If hacking decreased by 90% following an agreement between the governments of the US and China, there must be some sort of ‘control’ over the hackers in China. I have to wonder if there is a similar relationship in Russia which can be exploited?
Following a previous agreement with the US, Chinese state hacking fell by up to 90%.
June 26, 2017 16:57 BST
The Chinese government has reached a landmark agreement with Canadian authorities that pledges to halt “economic cyber espionage”, a technique long-used by Beijing to hack into large firms and steal trade secrets, often including details of proprietary technology and military plans.
The truce was made during talks between Canada’s national security and intelligence adviser, Daniel Jean, and senior communist party official Wang Yongqing on 22 June. It follows a similar agreement with the US in 2015 which helped curb rapidly escalating tensions following major hacks.
“The two sides agreed that neither country’s government would conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages,” a portion of the deal stated.
According to the Globe and Mail, which first reported the deal, the accord solely covers economic espionage, declining to mention online espionage, surveillance and hacking to spy on state activity.
These covert actions are orchestrated by every government with the capability to do so.
“This is something that three or four years ago [Beijing] would not even have entertained in the conversation,” one government official told the newspaper. “For us, having the commitment on paper is good because we can refer to it,” the source, who was part of the talks, added.
Chinese hacking hit the headlines in a major way back in 2015, following the massive theft of federal records from the US Office of Personnel Management, or OPM. This embarrassing incident resulted in the loss of roughly 21.5 million government records, including 5.6 million fingerprint scans.
US officials concluded Chinese hackers were linked to the cyber break-in, a claim denied by Beijing.
In any case, amid a spike in tension between the two countries, US president Barack Obama and Chinese president Xi Jinping shook hands on the subject on 25 September the same year.
The White House said the two men had agreed “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information.” The wording was almost identical to the Canadian statement.
Despite criticism from some security commentators and analysts, who argued the deal would have little real impact, economic hacking did later decline. In one report from 2016, cybersecurity firm FireEye claimed it had – at one point – dwindled by a massive 90% over 24 months.
“Since mid-2014, we have observed an overall decrease in successful network compromises by China-based groups against organisations in the US and 25 other countries,” it said. “These shifts have coincided with ongoing political and military reforms in China.”
Between September 2015 (the time of the US-China agreement) and June 2016, FireEye noted more than a dozen “active China-based groups” compromising targets in the US, Europe and Japan, however said there was little evidence to show any data was actually stolen.
Last year, the threat from Chinese hackers was overshadowed by Russia, which reportedly orchestrated a series of devastating attacks on the US political system. It remains to be seen if the agreements will work, or if hacking activity will merely be forced further into the shadows.