Less hacking attempts might indicate more efficient attacks
Chinese cyber aggression against the US has been prevalent since the late 90s, and, despite the Obama's and Xi Jinping's cyber pact in 2015,[1] seems like Chinese hackers are still cause of concern.
The cyber pact between the two countries tried to ensure some safeguards when it comes to international espionage and intellectual property theft. However, researchers at the Australian Strategic Policy Institute have discovered something disturbing. They claim that while the number of cyber attacks from China drastically declined in the past few years, the violation of the agreement in 2017 suggests that it might merely mean that they are becoming more sophisticated and efficient.
According to the report,[2] China set its mind that the increase in the efficiency reduces the frustration of the Western world:
China appears to have come to the conclusion that the combination of improved techniques and more focused efforts have reduced Western frustration to levels that will be tolerated. Unless the targeted states ramp up pressure and potential costs, China is likely to continue its current approach.
Therefore, the decline in the number of the attacks should not be treated lightly because it does not make an equivalent impact on the US economy.
The cyber pact between the US and China
The primary goal of the agreement was to stop the unauthorized acquisition of intellectual property between two countries and stop the knowing support of cyber-theft. It was meant to strengthen the commercial sectors of both the US and China. Additionally, the agreement also prompted both countries to fight cybercrime. What they did not agree to was the restriction of government espionage, however, because it is considered a fair play.
China made similar deals with Germany, the UK, Australia, Russia,[3] Brazil and few other countries in November 2015.
Soon after the agreement, the Chinese government arrested hackers that were connected to the Office of Personnel Management data breach which exposed sensitive information of almost 22 million US governmental employees.[4]
As a result, experts saw the general decline in Chinese cyber attacks from 2015. FireEye security firm released a report that showed the significant drop in Chinese cyber attacks on the US-based networks from 60 in February 2016 to 10 in May 2016.
China breached the agreement in 2017
While the number of attacks dropped, security experts from various firms pointed out that the severity and efficiency increased. Cybercriminals went for cloud-based services and utilized encryption to their advantage.
In 2017, security teams from PwC UK and BAE Systems claimed that Chinese hackers reach their targets through IT service providers.
Experts from Intezer Labs cybersecurity firm concluded that Chinese hackers were responsible for injecting malware into a well-known PC cleaning tool CCleaner.[5]
Symantec also pointed out in 2018 that Chinese-based hackers were targeting telecommunications companies across the US and Asia.
Industrial espionage helps China to strengthen its economy
Chinese economy drastically increased in the past decade and a half. The country has been actively investing in the research and development sectors, expanding the science, mathematics and engineering sectors in universities and modernizing its factories with top-notch technologies. The effort paid off, and China is currently one of the leading economic giants in the world.
However, the efforts were not all legitimate, as Chinese hackers were employed to steal the intellectual property of the US and other countries. The cyber espionage helped the country to become more economically competitive. The estimates of a yearly theft of the intellectual property come to $300 billion, and 50-80% of bad actors are Chinese.
While some intelligence officials believe that “US efforts did succeed in getting Beijing to acknowledge a difference between the cyber-enabled theft of IP and political-military espionage,” others are much more skeptical. They think that China never intended to stop the intellectual property hacking, and did not want to get caught doing it instead. Researchers from the Australian Strategic Policy Institute concluded:
Bringing the hacking more in line with what it believes the National Security Agency conducts—a smaller number of hacks that nevertheless give the US large-scale access to Chinese assets—has, in Beijing’s view, resolved the issue. This isn’t the resolution the US hoped for when it first announced the September 2015 agreement, but it may be the one it has to live with now.
Alice Woods is a security expert who specializes in cyber threat investigation and analysis. Her mission on Ugetfix - to share the knowledge and help users to protect their computers from malicious programs.
- ^ John W. Rollins. U.S.–China Cyber Agreement. FAS, Federation of American Scientists.
- ^ Dr Adam Segal. Hacking for ca$h. ASPI. Australian Strategic Policy Institute.
- ^ John Leyden. Russia and China seal cyber non-hack pact. The Register. Biting the hand that feeds IT.
- ^ Julie Hirschfeld Davis. Hacking of Government Computers Exposed 21.5 Million People. The New York Times. US magazine.
- ^ Olivia Morelli . CCleaner 5.33 virus. How to remove? (Uninstall guide). 2-spyware. Cybersecurity news and articles.
