Chinese President Xi Jinping’s state visit to the U.S. last month yielded an unexpected agreement on the contentious issue of commercial cyberespionage, apparently spurred by the threat of U.S. sanctions. The accord was non-binding, and limited in scope to “cyber-enabled theft of intellectual property […] with the intent of providing competitive advantages to companies or commercial sectors.” Nevertheless, news that several suspected hackers had already been detained in China at the U.S.’ request buoyed hopes that the deal might mark a turning point.
On Monday, U.S. security firm CrowdStrike announced that it has thwarted a steady stream of apparently commercially motivated hacking attempts from China since the agreement. It has attributed these activities to “Deep Panda,” a government-linked team previously blamed for major breaches of health insurer Anthem and the U.S. government’s Office of Personnel Management. From CrowdStrike’s Dmitri Alperovitch:
Over the last three weeks, CrowdStrike Falcon platform has detected and prevented a number of intrusions into our customers’ systems from actors we have affiliated with the Chinese government. Seven of the companies are firms in the Technology or Pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit.
[…] So does this evidence of ongoing intrusions into the commercial sector from China indicate the failure of the U.S.-China cyber agreement? That depends on what is done about it and how long the current situation persists. As George Kurtz stated on the date of the agreement, “even under the best of circumstances, industry is left to wonder how quickly China’s bold intelligence gathering apparatus might be dismantled.” The fact that there is some time delay between agreement and execution is not entirely unexpected. But, we need to know the parameters for success, and whether the parties to the agreement discussed a timeframe for implementation or, instead, expected it to be immediate.
[…] Call me an optimist, but I continue to have hope that meaningful progress can be made to turn the corner and establish norms of behavior for nation-states in cyberspace. […] [Source]
[Updated at 14:10 PDT on Oct 19, 2015: CrowdStrike’s Alperovitch stressed to Foreign Policy that “we are not stating anywhere that the Chinese are violating the agreement. It is not up to us to draw that conclusion.”]
The U.S. intelligence community is also seeing continued signs of economic cyberespionage by Chinese hackers, according to a U.S. official, who spoke on the condition of anonymity because of the matter’s sensitivity. But what it means at this point is not clear.
[…] A senior administration official said the White House is aware of CrowdStrike’s report. “We’ll decline comment on its specific conclusions,” said the official, who spoke on the condition of anonymity because of the issue’s sensitivity. “As we move forward, we will monitor China’s cyber-activities closely and press China to abide by all of its commitments.”
[…] Another threat-detection company, FireEye, also has observed activity from likely Chinese government hacker groups since Sept. 25. “But it is premature to conclude that activity during this short timeframe constitutes economic espionage,” the firm’s intelligence director, Laura Galante, said in an e-mail. “Assessing the complexity of changes in state-sanctioned economic espionage requires far more sufficient time, data and viewpoints,” she said. [Source]
Chinese Foreign Ministry spokesperson Hua Chunying offered a familiar response to CrowdStrike’s accusations at a press briefing on Monday:
Q: Hackers associated with the Chinese government have attacked at least seven US companies in the past three weeks, according to the US Cyber security firm Crowdstrike. What is China’s comment?
A: On the issue of cyber security, the Chinese side has repeatedly clarified its principled position. China is a staunch advocate for cyber security, as well as a victim of cyber attacks. The Chinese government opposes all forms of cyber attacks and commercial espionage. This position is firm. The Chinese government will neither encourage companies to carry out cyber theft for commercial secrets, nor take part in such activities. It is hoped that relevant parties can uphold the spirit of mutual respect and mutual trust, and have more dialogue and cooperation in the field of cyber security in a constructive manner. [Source]