Chinese Hacking Activity Down Despite Threats

According to a new study by U.S. network security company FireEye, there has been a sharp reduction in Chinese state-sponsored hacking against organizations in the U.S. and 25 other countries since 2014. The study was conducted in the wake of an anti-hacking agreement between China and the U.S. last September, in which both sides pledged against conducting or knowingly supporting cyber-enabled theft of intellectual property for commercial gain. The Washington Post’s Ellen Nakashima reports:

“The landscape we confront today is far more complex and diverse, less dominated by Chinese activity and increasingly populated by a range of other criminal and state actors,” said the report by FireEye’s iSIGHT Intelligence unit.

[…] It found that Chinese activity is markedly down overall — from more than 60 intrusions in February 2013 to a handful in April of this year. It also found that some activity has shifted away from the United States to targets in Asia, including Taiwan, India and Japan.

The shifts have coincided with ongoing political and military reforms in China, FireEye noted. Since taking power in late 2012, Chinese President Xi Jinping has worked to centralize China’s cyber operations, turning them toward support of a greater range of activity, the firm said. That redirection takes place as the U.S. military is building up its Cyber Command in support of defensive and offensive operations to benefit regional military commands as well as protect the nation.

[…] “The volume has gone down so much that at least it’s clear that there’s a higher cost to operating in cyberspace” for the Chinese, Galante said. [Source]

At The New York Times, David E. Sanger looks at the nature of the decline in Chinese activities, noting that Beijing has “already been modifying its approach to cyberoperations” since 2014, with a shift towards fewer attacks that are more focused and sophisticated.

Just how fundamentally the Chinese are changing is a matter of debate. There is some evidence, American intelligence officials say, that while the People’s Liberation Army is not stealing as much on behalf of Chinese state-owned firms, much of the hacking activity has been shifted to the intelligence agencies, which can make the case that they are stealing national security secrets, not commercial information. Often, the difference is blurry, especially when the target is, say, the design of a satellite or a ship.

Even after Mr. Obama and Mr. Xi announced their agreement last fall, American officials have said they have discovered malware in power grids, cellphone networks and other purely civilian targets. But it is unclear whether that malicious software is intended to collect information about users, shut the system down or both.

[…] The study of 72 Chinese hacking groups showed a sharp drop-off in the volume of attacks. But as recently as March, FireEye saw efforts to obtain information on American military projects by stealing access credentials to a contractor, and there has been continual theft of personal information from health care providers. The Chinese hacking groups have also focused on non-American targets, including Russia, South Korea and Vietnam, and have sometimes aimed at targets related to the disputes over Chinese claims in the South China Sea.

The report concludes that Chinese attacks have decreased in volume, but increased in sophistication. The result is that Chinese hackers are now acting more like Russian hackers: They pick their targets more carefully, and cover their tracks. [Source]

At Lawfare, Jack Goldsmith writes that the reduction in Chinese hacking springs from President Xi Jinping’s crackdown on corruption and consolidation of cyberoperations, with U.S. exposure of Chinese aiding in those efforts.

In an interview with The Wall Street Journal’s Rebecca Blumenstein, deputy commander of the U.S. Cyber Command Lt. Gen. James K. McLaughlin spoke about the continued cyberthreat posed by China.

LT. GEN. MCLAUGHLIN: There are several large countries, like Russia and China, that are very, very capable cyber actors. We look at them seriously. You talked a little bit earlier about theft of intellectual property, which has been going on for a long time. The threat of them stealing the data on our employees is also something that’s important.

But the types of threats that we worry most about today that are new are adversaries taking full control of our networks, losing control of our networks, having a hacker appear to be a trusted user.

On the military side, you can imagine the difficulty that would cause a commander, if he didn’t trust his own network or his data.

But then the Sony incidents of last year show you [the threat of] destructive cyberattacks. A keystroke, and thousands of computers, they’re broken. They no longer function. So we watch those adversaries very closely to make sure we know what they’re doing in cyberspace. [Source]

Elsewhere, Kim Zetter at Wired writes that economic interests continue to drive the vast majority of Chinese cyber-espionage activities, citing a Chinese cyberespionage campaign against a consortium in Myanmar tied to Chinese oil and gas interests as the latest example of a commercially-motivated attack. On Twitter, Kaiser Kuo writes that Sinica Podcast will be discussing cyberespionage and related issues this Friday.