Nine months after US President Barack Obama and Chinese President Xi Jinping (習近平) agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets.
However, the study, conducted by the iSight intelligence unit of FireEye, also concluded that the drop-off began a year before Obama and Xi announced their accord in the White House Rose Garden.
In a conclusion that is largely echoed by US intelligence officials, the study said the change is part of Xi’s broad effort to bring the People’s Liberation Army (PLA), which is considered one of the main sponsors of the attacks, further under his control.
As a result, the same political forces that may be alleviating the theft of data from US companies are also responsible for Xi’s stunningly swift crackdown on the Chinese media, bloggers and others who could challenge the Chinese Communist Party.
“It’s a mixed bag,” said Kevin Mandia, founder of Mandiant, now part of FireEye, which first detailed the activities of a PLA cyberarm, called Unit 61398, that had been responsible for some of the most highly publicized thefts of US technology. “We still see semiconductor companies and aerospace firms attacked.”
The daily barrage of attacks has diminished, which Mandia attributed to “public pressure” from, among others, the US Department of Justice’s decision to indict five members of the PLA unit about a year after its activities were exposed.
Today, Unit 61398 appears to be largely out of business, its hackers dispersed to other military, private and intelligence units, although many China and legal experts remain skeptical that the Chinese are deterred by US indictments, since the PLA officers are unlikely to see the inside of an US courtroom.
However, US Assistant Attorney General for National Security John Carlin said the report validated his strategy.
“The lesson is that when you figure out who has done this kind of theft, don’t fear making it public,” he said. “This is a slow process, but we are beginning to make people realize that even in cyberspace, laws and norms are applicable.”
Obama and Xi drew up their agreement narrowly. It covers intellectual property theft, but not ordinary espionage against government targets.
As recently as last week, senior US officials were in Beijing trying to flesh out the agreement between the two presidents. Participants say that among the points of discussion was how to set up a hotline through which the two nations can alert each other to malicious software they have detected in global networks.
“Treaties are not verifiable in the cyberarena,” said Joseph Nye, a Harvard professor who in recent years has turned to the problem of regulating activity in cyberspace.
Nye and Michael Chertoff, the secretary of Homeland Security during former US president George W. Bush’s administration, were among the lead authors of a report to be published yesterday by the Global Commission on Internet Governance that is to describe those norms to the UN and other groups.
The FireEye study concluded that as early as 2014, around the time of the indictment of the PLA’s officers and hackers, the Chinese government had been modifying its approach to cyberoperations.
The study of 72 Chinese hacking groups showed a sharp drop-off in the volume of attacks.
However, as recently as March, FireEye saw efforts to obtain information on US military projects by stealing access credentials to a contractor, and there has been continual theft of personal information from health care providers.
The Chinese hacking groups have also focused on non-US targets, including Russia, South Korea and Vietnam, and have sometimes aimed at targets related to the disputes over Chinese claims in the South China Sea.
The report concludes that Chinese attacks have decreased in volume, but increased in sophistication. The result is that Chinese hackers are now acting more like Russian hackers: They pick their targets more carefully, and cover their tracks.
“We see a threat that is less voluminous but more focused, calculated, and still successful in compromising corporate networks,” the report said.
However, Reuters yesterday reported that a senior Obama administration official said the US government was not yet ready to proclaim that China was fully complying with the agreement, but the new report would factor into its monitoring.
“We are still doing an assessment,” the unnamed official said.
The Chinese Ministry of Foreign Affairs, the only government department to regularly answer questions from foreign reporters on the hacking issue, said China aimed to maintain dialogue on preventing and combating cyberspying.
“We’ve expressed our principled position on many occasions,” ministry spokeswoman Hua Chunying (華春瑩) told a daily news briefing yesterday. “We oppose and crack down on commercial cyberespionage activities in all forms.”
Additional reporting by Reuters
GET TO SAFETY: Authorities were scrambling to evacuate nearly 700 people in Hualien County to prepare for overflow from a natural dam formed by a previous typhoon Typhoon Podul yesterday intensified and accelerated as it neared Taiwan, with the impact expected to be felt overnight, the Central Weather Administration (CWA) said, while the Directorate-General of Personnel Administration announced that schools and government offices in most areas of southern and eastern Taiwan would be closed today. The affected regions are Tainan, Kaohsiung and Chiayi City, and Yunlin, Chiayi, Pingtung, Hualien and Taitung counties, as well as the outlying Penghu County. As of 10pm last night, the storm was about 370km east-southeast of Taitung County, moving west-northwest at 27kph, CWA data showed. With a radius of 120km, Podul is carrying maximum sustained
President William Lai (賴清德) yesterday criticized the nuclear energy referendum scheduled for Saturday next week, saying that holding the plebiscite before the government can conduct safety evaluations is a denial of the public’s right to make informed decisions. Lai, who is also the chairman of the Democratic Progressive Party (DPP), made the comments at the party’s Central Standing Committee meeting at its headquarters in Taipei. ‘NO’ “I will go to the ballot box on Saturday next week to cast a ‘no’ vote, as we all should do,” he said as he called on the public to reject the proposition to reactivate the decommissioned
US President Donald Trump on Friday said that Chinese President Xi Jinping (習近平) told him China would not invade Taiwan while Trump is in office. Trump made the remarks in an interview with Fox News, ahead of talks with Russian President Vladimir Putin over Moscow’s invasion of Ukraine. “I will tell you, you know, you have a very similar thing with President Xi of China and Taiwan, but I don’t believe there’s any way it’s going to happen as long as I’m here. We’ll see,” Trump said during an interview on Fox News’ Special Report. “He told me: ‘I will never do
EXCEPTIONS: Some people could be allowed to reclaim citizenship for humanitarian reasons or because of their contributions to the nation, the interior ministry said Taiwan would soon unveil new rules banning Taiwanese residents of China from reclaiming their citizenship if they participated in Beijing’s propaganda activities, the Ministry of the Interior said on Monday. The measures were drafted following President William Lai’s (賴清德) March 13 directive that the government counter China’s espionage and influence campaigns aimed at undermining Taiwan’s sovereignty, the ministry said in a preview of the rules. The changes would affect Taiwanese who lost their citizenship after becoming permanent residents of China or obtaining passports issued by China, it said. Under the measures, former Taiwanese nationals living in China who had made statements denying the
RSS