Image 01 Image 03

Shocker: China Already Violating Cyberespionage Agreement

Shocker: China Already Violating Cyberespionage Agreement

Here we go again

According to one California-based cybersecurity firm, China is already violating its new cybersecurity agreement with the United States.

According to CrowdStrike founder Dmitri Alperovich, his firm has seen “no change in behavior” since President Obama and Chinese President Xi Jinping announced the anti-hacking deal on September 25. CrowdStrike has documented seven attacks against US-based pharmaceutical and tech companies since then, “where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national security-related intelligence collection.”

This, of course, is exactly why we signed this anti-hacking agreement to begin with. In addition to national security targets, cyberthieves most commonly target valuable intellectual property. Last month’s deal did not (pretend?) to prevent cybersyping for national security purposes; instead, it prohibited “economic espionage,” in which a hacker steals information from one company and sells it to a competitor.

More from the New York Times:

According to the CrowdStrike blog post, several of the recent attacks were the responsibility of a group it calls Deep Panda, which the company said it had tracked for many years. Deep Panda often goes after strategic national security targets, but it has also hacked companies in an array of industries, including in agriculture, finance, chemicals and technology.

Mr. Alperovitch did not write that the continued hacks were evidence that the deal had failed, though he called for the Obama administration to explain what it expected the agreement to accomplish.

“The fact that there is some time delay between agreement and execution is not entirely unexpected,” Mr. Alperovitch wrote. “But we need to know the parameters for success, and whether the parties to the agreement discussed a time frame for implementation, or, instead, expected it to be immediate.”

In one of the first major markers of Chinese action against the attacks, the country arrested a number of hackers who were said to have stolen secrets of United States companies before Mr. Xi’s American visit, according to The Washington Post.

Even so, further attacks were likely to be viewed as a setback. Though China is home to a hard-to-control and diffuse network of state-affiliated hackers, it would probably be fairly simple for Beijing to control a central group like Deep Panda.

An anonymous White House source has said that the government is aware of the attacks, and did not dispute the details, but would not comment on what is being done to make sure the agreement with China is held to. This is similar to the response the White House offered in the wake of the OPM attack, when officials appeared reluctant to hold China responsible for the massive data theft.

Considering it took them months to hold China accountable for the devastating (and embarrassing) OPM hack, I’d count on this being a long, long process.

Follow Amy on Twitter @ThatAmyMiller


Donations tax deductible
to the full extent allowed by law.



Q: How do you spell ‘putz’?

A: O. B. A. M. A.

    smalltownoklahoman in reply to clafoutis. | October 19, 2015 at 12:27 pm

    How very true! Hopefully whoever wins the WH in 2016 will make it clear to China that this stops or there will be actual consequences for it. They’re pulling this stuff with Obama because they know he won’t do anything meaningful about it!

Hey who cares about a little cybersyping by China?
economic espionage, hacking of OPM where 22.1 million people, including addresses, mental health and criminal records were stolen. 22.1 million people who are at extreme risk of attack by foreign agents. How easy will it be for foreign agents using the OPM hack to pressure or inducements US citizens to engage in espionage.

Hey but we got one HELL of a deal with China on Global Warming!
“No challenge  poses a greater threat to future generations than climate change,” said Obama in his State of the Union speech Tuesday.

What a farce!

Why would the US sign an agreement banning cyberspying unless the agreement only applies to other countries? What, we’re expecting the NSA to not look at computers in Iran?

Sammy Finkelman | October 19, 2015 at 2:09 pm

China had to agree officially to go against private hacking in order to plead not guilty to government sponsored hacking. So they did. *

But since everything of significance is government sponsored, they did nothing important, and most business continues as usual.

* I wish this standard applied to the Palestinian Authority where it is enough for Abbas to condemn assaults and he’s not required to promise to stop them and punish the perpetrators. But China had to promise also to go after them.

Henry Hawkins | October 19, 2015 at 3:16 pm

I’d give my left arm to sit across from Obama at the poker table.