Though the Chinese government has reportedly arrested several hackers in connection with the massive Office of Personnel Management data breaches, the lack of official confirmation from Beijing is leaving experts skeptical that it will fulfill a commitment to tamp down on cybercrimes.
During his state visit to Washington in September, Chinese President Xi Jinping inked a groundbreaking agreement with President Obama stating that neither country would support cyberespionage for commercial gain. While many experts questioned whether the deal would produce concrete results, it was also hailed as a key development at a time of escalating tension between China and the US over cyberattacks.
As another delegation of Chinese officials traveled to Washington this week for additional high-level talks on cyberespionage, The Washington Post reported that Chinese officials arrested hackers involved in the OPM hack, claiming that the breach was a criminal act and not a state-sponsored incursion. The Post reported that the arrests occurred just before President Xi's visit.
But many China watchers doubt the arrests are an indication Beijing is actually moving to reign in digital espionage or beginning to work toward fulfilling the agreement inked by Xi in September.
"As far as I can see, there's no reason to necessarily take the Chinese at their word," says Adam Segal, a senior fellow for China studies at the Council on Foreign Relations, in reference to news of the arrests.
If the arrests are indeed legitimate, and the supposed hackers are connected to the OPM breaches, the Chinese government should be more forthcoming with details, says Martin Libicki, a senior management scientist at the RAND Corporation.
"The Chinese could give us confirmation,” Mr. Libicki says. "They could give us a trial, they could give us a name, you know, we arrested 'so and so on this date.' "
When the OPM breach was first disclosed in June, Director of National Intelligence James Clapper called China the "leading suspect" for the breaches. Adding pressure on Beijing, the US also began threatening economic sanctions if China didn't begin to curtail its alleged cyberespionage and commercial hacking activities.
But some reports suggest that China has not curtailed any hacking against US targets. In October, the cybersecurity firm CrowdStrike revealed that Chinese hacks against US pharmaceutical and technology companies continued for more than two weeks after Washington and Beijing agreed to a deal that would end economic cyberespionage between the two countries.
If China has an impetus to stop attacks such as OPM, it may be driven from within the country and not by Washington, says Libicki. "President Xi is much more of a control freak than his predecessors were," he says. "He wants to run a tight ship, and he realizes that encouraging [freelance hackers] might have Chinese as their victims, not merely Americans."
If the arrested hackers were indeed tied to the OPM incursion, it wouldn't be the first time that Chinese nationals have been implicated in breaches of American computer systems. In 2014, the Justice Department charged five members of the Chinese military with breaking into American corporations and a labor organization. So far, they have not appeared in a US courtroom.
In regard to the most recent arrest reports, the ambiguity may be related to the often opaque nature of government dealings with the Chinese, says Catherine Lotrionte, director of the Institute for Law, Science, and Global Security at Georgetown University’s School of Foreign Service.
"It could be that the Chinese haven’t given that information to the US government, or it could be that the US government has agreed not to give out more details,” says Ms. Lotrionte.
Indeed, determining how and if the arrests amount to some kind of progress is challenging, says Mr. Segal of the Council on Foreign Relations. But at least the Chinese are making pledges against hacking for trade secrets to Britain, German, and other industrial powers, he says. "I think that is the clearest sign of progress."