Hackers from China rifled the computers of DuPont at least twice in 2009 and 2010, hunting the secrets that made the company one of the world’s most successful chemical makers.

Investors would have learnt nothing on the subject from DuPont’s regulatory filings, or from those of other companies victimised by hackers.

Documents DuPont submitted to the US Securities and Exchange Commission do not even identify hacking as a significant risk, much less reveal what two US intelligence officials later said was a successful case of industrial espionage.

It is an issue that has also raised concerns inside Australia’s biggest company, BHP Billiton, as cyber spies from China, Russia and other countries ransack computer networks of major companies.

BHP Billiton chief executive Marius Kloppers last year confirmed reports that he feared espionage from China. He was talking in February after The Age revealed secret WikiLeaks cables between Mr Kloppers and the then US consul-general in Melbourne, Michael Thurston, in which the BHP boss complained that Chinese and industry surveillance was abundant.

”One of the reasons we have pushed so hard for market-clearing prices [for iron ore and coal] is so these sorts of things aren’t a concern, because if you sell your product at the market-clearing price, which everyone can read off screen, it just minimises any impact of differential that one party or the other might hold,” Mr Kloppers had said.

He led the charge to abolish the annual benchmark pricing system for iron ore. That came after negotiations in 2009 that failed to strike a deal with China and when four Rio Tinto iron ore employees were jailed for stealing commercial secrets.

BHP declined to comment yesterday on the push by the US for disclosure of hacking incidents.
Mandiant, a US security firm that specialises in cyber-based industrial espionage, had responded to incidents at 22 Fortune 100 companies, said Richard Bejtlich, the firm’s chief security officer. Mandiant estimates that many more than 20 per cent of Fortune 500 companies experienced serious breaches or are dealing with current ones.

”It doesn’t square that billions of dollars in intellectual property is being lost and investors don’t care,” said Jacob Olcott, a former cyber-security expert for a US Senate committee.

Even victims of serious attacks are largely silent. Beginning in 2009, the networks of at least six major US and European energy companies were breached by hackers from China. The victims included Exxon Mobil, Royal Dutch Shell, ConocoPhillips and BP.

The hackers stole exploration data and computerised maps that provided confidential assessments of the quality and accessibility of oil reserves, according to Ed Skoudis, a senior security consultant with InGuardians, a firm that investigated two of the breaches.

John Roper, a spokesman for ConocoPhillips, and Alan Jeffers, a spokesman for Exxon Mobil, declined to comment.
In the past five years, cyber spies have raided pharmaceutical companies, cosmetics makers, chip fabricators and mining companies. They have stolen blueprints, manufacturing technology and chemical formulas, according to two intelligence officials, who declined to be identified.