As US/China Tension Rises, What Fall-Out for Tech?

Espionage hacking arrests show height of data-theft risks

Last week, Washington shook the cybersecurity world well and truly out of its slumber by indicting five People’s Liberation Army (PLA) officers on charges of hacking US firms for economic gain. They’re unlikely to ever face trial but when those ‘wanted’ posters were splashed across the world’s media an obvious, high-level policy change had taken its first dramatic step. The problem for Western firms with business interests in China is what comes next.

The decision to get tough on Chinese cyber-espionage activity was taken at the very highest level, an unnamed official told the Washington Post recently, and will become “the new normal”.

“We’re talking about a major change in administration strategy and policy,” said another.

At the heart of Washington’s beef is that Chinese state operatives are going after US firms for sensitive IP which will ultimately help their rivals in the Middle Kingdom gain a competitive advantage. The US, by contrast, says it draws a line between spying for national security and doing so for economic gain. This argument has become harder to justify since revelations that the NSA may have been spying on companies like Huawei and installing backdoors in US-made commercial kit before export abroad.

There’s little evidence to suggest such an approach will cause a rethink in Beijing. China’s line has consistently been to play the victim when it comes to cyber-attacks. It’s a position that has been strengthened significantly by Edward Snowden’s NSA revelations. The last time the US had convincing evidence to link attacks on its companies with state-sponsored actors, in the Mandiant report of February 2013, officials simply dismissed it.

One year on, Mandiant claimed in its M Trends report that activity levels for the various PLA groups had eventually returned to normal and, if anything, efforts were now being made to cover their tracks more effectively.

Darien Kindlund, director of threat research at parent company FireEye, told me not much has changed this time around.

“We have not noticed any specific change on APT1's activity, since the DoJ [US Department of Justice] indictment, nor since the beginning of the year,” he explained.

Trouble ahead

But while the indictments haven’t led to any dialling back of cyber-attack activity, they do seem to have stirred Beijing into a different kind of action.

First up, the Chinese government announced just a day later that Windows 8 would be banned from all new public sector computers. The move was ostensibly made to ensure that China couldn’t be held to ransom again by a foreign provider, as it feels it was when Microsoft withdrew support for XP in April. The archaic OS still has a market share of over 50% in the Middle Kingdom.

The timing of the announcement could be a coincidence, although such things are rare in the highly stage-managed world of Chinese politics. With no home-grown replacement for XP anywhere near ready, there’s more than just a hint of statecraft at play here.

Then, three days after the indictment, another body blow for US firms in China: a new regulation demanding all major IT products and services destined for “national security and public interests” be vetted for vulnerabilities. Now, such an announcement was always on the cards, especially when the US effectively did the same to Huawei and ZTE in 2012 after a congressional committee branded the two Shenzhen firms a national security risk. However, once again the timing of the announcement is particularly apposite.

With the NSA accused of installing backdoors on US-made gear prior to export, China can’t exactly be blamed for taking this hard-line stance. But it now has a perfect excuse to ban, block and delay imports and generally disrupt US-Sino trade as it sees fit. Beijing has always been quick to penalise any foreign players it deems to be shutting out home-grown firms – witness the ongoing anti-monopoly investigation against Qualcomm which could cost the chip giant over $1bn in fees. However, with this latest pronouncement, boardrooms across the US will be nervously waiting to see how things play out.

China is not yet self-sufficient in everything, especially on the software side, but it still has a big enough market to use trade as a diplomatic bargaining chip. For their part, US firms will be trying to make the case that their presence in China creates jobs, products that make business users more productive and has helped nurture a thriving ecosystem of local supply-chain providers.   It may be too late for Cisco, which this week was accused by state media of being complicit in US cyber spying. China has also released a major report titled The United States’ Global Surveillance Record. The backlash has well and truly begun.

Trouble at sea

In the meantime, Western organisations will continue to be targeted by Chinese hackers – many of them state-sponsored. New research from threat intelligence firm Cyber Squared this month found a number of sophisticated, long-running attack campaigns targeting countries bordering the disputed South China Sea region.

From the US military to oil and gas, transportation and mining sectors, organisations with a direct or indirect stake in the region face a growing risk of data loss, according to chief intelligence officer, Rich Barger.

“Consider a simple email exchange or shared drive of documents on a computer residing in Vietnam,” he told me. “Any email account or system compromised, also compromises the documents and information within it regardless of where it originally came from. So any sensitive data shared by Western organisations can be stolen ‘by proxy’ if the Vietnamese account or system that holds them is compromised.”

If this is the “new normal”, then expect a lot more of the same in future.


John Anderson has been writing about technology and all things Asia for over a decade, having started out on some of the UK's best known best-known IT trade titles. From his perch in the Far East he keeps a keen eye on the global significance of emerging trends in the region.