Nine months after US President Barack Obama and Chinese President Xi Jinping (習近平) agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets.
However, the study, conducted by the iSight intelligence unit of FireEye, also concluded that the drop-off began a year before Obama and Xi announced their accord in the White House Rose Garden.
In a conclusion that is largely echoed by US intelligence officials, the study said the change is part of Xi’s broad effort to bring the People’s Liberation Army (PLA), which is considered one of the main sponsors of the attacks, further under his control.
As a result, the same political forces that may be alleviating the theft of data from US companies are also responsible for Xi’s stunningly swift crackdown on the Chinese media, bloggers and others who could challenge the Chinese Communist Party.
“It’s a mixed bag,” said Kevin Mandia, founder of Mandiant, now part of FireEye, which first detailed the activities of a PLA cyberarm, called Unit 61398, that had been responsible for some of the most highly publicized thefts of US technology. “We still see semiconductor companies and aerospace firms attacked.”
The daily barrage of attacks has diminished, which Mandia attributed to “public pressure” from, among others, the US Department of Justice’s decision to indict five members of the PLA unit about a year after its activities were exposed.
Today, Unit 61398 appears to be largely out of business, its hackers dispersed to other military, private and intelligence units, although many China and legal experts remain skeptical that the Chinese are deterred by US indictments, since the PLA officers are unlikely to see the inside of an US courtroom.
However, US Assistant Attorney General for National Security John Carlin said the report validated his strategy.
“The lesson is that when you figure out who has done this kind of theft, don’t fear making it public,” he said. “This is a slow process, but we are beginning to make people realize that even in cyberspace, laws and norms are applicable.”
Obama and Xi drew up their agreement narrowly. It covers intellectual property theft, but not ordinary espionage against government targets.
As recently as last week, senior US officials were in Beijing trying to flesh out the agreement between the two presidents. Participants say that among the points of discussion was how to set up a hotline through which the two nations can alert each other to malicious software they have detected in global networks.
“Treaties are not verifiable in the cyberarena,” said Joseph Nye, a Harvard professor who in recent years has turned to the problem of regulating activity in cyberspace.
Nye and Michael Chertoff, the secretary of Homeland Security during former US president George W. Bush’s administration, were among the lead authors of a report to be published yesterday by the Global Commission on Internet Governance that is to describe those norms to the UN and other groups.
The FireEye study concluded that as early as 2014, around the time of the indictment of the PLA’s officers and hackers, the Chinese government had been modifying its approach to cyberoperations.
The study of 72 Chinese hacking groups showed a sharp drop-off in the volume of attacks.
However, as recently as March, FireEye saw efforts to obtain information on US military projects by stealing access credentials to a contractor, and there has been continual theft of personal information from health care providers.
The Chinese hacking groups have also focused on non-US targets, including Russia, South Korea and Vietnam, and have sometimes aimed at targets related to the disputes over Chinese claims in the South China Sea.
The report concludes that Chinese attacks have decreased in volume, but increased in sophistication. The result is that Chinese hackers are now acting more like Russian hackers: They pick their targets more carefully, and cover their tracks.
“We see a threat that is less voluminous but more focused, calculated, and still successful in compromising corporate networks,” the report said.
However, Reuters yesterday reported that a senior Obama administration official said the US government was not yet ready to proclaim that China was fully complying with the agreement, but the new report would factor into its monitoring.
“We are still doing an assessment,” the unnamed official said.
The Chinese Ministry of Foreign Affairs, the only government department to regularly answer questions from foreign reporters on the hacking issue, said China aimed to maintain dialogue on preventing and combating cyberspying.
“We’ve expressed our principled position on many occasions,” ministry spokeswoman Hua Chunying (華春瑩) told a daily news briefing yesterday. “We oppose and crack down on commercial cyberespionage activities in all forms.”
Additional reporting by Reuters
TPP RALLY: The clashes occurred near the Chiang Kai-shek Memorial Hall on Saturday at a rally to mark the anniversary of a raid on former TPP chairman Ko Wen-je People who clashed with police at a Taiwan People’s Party (TPP) rally in Taipei on Saturday would be referred to prosecutors for investigation, said the Ministry of the Interior, which oversees the National Police Agency. Taipei police had collected evidence of obstruction of public officials and coercion by “disorderly” demonstrators, as well as contraventions of the Assembly and Parade Act (集會遊行法), the ministry said in a statement on Sunday. It added that amid the “severe pushing and jostling” by some demonstrators, eight police officers were injured, including one who was sent to hospital after losing consciousness, allegedly due to heat stroke. The Taipei
NO LIVERPOOL TRIP: Taiwan’s Lin Yu-ting, who won a gold medal in the boxing at the Paris Olympics, was embroiled in controversy about her gender at that event Taiwanese boxer Lin Yu-ting (林郁婷) will not attend this year’s World Boxing Championships in Liverpool, England, due to a lack of response regarding her sex tests from the organizer, World Boxing. The national boxing association on Monday said that it had submitted all required tests to World Boxing, but had not received a response as of Monday, the departure day for the championships. It said the decision for Lin to skip the championships was made to protect its athletes, ensuring they would not travel to the UK without a guarantee of participation. Lin, who won a gold medal in the women’s 57kg boxing
‘NOT ALONE’: A Taiwan Strait war would disrupt global trade routes, and could spark a worldwide crisis, so a powerful US presence is needed as a deterrence, a US senator said US Senator Deb Fischer on Thursday urged her colleagues in the US Congress to deepen Washington’s cooperation with Taiwan and other Indo-Pacific partners to contain the global security threat from China. Fischer and other lawmakers recently returned from an official trip to the Indo-Pacific region, where they toured US military bases in Hawaii and Guam, and visited leaders, including President William Lai (賴清德). The trip underscored the reality that the world is undergoing turmoil, and maintaining a free and open Indo-Pacific region is crucial to the security interests of the US and its partners, she said. Her visit to Taiwan demonstrated ways the
The US has revoked Taiwan Semiconductor Manufacturing Co’s (TSMC, 台積電) authorization to freely ship essential gear to its main Chinese chipmaking base, potentially curtailing its production capabilities at that older-generation facility. American officials recently informed TSMC of their decision to end the Taiwanese chipmaker’s so-called validated end user (VEU) status for its Nanjing site. The action mirrors steps the US took to revoke VEU designations for China facilities owned by Samsung Electronics Co and SK Hynix Inc. The waivers are set to expire in about four months. “TSMC has received notification from the US Government that our VEU authorization for TSMC Nanjing
RSS