Here we go again
According to one California-based cybersecurity firm, China is already violating its new cybersecurity agreement with the United States.
According to CrowdStrike founder Dmitri Alperovich, his firm has seen “no change in behavior” since President Obama and Chinese President Xi Jinping announced the anti-hacking deal on September 25. CrowdStrike has documented seven attacks against US-based pharmaceutical and tech companies since then, “where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national security-related intelligence collection.”
This, of course, is exactly why we signed this anti-hacking agreement to begin with. In addition to national security targets, cyberthieves most commonly target valuable intellectual property. Last month’s deal did not (pretend?) to prevent cybersyping for national security purposes; instead, it prohibited “economic espionage,” in which a hacker steals information from one company and sells it to a competitor.
More from the New York Times:
According to the CrowdStrike blog post, several of the recent attacks were the responsibility of a group it calls Deep Panda, which the company said it had tracked for many years. Deep Panda often goes after strategic national security targets, but it has also hacked companies in an array of industries, including in agriculture, finance, chemicals and technology.
Mr. Alperovitch did not write that the continued hacks were evidence that the deal had failed, though he called for the Obama administration to explain what it expected the agreement to accomplish.
“The fact that there is some time delay between agreement and execution is not entirely unexpected,” Mr. Alperovitch wrote. “But we need to know the parameters for success, and whether the parties to the agreement discussed a time frame for implementation, or, instead, expected it to be immediate.”
In one of the first major markers of Chinese action against the attacks, the country arrested a number of hackers who were said to have stolen secrets of United States companies before Mr. Xi’s American visit, according to The Washington Post.
Even so, further attacks were likely to be viewed as a setback. Though China is home to a hard-to-control and diffuse network of state-affiliated hackers, it would probably be fairly simple for Beijing to control a central group like Deep Panda.
An anonymous White House source has said that the government is aware of the attacks, and did not dispute the details, but would not comment on what is being done to make sure the agreement with China is held to. This is similar to the response the White House offered in the wake of the OPM attack, when officials appeared reluctant to hold China responsible for the massive data theft.
Follow Amy on Twitter @ThatAmyMillerDONATE
Donations tax deductible
to the full extent allowed by law.