Nine months after US President Barack Obama and Chinese President Xi Jinping (習近平) agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets.
However, the study, conducted by the iSight intelligence unit of FireEye, also concluded that the drop-off began a year before Obama and Xi announced their accord in the White House Rose Garden.
In a conclusion that is largely echoed by US intelligence officials, the study said the change is part of Xi’s broad effort to bring the People’s Liberation Army (PLA), which is considered one of the main sponsors of the attacks, further under his control.
As a result, the same political forces that may be alleviating the theft of data from US companies are also responsible for Xi’s stunningly swift crackdown on the Chinese media, bloggers and others who could challenge the Chinese Communist Party.
“It’s a mixed bag,” said Kevin Mandia, founder of Mandiant, now part of FireEye, which first detailed the activities of a PLA cyberarm, called Unit 61398, that had been responsible for some of the most highly publicized thefts of US technology. “We still see semiconductor companies and aerospace firms attacked.”
The daily barrage of attacks has diminished, which Mandia attributed to “public pressure” from, among others, the US Department of Justice’s decision to indict five members of the PLA unit about a year after its activities were exposed.
Today, Unit 61398 appears to be largely out of business, its hackers dispersed to other military, private and intelligence units, although many China and legal experts remain skeptical that the Chinese are deterred by US indictments, since the PLA officers are unlikely to see the inside of an US courtroom.
However, US Assistant Attorney General for National Security John Carlin said the report validated his strategy.
“The lesson is that when you figure out who has done this kind of theft, don’t fear making it public,” he said. “This is a slow process, but we are beginning to make people realize that even in cyberspace, laws and norms are applicable.”
Obama and Xi drew up their agreement narrowly. It covers intellectual property theft, but not ordinary espionage against government targets.
As recently as last week, senior US officials were in Beijing trying to flesh out the agreement between the two presidents. Participants say that among the points of discussion was how to set up a hotline through which the two nations can alert each other to malicious software they have detected in global networks.
“Treaties are not verifiable in the cyberarena,” said Joseph Nye, a Harvard professor who in recent years has turned to the problem of regulating activity in cyberspace.
Nye and Michael Chertoff, the secretary of Homeland Security during former US president George W. Bush’s administration, were among the lead authors of a report to be published yesterday by the Global Commission on Internet Governance that is to describe those norms to the UN and other groups.
The FireEye study concluded that as early as 2014, around the time of the indictment of the PLA’s officers and hackers, the Chinese government had been modifying its approach to cyberoperations.
The study of 72 Chinese hacking groups showed a sharp drop-off in the volume of attacks.
However, as recently as March, FireEye saw efforts to obtain information on US military projects by stealing access credentials to a contractor, and there has been continual theft of personal information from health care providers.
The Chinese hacking groups have also focused on non-US targets, including Russia, South Korea and Vietnam, and have sometimes aimed at targets related to the disputes over Chinese claims in the South China Sea.
The report concludes that Chinese attacks have decreased in volume, but increased in sophistication. The result is that Chinese hackers are now acting more like Russian hackers: They pick their targets more carefully, and cover their tracks.
“We see a threat that is less voluminous but more focused, calculated, and still successful in compromising corporate networks,” the report said.
However, Reuters yesterday reported that a senior Obama administration official said the US government was not yet ready to proclaim that China was fully complying with the agreement, but the new report would factor into its monitoring.
“We are still doing an assessment,” the unnamed official said.
The Chinese Ministry of Foreign Affairs, the only government department to regularly answer questions from foreign reporters on the hacking issue, said China aimed to maintain dialogue on preventing and combating cyberspying.
“We’ve expressed our principled position on many occasions,” ministry spokeswoman Hua Chunying (華春瑩) told a daily news briefing yesterday. “We oppose and crack down on commercial cyberespionage activities in all forms.”
Additional reporting by Reuters
RETHINK? The defense ministry and Navy Command Headquarters could take over the indigenous submarine project and change its production timeline, a source said Admiral Huang Shu-kuang’s (黃曙光) resignation as head of the Indigenous Submarine Program and as a member of the National Security Council could affect the production of submarines, a source said yesterday. Huang in a statement last night said he had decided to resign due to national security concerns while expressing the hope that it would put a stop to political wrangling that only undermines the advancement of the nation’s defense capabilities. Taiwan People’s Party Legislator Vivian Huang (黃珊珊) yesterday said that the admiral, her older brother, felt it was time for him to step down and that he had completed what he
Taiwan has experienced its most significant improvement in the QS World University Rankings by Subject, data provided on Sunday by international higher education analyst Quacquarelli Symonds (QS) showed. Compared with last year’s edition of the rankings, which measure academic excellence and influence, Taiwanese universities made great improvements in the H Index metric, which evaluates research productivity and its impact, with a notable 30 percent increase overall, QS said. Taiwanese universities also made notable progress in the Citations per Paper metric, which measures the impact of research, achieving a 13 percent increase. Taiwanese universities gained 10 percent in Academic Reputation, but declined 18 percent
CHINA REACTS: The patrol and reconnaissance plane ‘transited the Taiwan Strait in international airspace,’ the 7th Fleet said, while Taipei said it saw nothing unusual The US 7th Fleet yesterday said that a US Navy P-8A Poseidon flew through the Taiwan Strait, a day after US and Chinese defense heads held their first talks since November 2022 in an effort to reduce regional tensions. The patrol and reconnaissance plane “transited the Taiwan Strait in international airspace,” the 7th Fleet said in a news release. “By operating within the Taiwan Strait in accordance with international law, the United States upholds the navigational rights and freedoms of all nations.” In a separate statement, the Ministry of National Defense said that it monitored nearby waters and airspace as the aircraft
UNDER DISCUSSION: The combatant command would integrate fast attack boat and anti-ship missile groups to defend waters closest to the coastline, a source said The military could establish a new combatant command as early as 2026, which would be tasked with defending Taiwan’s territorial waters 24 nautical miles (44.4km) from the nation’s coastline, a source familiar with the matter said yesterday. The new command, which would fall under the Naval Command Headquarters, would be led by a vice admiral and integrate existing fast attack boat and anti-ship missile groups, along with the Naval Maritime Surveillance and Reconnaissance Command, said the source, who asked to remain anonymous. It could be launched by 2026, but details are being discussed and no final timetable has been announced, the source