Current and former U.S. officials tell The Washington Post that China has cut back on cyber-espionage after the Justice Department indicted five People’s Liberation Army officers in 2014.
This news follows reports that have recently surfaced claiming that Chinese hacking did not slow down appreciably after President Xi Jinping met with President Obama in Washington in September, and pledged China would strongly oppose “the theft of commercial secrets and other kinds of hacking attacks.”
The Post report describes this as a “surprising drawdown” that demonstrates “law enforcement action had a more significant impact than is commonly assumed.” In fact, according to these officials, PLA cyber-warfare units have not “substantially reengaged in commercial cyber-espionage” since those charges were announced.
That is a somewhat specific drawdown, as it says nothing about the diaspora of ostensible “rogue hacker” groups directed by the Chinese government, or about hacking unrelated to commercial espionage. Also, as the WaPo goes on to note, other elements of the Chinese intelligence apparatus have picked up the slack from reduced PLA cyber-espionage activity. However, it would still be an encouraging sign that tough action against specific individuals can make state-sponsored hacking seem like a more costly enterprise.
“For a period of time following the indictments, there was a very significant decrease” in PLA hacking, according to an official quoted by The Washington Post. “And today we are definitely not at the level that we were before the indictments.”
The narrative laid down by the Post involves private security companies, notably Mandiant, discovering the extent of Chinese hacking and tracing the intrusions back to specific PLA units. The FBI followed up with an investigation leading to the indictment of those five Chinese military officers, one of whom was profiled in Mandiant’s blockbuster report.
Those indictments evidently embarrassed the Chinese government much more than was previously believed. One intriguing possibility raised in the Post article is that some of the PLA’s cyber-espionage officials were lining their pockets by doing a bit of “moonlight” hacking on the side. That would be a source of considerable irritation for Beijing, which has been crusading hard against official corruption in recent years.
There is also the possibility that China is not so much reducing its cyber-espionage as getting better at concealing it and temporarily shifting its attention away from American corporations. A report this week from Reuters spoke of more sophisticated hacking techniques directed at Bejing’s adversaries, including utilizing advanced malware pumped into file-sharing services used by pro-democracy dissidents in Hong Kong.
Last week, the Financial Times reported that U.S. intelligence agencies have been scouring China’s latest five-year economic plan for clues as to which American companies they are likely to hack in the near future. “There’s a direct connection between the sectors highlighted in China’s five-year plans and the businesses that suffer breaches in the U.S. And if it is a priority for China, it should be a priority for companies in the U.S. to protect themselves,” explained Peter LaMontagne of the Novetta data analysis firm, and a veteran of diplomatic service in China.
The view expressed through the Financial Times article is that China still needs the trade secrets it swipes from U.S. companies by hacking their systems, and it still has the means to obtain them. It will take more than a few embarrassing indictments to change China’s thinking over the long term.