom AG, Germany's largest telecommunications company, said it detected 30,150 cyberattacks from China so far in this month, with Russia the second-largest source at 7,661 attacks.

Chinese state-backed hacking of Western companies is conducted by the cyberwarfare units of the People's Liberation Army or China's Ministry of State Security intelligence agency, according to Western intelligence agencies and security firms.

Chinese companies used to be able to direct the PLA or MSS to hack into Western competitors, according to James Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies in Washington. After Beijing cracked down on businesses using intelligence resources, companies can still put in a request for a target to be hacked but no longer can assign tasks to the teams directly, Mr. Lewis said.

Germany's domestic intelligence agency said in May it had evidence the APT-10 Chinese hacker group -- also known as Menupass Team and Stone Panda -- was behind a recent hacking campaign against German high-tech firms.

APT-10 has been active since 2009 when it started hacking U.S. military research institutions and companies, according to an April report by BAE Systems PLC and consulting firm PWC in collaboration with Britain's GCHQ intelligence agency. APT-10 has significant financial and human resources and was active during Chinese working hours, according to the report.

Intelligence officials in the South-German state of Baden-Württemberg in March said hackers likely controlled by Chinese intelligence had penetrated in 2016 the systems of a Mittelstand manufacturer -- a leading manufacturer in its field -- injecting software to steal blueprints and other data.

Deepening economic ties between China and Germany makes Berlin wary of confronting Beijing over the attacks, according to Nadège Rolland, a senior China analyst at the National Bureau of Asian Research in Washington. Exports to China, one of the fastest-growing markets for German goods, hit $76 billion in 2016.

A spokesman for Germany's foreign ministry said Berlin often raises the issues of cyberattacks and intellectual property with Beijing.

Berlin offers to cover some of the cost of shielding Mittelstand firms from cyberattacks. The economics ministry now pays for consultants to visit smaller firms and plot countermeasures.

Some German Mittelstand firms have been reluctant to invest in protection, the cost of which can exceed EUR100,000 a year for a 1,000-person firm, according to Armin Harbrecht of computer-security company Aramido GmbH.

Almost 90% of Germany's Mittelstand firms have turnover of less than EUR1 million, according to the KfW bank, making cyber protection expensive.

Germany's chambers of commerce have sounded the alarm on hacking too, organizing cybersecurity education seminars for companies. German insurers have started offering coverage.

"Company leaders in Germany have slowly woken up," said Claudia Philipp, cyberdefense expert at security firm Atarax GmbH.

Josh Chin contributed to this article.

Write to William Wilkes at william.wilkes@wsj.com

(END) Dow Jones Newswires

September 23, 2017 07:14 ET (11:14 GMT)