According to a new report from a prominent cybersecurity
firm hired to investigate breaches, Chinese hacking of U.S. government and
corporate networks and other countries has sharply declined since 2014
Hackers operating out of China were linked to between 50 and
70 incidents that the cybersecurity company FireEye Inc. was investigating on a
monthly basis in 2013 and the early part of 2014. Starting in October 2015,
however, this tally dropped below 10 incidents and hasn't recovered. FireEye
observed only a handful of network intrusions attributed to Chinese groups in
April of this year.
FireEye rival CrowdStrike Inc. says that it, too, has
noticed a drop in China-based hacking incidents. Chief Technology Officer and
co-founder Dmitri Alperovitch said the decline may be accounted to sweeping
reorganization of China’s military, announced earlier this year.
The shift is likely the result of a confluence of factors,
including public scrutiny and pressure from the U.S. government but it is not
solely the result of a September anti-hacking pledge struck by President Obama
and Chinese President Xi Jinping.
Chinese military hackers attempted to steal troves of
confidential information from the U.S. Office of Personnel Management in 2014
and failed. But China got the data anyway. It passed the job to contractors --
a group code-named Coldcuts by the U.S. -- who worked on their own or for
private companies to conduct a dragnet for sensitive data from government,
airlines and health insurers.
The new information about those incursions, confirmed by two
people involved in the investigation who asked not to be identified because the
details remain confidential.
When China’s expansive hacking operations began to come into
the public eye, the U.S. was able to muster the political support to confront
China directly on its cyber espionage tactics — indicting five Chinese military
officers in 2014 on charges of stealing trade secrets and striking the
anti-hacking pledge. None of those charged has appeared in the U.S.
That’s a success for the Obama administration and September
deal is thought to be the reason behind it but researchers found that the drop
was noticed before the deal was made.
Military reforms within the Chinese government also played a
role. Since taking power in late 2012, Xi has implemented a series of
significant military reforms aimed at centralizing China’s cyber elements that
may also be a factor.
Ahead of a visit to the U.S. by Chinese President Xi Jinping
in September 2015, news leaked that President Barack Obama was considering
sanctions against Chinese companies that benefited from hacking. China’s top
security czar flew to Washington to hammer out an agreement, later announced by
the two presidents, that China would stop supporting cyberespionage for
commercial purposes.
Though Chinese hackers are still targeting some
private-sector U.S. firms but that data could be used both for military
applications and commercial ones. This suggests that the intrusions could be
traditional intelligence-gathering, which is not prohibited by the September
agreement.
But it seems the battle may be moving to another front.
That shift makes the question over whether China is keeping
a promise that it won’t hack U.S. companies for technology and personal data a
challenge to answer or is it turning the battle to another front.