A new US-Sino cyber détente? Don't bet on it

Just when you thought US-China relations were about to worsen yet again, something rather unexpected seems to have happened. Major attacks by Chinese hackers seem to be slowing. At least that’s what several cyber security executives told Reuters on Monday. The reason? Well, it could well be President Xi’s upcoming visit to Washington, during which cyber espionage is likely to be a major focus of discussions.

But given all that we know about the motives behind Beijing’s long-running targeted attack campaign against foreign organisations, is this really the start of cyber détente?

Reasons to be cheerful

On the face of it, the experts the newswire spoke to certainly know their stuff. Kevin Mandia is founder of Mandiant – an intelligence and forensics firm which has benefitted more than most from the spate of major ‘Chinese’ cyber-attacks which have hit the likes of Sony Pictures, Target and healthcare firm Anthem. He told Reuters, “The pace of new breaches feels like it’s tempering,” adding: “in my gut, I feel like the Chinese and the US over the next couple of years are going to figure this out.”

Given that information security professionals are not prone to optimism, this is a surprising statement from Mandia. Yet it was backed up by Cylance CEO Stuart McClure who also claimed a drop-off in attacks thought to have come from China over the past six months. Trend Micro’s chief cybersecurity officer, Tom Kellermann, was more cautious, however, claiming merely that “there’s been a consolidation in activity coming out of China.”

I’d be similarly cautious. If we’re talking specifically about cyber-attacks focused mainly on private US companies with an economic focus – for that is where the Obama administration wants to concentrate its time – then nothing much has changed. There has been talk of sanctions, but that’s unlikely to faze China. There may have been an executive decision to moderate attack activity until the negotiations and Xi’s trip to the US are over, but I’m not sure it will change a great deal in the long run.

After the US indicted five PLA soldiers last year for their obtaining “information for the purpose of commercial advantage and private financial gain”, cyber-attacks from their unit slowed for a few months – but soon picked up where they left off. After a separate group, APT 12, was exposed by Mandiant in early 2013 for attacks on the New York Times, it too went off grid. But it was back six months later with new and improved malware versions and new techniques to stay hidden.

State-backed tech transfer

In fact, if a new report is to be believed, China’s economic espionage campaign against US firms could cost as much as $5 trillion a year in terms of the value of the IP stolen. The story, by – admittedly anti-Chinese communist party paper – Epoch Times, quotes from reputable cybersecurity firms and official government documents to make its case. Most interesting is the allegation that Beijing invests huge sums of money not only in economic espionage but in tech transfer centres designed to first earmark for theft and then process stolen IP for the economic and military betterment of the Middle Kingdom.

The process of reverse engineering alone as described in the report would take years if, as alleged, China sends students to study in the target industries first, before beginning the process of building what amounts to counterfeit products. The report describes an institutionalised, large-scale IP theft and tech transfer programme which any nation state would be unlikely to pull the plug on – if it ain’t broke…

Whether the US and China can come to some sort of an agreement on limiting that activity, however, remains to be seen. Despite its attempts to differentiate between military/intelligence based spying and IP theft for economic gain, Washington’s negotiating position has been hugely damaged by the Edward Snowden revelations – especially over the NSA targeting foreign organisations.

With concrete attribution always problematic in cyber space, it’s likely Beijing will continue to play the plausible deniability card that’s served it so well thus far. Any ‘agreements’ that come out of these upcoming talks are unlikely to mean an end to cyber espionage … for either side.


« Top Tips: Ensuring a successful VDI deployment


Microsoft Cardboard - late to the VR party »
Phil Muncaster

Phil Muncaster has been writing about technology since joining IT Week as a reporter in 2005. After leaving his post as news editor of online site V3 in 2012, Phil spent over two years covering the Asian tech scene from his base in Hong Kong. Now back in London, he always has one eye on what's happening out East.

  • twt
  • Mail


Do you think your smartphone is making you a workaholic?