Fidelis Cybersecurity
Fidelis Blog


Chinese Hacker Arrests – Establishing Norms or Biding Time?

As President Xi wraps up his tour in Britain, news continues to circulate around the Chinese government arrest of hackers suspected of conducting commercial cyber espionage against U.S. companies. The arrests allegedly occurred two weeks prior to Xi’s visit to the United States, a period when the United States was strongly considering leveling sanctions against Chinese companies, and was kept quiet until now. According to news reports, U.S. law enforcement identified the hackers they wanted arrested and passed it along to China for their action. Although it was not publicized in the Chinese press, it is uncertain if the suspects in question were state agents or those working on behalf of state interests.

The Xi-Obama state visit is generally viewed as a success between two economic powers. In addition to making a promise not to conduct commercial cyber espionage, the two governments reaffirmed commitments to mutual global interest areas such as humanitarian assistance and disaster response, sustainable development and ocean conservation, among other issues. The agreement specified a joint understanding that neither government will engage in cyber-enabled intellectual property theft against the other. This is an important first step in developing accepted norms of behavior for nation states in cyberspace.

There has been much skepticism about whether China will actually stop or significantly reduce its commercial cyber espionage activities. U.S. Director of National Intelligence James Clapper expressed concerns after the state visit, questioning whether a country so invested in cyber espionage would actually cease activities, despite threat of repercussion. Others have expressed similar doubts, including members of Congress.

Suspected Chinese cyber activity has targeted public and private organizations worldwide in an effort to obtain sensitive diplomatic, military and industrial information for political and economic advantage. Two factors have primarily driven Chinese cyber espionage activity: 1) to compete as a global economic power, and 2) to preserve national security interests and push for regional leadership and influence.

In the midst of a national economic slowdown, the promise to end such espionage aids China’s efforts in rebuilding its tarnished image as a purveyor of cybercrime. The arrest of Chinese hackers demonstrates China’s commitment toward resolving differences between the two countries (while preventing punitive financial repercussions). Confidence building measures such as these may help re-establish trust and show good faith.

At present, there is a noticeable void in international accepted norms of behavior for nation state activity in cyberspace. Both Western interests as well as their Eastern counterparts have presented potential guidelines to the global community, each nuanced by their respective perceptions of what the threat is and what are the rights of sovereign states to address what they view as threats to their national security interests. Identifying that cyber espionage for commercial gain is a “red line” is a step forward toward finding common ground.

It will be interesting to see how this will influence the activities of other countries suspected of similar acts. According to news reports, a 2013 U.S. Intelligence Community National Intelligence Estimate identified France and Israel, both strong allies of the United States, to be fervent perpetrators of commercial espionage against U.S. companies for commercial gain. Inconsistent standards against countries friendly to the U.S. government’s interests could damage the U.S.’s image, ultimately calling into question the motivations that drive how and when the U.S. chooses to implement sanctions, and against whom.

It is entirely possible that China will revert to cyber espionage once it has satisfied skeptics. They are known to dramatically change their tactics, techniques, and procedures in order to circumvent the monitoring process currently used against them. A more robust operational security process, coupled with more stringent obfuscation and a change in tools can greatly impact the ability to attribute activity.

The U.S. has made its move and China has responded whether it’s a short term or long term agreement. What the U.S. does next may greatly influence how successful its cyber sanctions program will ultimately fare.

 -Emilio Iasiello

Stay up to date on all things security

Subscribe to the Threat Geek Blog