Government

Report: Cybersecurity Pact Fails to Deter Chinese Hackers

The cybersecurity pact the United States and China agreed to last month hasn’t stopped Chinese hackers from continuing their efforts to steal intellectual property from U.S. companies, CrowdStrike said Monday.

“Over the last three weeks, CrowdStrike Falcon platform has detected and prevented a number of intrusions into our customers’ systems from actors we have affiliated with the Chinese government,” said Dmitri Alperovitch, CTO at CrowdStrike.

Seven of the companies attacked are in the technology or pharmaceuticals sectors. The primary benefit of such intrusions would be theft of intellectual property and trade secrets, rather than national security-related intelligence collection, he noted.

The countries agreed not to conduct or support cybertheft of intellectual property, including trade secrets and other confidential information, with the objective of giving companies a competitive advantage.

CrowdStrike detected 13 attacks on its clients from Sept. 21 to Oct. 16, according to a chart the company published. Three attacks occurred while Chinese President Xi Jinping Jinping was in the United States meeting with President Obama: One was launched before Xi signed the cyberagreement with the United States and two after the agreement was announced.

“We are aware of this report. We’ll decline comment on its specific conclusions,” a senior administration official said in a statement provided to the E-Commerce Times by National Security Council spokesperson Mark Stroh.

“Regarding China, we [raised] our concerns regarding cybersecurity with the Chinese,” the official continued. “As we move forward, we will monitor China’s cyberactivities closely and press China to abide by all of its commitments.”

Attacks Obscure China’s Involvement

From the point of view of China, which denies its government is behind any kind of hacking of U.S. companies, it’s better that intrusion attacks continue, said Ken Westin, a senior security analyst atTripwire.

“If these attacks stopped, that would be [admitting] on China’s part that they were actually engaged in corporate espionage,” he told the E-Commerce Times.

“If nothing changes, they can say it’s not the government but a group within China or someone outside of China is using infrastructure within China to do the attacks,” Westin said.

U.S. Not Blameless

If China intended to honor the cyberagreement it forged with the United States, attacks on domestic firms would have stopped before the ink on the document had dried, maintained Richard Stiennon, chief research analyst atIT-Harvest.

“China rules with an iron hand,” he told the E-Commerce Times. “You don’t get away with doing anything illegal there.”

While the United States has been quick to heap criticism on China for its corporate espionage activities, Uncle Sam has contributed to the situation, Stiennon contended.

“The federal government should have been locking down their systems for the last eight years and devising techniques and technologies to do that and then sharing that with the populace,” he said.

“Instead, they’ve sat on their hands and done nothing to protect their own environments and nothing to help the rest of us,” Stiennon continued.

Tear Down That Great Firewall

However, the government can do only so much to protect the data of its citizens and businesses, maintained Steven Fadem, chairman ofGlobal Data Sentinel.

“You can have political treaties and build better firewalls and build a bigger moat around your data, but at the end of the day, if you don’t protect the data itself, none of it is going to be effective,” he told the E-Commerce Times.

“Trying to enforce any sort of international agreement on this scale is challenging at best, so none of us should let our guard down when it comes to protecting our data,” Fadem added.

The Obama administration is taking a wait-and-see approach with China’s enforcement of the cyberagreement.

“If these accusations are true, Obama now needs to act,” said Charles Smith, cofounder ofGreatFire.org.

“I think in the past, the American authorities have swept these types of cyberattacks under the carpet. Obama will have to come up with a very good reason for sweeping these under the carpet now,” he told the E-Commerce Times.

“Obama has said that America has the power to take down China’s Great Firewall, and that this is the action they would take in response to cyberattacks,” Smith added. “I think it’s time to take down that wall.”

John Mello is a freelance technology writer and contributor to Chief Security Officer magazine. You can connect with him on Google+.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
More by John P. Mello Jr.
More in Government

How often do you receive an email that you suspect is fraudulent?
Loading ... Loading ...

E-Commerce Times Channels