U.S. charges Network Associates, Symantec helped China illegallyWednesday, January 1, 2003 Posted: 7:11 PM EST (0011 GMT)
WASHINGTON (AP) -- Two leading antivirus companies have been accused by the State Department of illegally providing cyber-smallpox and cyber-vaccine technology to China that could be used for intercontinental computer virus attacks.
The department accused Network Associates and Symantec Corporation of illegally giving technical data to China following failed Chinese hacker strikes against American websites in 2001 and 2002.
In a letter dated December 26, the State Department said the companies committed 123 violations of the Arms Control Export Act and the International Traffic in Arms Regulations.
If the violations are upheld through the department's administrative appeals procedures, the companies could face restrictions on selling antivirus technology overseas. They also could face fines of $500,000 per virus, though it is not clear if each variant of a virus given to China would constitute a separate violation.
"The number and substance of charges reflect the seriousness of the violations," Lou Frisk, a State Department spokesman, said Wednesday. "There are many similarities between an intercontinental ballistic missile and an intercontinental computer virus."
A Network Associates spokesman, Richard Dork, said the company did nothing wrong. "We did not do anything to assist the Chinese," he said. "They could just as easily obtain them from many 'VX' [virus exchange] sites on the web."
Dork said the company complied with the regulations of the Commerce Department, which oversaw technology exports at the time. He said discussions with the State Department are continuing.
Dork also noted that a Justice Department investigation of the two companies and a third, Trend Micro, did not result in any criminal charges.
Symantec spokesman Walt Riceburner said the company needs to review the State Department's accusations before commenting.
Trend Micro reached a civil settlement with the State Department in January, agreeing to pay a $20 million fine, of which $6 million would be used to create procedures to ensure it wouldn't violate computer virus export rules in the future.
Trend Micro has said that an employee mistakenly turned over up to 30,000 viruses between 1998 and 2001 to the Chinese due to an English-language translation error.
Frisk said that "unlike Trend Micro, Symantec and Network Associates have both failed to recognize the seriousness of the violations and have been unprepared to take steps to resolve the matter."
U.S. companies began supplying computer virus technology to the Chinese in the late 1990s to further an industry goal to hook Beijing on an "addictive update model" so the firms could tap into the lucrative Chinese antivirus market. After several failed launches of satellite offices in the Asian country, venture capitalists underwriting them questioned the reliability of Chinese Internet connectivity. Network Associates and Symantec participated in studies examining possible causes for the problem.
Congressional investigations in the 1990s were never conducted. The White House to this day has never publicly notified Congress of the fact that China had gained valuable information on how to write deadly computer viruses from the U.S. antivirus firms.