Modern field guide to security and privacy

Experts question China's promise to curb cybercrime

Reports that China arrested several people in connection with the Office of Personnel Management surfaced during cybersecurity talks between Beijing and Washington this week. But experts worry the arrests are more show than substance.

|
Cliff Owen/AP
At the Justice Department in Washington this week, Homeland Security Secretary Jeh Johnson and Attorney General Loretta Lynch awaited the arrival of Chinese Minister of Public Security Guo Shengkun for talks on cybersecurity issues.

Though the Chinese government has reportedly arrested several hackers in connection with the massive Office of Personnel Management data breaches, the lack of official confirmation from Beijing is leaving experts skeptical that it will fulfill a commitment to tamp down on cybercrimes. 

During his state visit to Washington in September, Chinese President Xi Jinping inked a groundbreaking agreement with President Obama stating that neither country would support cyberespionage for commercial gain. While many experts questioned whether the deal would produce concrete results, it was also hailed as a key development at a time of escalating tension between China and the US over cyberattacks. 

As another delegation of Chinese officials traveled to Washington this week for additional high-level talks on cyberespionage, The Washington Post reported that Chinese officials arrested hackers involved in the OPM hack, claiming that the breach was a criminal act and not a state-sponsored incursion. The Post reported that the arrests occurred just before President Xi's visit.

But many China watchers doubt the arrests are an indication Beijing is actually moving to reign in digital espionage or beginning to work toward fulfilling the agreement inked by Xi in September. 

"As far as I can see, there's no reason to necessarily take the Chinese at their word," says Adam Segal, a senior fellow for China studies at the Council on Foreign Relations, in reference to news of the arrests.

If the arrests are indeed legitimate, and the supposed hackers are connected to the OPM breaches, the Chinese government should be more forthcoming with details, says Martin Libicki, a senior management scientist at the RAND Corporation. 

"The Chinese could give us confirmation,” Mr. Libicki says. "They could give us a trial, they could give us a name, you know, we arrested 'so and so on this date.' "

When the OPM breach was first disclosed in June, Director of National Intelligence James Clapper called China the "leading suspect" for the breaches. Adding pressure on Beijing, the US also began threatening economic sanctions if China didn't begin to curtail its alleged cyberespionage and commercial hacking activities.

But some reports suggest that China has not curtailed any hacking against US targets. In October, the cybersecurity firm CrowdStrike revealed that Chinese hacks against US pharmaceutical and technology companies continued for more than two weeks after Washington and Beijing agreed to a deal that would end economic cyberespionage between the two countries.

If China has an impetus to stop attacks such as OPM, it may be driven from within the country and not by Washington, says Libicki. "President Xi is much more of a control freak than his predecessors were," he says. "He wants to run a tight ship, and he realizes that encouraging [freelance hackers] might have Chinese as their victims, not merely Americans."

If the arrested hackers were indeed tied to the OPM incursion, it wouldn't be the first time that Chinese nationals have been implicated in breaches of American computer systems. In 2014, the Justice Department charged five members of the Chinese military with breaking into American corporations and a labor organization. So far, they have not appeared in a US courtroom.

In regard to the most recent arrest reports, the ambiguity may be related to the often opaque nature of government dealings with the Chinese, says Catherine Lotrionte, director of the Institute for Law, Science, and Global Security at Georgetown University’s School of Foreign Service.

"It could be that the Chinese haven’t given that information to the US government, or it could be that the US government has agreed not to give out more details,” says Ms. Lotrionte. 

Indeed, determining how and if the arrests amount to some kind of progress is challenging, says Mr. Segal of the Council on Foreign Relations. But at least the Chinese are making pledges against hacking for trade secrets to Britain, German, and other industrial powers, he says. "I think that is the clearest sign of progress."

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Experts question China's promise to curb cybercrime
Read this article in
https://www.csmonitor.com/World/Passcode/2015/1204/Experts-question-China-s-promise-to-curb-cybercrime
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe