Even after a landmark cyber theft agreement, US companies appear as vulnerable as ever to hacks emanating from China.
In the three weeks after the US and China agreed to stop spying on each other for commercial purposes, hackers associated with the Chinese government have attempted to penetrate at least seven different US companies, according to Reuters.
The prominent security firm CrowdStrike Inc said its software, installed at five technology and two pharmaceutical companies, detected and successfully repelled the attempted intrusions that started on Sept. 26.
The day before, President Obama and Chinese President Xi Jinping agreed to forbid their governments from permitting cyber theft of trade secrets for the benefit of domestic companies. The White House is aware of the latest attempted hacks but has yet to comment on CrowdStrike's conclusions.
In an interview with Reuters, CrowdStrike Co-Founder Dmitri Alperovitch said he believed the hackers were associated with the Chinese government, partly because of the software and servers the perpetrators used.
The "primary benefits of the intrusion seem clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional, national-security-related intelligence collection," Alperovitch said in a blog post. He also added that more hacks after the agreement were to be expected:
So does this evidence of ongoing intrusions into the commercial sector from China indicate the failure of the US-China cyber agreement? That depends on what is done about it and how long the current situation persists. As George Kurtz stated on the date of the agreement, “even under the best of circumstances, industry is left to wonder how quickly China’s bold intelligence gathering apparatus might be dismantled.” The fact that there is some time delay between agreement and execution is not entirely unexpected. But, we need to know the parameters for success, and whether the parties to the agreement discussed a timeframe for implementation or, instead, expected it to be immediate.
Richard Brejtlich, a Senior Fellow at the Brookings Institute, tells The Christian Science Monitor it is too soon to make sense of this latest round of hacks. In an article he wrote shortly after the agreement, he outlined several interpretations for the cyber pact. One included that intrusions would certainly continue, but now under the guise of good governance:
The United States has a long-standing policy of not passing what it learns from these spying missions to American companies for competitive gain. It’s possible the US administration believes its Chinese counterpart will now act in a reciprocal manner. American companies will still be targeted by Chinese hacking teams, but the Chinese government will claim that it is working to collect economic data and uncover bribery and corruption. Whether the Chinese government passes what it learns to Chinese companies for economic advantage remains an open question.
He also theorized that Mr. Xi may consider the People’s Liberation Army (PLA), Ministry of State Security, and other organizations that typically conduct hacking to be excluded from his definition of “Chinese government.” Therefore, while the “Chinese government” holds up its commitment, shadow groups can still do the dirty work.
And on Friday, NBC News reported that the Woods Hole Oceanographic Institution, one of the most important scientific research centers in the US, said it was the target of a hack emanating from China in June. The institute has said so far, only commercial data and emails were accessed. The WHOI performs classified research for the US Navy, but a spokesman said sensitive data is kept on a different network than the one that was attacked.
This report contains material from Reuters.