Questions Remain After Chinese Hacking Indictments

While Washington’s unprecedented attempt to use US law in confronting Beijing about state-sponsored hacking by indicting five PLA officers has been praised by some, it has riled Chinese netizens and drawn unsurprising protest from Beijing. After a Foreign Ministry spokesman dismissed the charges as hypocritical, “based on fabricated facts,” and in “violation of international norms,” newly installed ambassador Max Baucus was confronted by Zheng Zeguang, China’s vice foreign minister, in what could come to define his early tenure in Beijing. Reuters reports:

Zheng “protested” the actions by the United States, saying the indictment had seriously harmed relations between both countries, the foreign ministry said in a statement on its website.

Zheng told Baucus that depending on the development of the situation, China “will take further action on the so-called charges by the United States”.

[…] “The Chinese government and military and its associated personnel have never conducted or participated in the theft of trade secrets over the Internet,” the foreign ministry quoted Zheng as telling Baucus.

Zheng told Baucus that the U.S. attitude to Internet security was “overbearing and hypocritical” and urged the United States to give China a clear explanation on reports that Washington has long spied on the Chinese government, businesses, universities and individuals.

[…] The angry reaction from Beijing is likely to be the first major test for Baucus, who arrived in Beijing in March, as he seeks to balance U.S. interests with the desire for more economic cooperation with China. [Source]

China’s Ministry of Defense has also denied any government or military involvement. Blogposts from the Wall Street Journal’s China Realtime Report provide an introduction to the five indicted officers and the infamous PLA unit to which they are allegedly linked. A report from the New York Times notes that Unit 61398, which came into the spotlight early last year, is just one of many similar Chinese cyber-regiments:

“If you look at all the groups that we track in China, this is just the very tip of the iceberg,” said George Kurtz, a co-founder of Crowdstrike, a private security firm that has been tracking the People’s Liberation Army Unit 61398 and other hacking groups in China. “The indictments are just one piece of a broader puzzle.”

Beyond Unit 61398, the National Security Agency and its intelligence partners are currently tracking more than 20 Chinese hacking groups — over half of them Chinese military and naval units — as they break into an array of American government agencies and companies, ranging from drone and nuclear weapon parts makers to technology, retail and energy firms and nonprofit research organizations, according to a half-dozen United States officials who declined to be named because of the classified and ongoing nature of the investigations.

Security officials said that the indictments were intended to push China to get serious about reining in various P.L.A. hacking units and that they have been in the works for two years. One of the major challenges, officials said, was persuading the victim corporations — which feared a loss of sales in China or state retaliation — to come forward. […] [Source]

According to Reuters, US tech firms may indeed see losses in sales, but that those losses pale in comparison to the cost of compromised intellectual property:

American technology companies appear most likely to feel any backlash that could come from China after the U.S. government charged five Chinese army officers with cyber spying and stealing trade secrets.

[…] Doing business in China could now get even tougher, although any retaliation may not be immediate or obvious, industry analysts and executives said.

[…] James McGregor, chairman for advisory firm APCO China, said that if American technology companies are “losing their intellectual property to cyber hacking they probably see this action as necessary and worrisome.”

Another person who works closely with U.S. technology firms said that the damage is so pervasive that no company is going to say that the U.S. government acted inappropriately. [Source]

The New York Times notes one similarity between the organizations hacked in relation to the recent indictment—each are actively protesting Chinese trade practices:

[…] All four had something in common besides data theft: Each was in the middle of pushing back against China’s trade policies by seeking help from the World Trade Organization or the Commerce Department.

A Justice Department indictment released Monday — which accuses five Chinese military personnel of the cyberattacks — reads like a chronology of most of the major trade disputes between the United States and China during the past five years. In most instances, the documents say, the American company or union that defied Beijing ended up facing extensive break-ins by Chinese military hackers, in a pattern that could discourage further trade policy challenges. […] [Source]

In what may or may not be directly related to the US indictment, the South China Morning post reports that Beijing has now banned Windows 8 from all government computersyet another obstacle to Microsoft’s business in China:

“No computer products may be installed with the Windows 8 operating system,” the Central Government Procurement Centre said in a note last Friday, after it accepted “its latest batch of electronic devices”.

However, the centre did not mention any reasons for the ban. Repeated phone calls to the office went unanswered today.

Microsoft just last month began to stop providing support for its popular Windows XP operating system, even though the Chinese still widely uses the 12-year-old system at home and in the office.

Data security is a significant issue for countries like China, in the wake of allegations that the US National Intelligence Agency had been tampering with computer parts shipments headed to other countries. [Source]

As China continues to dismiss the US charges as “groundless,” it has published data speaking to widespread US hacking attacks against Chinese systems. From China Daily:

Latest data from the National Computer Network Emergency Response Technical Team Coordination Center of China (NCNERTTCC) showed that from March 19 to May 18, a total of 2,077 Trojan horse networks or botnet servers in the US directly controlled 1.18 million host computers in China.

The NCNERTTCC found 135 host computers in the US carrying 563 phishing pages targeting Chinese websites that led to 14,000 phishing operations. In the same period, the center found 2,016 IP addresses in the US had implanted backdoors in 1,754 Chinese websites, involving 57,000 backdoor attacks.

The US attacks, infiltrates and taps Chinese networks belonging to governments, institutions, enterprises, universities and major communication backbone networks. Those activities target Chinese leaders, ordinary citizens and anyone with a mobile phone. In the meantime, the US repeatedly accuses China of spying and hacking.

China has repeatedly asked the US to stop, but it never makes any statement on its wiretaps, nor does it desist, not to mention make apology to the Chinese people. [Source]

The US indictment, which legal analysts told the Wall Street Journal appears to be consistent with international law, is based on a distinction between cyber espionage for security purposes (a practice that US government actors regularly engage in), and for economic gain. For a detailed explanation of the distinction, and Beijing’s lack of sympathy for it, see the New York Times.