China suspected of hacks after inking deal with US

Hackers linked to the Chinese government have continued to infiltrate American companies in the three weeks since the U.S. and China inked an anti-hacking deal, according to new research from the security firm CrowdStrike.

{mosads}“The very first intrusion conducted by China-affiliated actors after the joint Xi-Obama announcement at the White House took place the very next day — Saturday, Sept. 26,” CEO Dmitri Alperovitch wrote in a blog post announcing the findings.

A senior White House official told The Wall Street Journal that the White House is aware of the new report but will not be commenting on it.

During Chinese President Xi Jinping’s state visit to the U.S. in September, the two nations announced a formal agreement that neither country would conduct or support the online theft of trade secrets or intellectual property.

Seven of the recently hacked companies were technology or pharmaceutical firms, “where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection, which the agreement does not prohibit,” Alperovitch wrote.

Alperovitch insisted that the report doesn’t necessarily indicate that the agreement has been a failure, noting that it might take some time for China to dismantle its espionage apparatus.  

“The fact that there is some time delay between agreement and execution is not entirely unexpected,” Alperovitch wrote. “But, we need to know the parameters for success, and whether the parties to the agreement discussed a timeframe for implementation or, instead, expected it to be immediate.”

The U.S. has tried to draw a line in the sand between hacking for traditional intelligence-gathering purposes and hacking for commercial gain. China has traditionally drawn no such distinction, leaving American firms howling over the constant data pilfering by Chinese actors.

Lawmakers and others have expressed concern that without an effective enforcement mechanism, the newly minted agreement will do little to stem the hacks from Beijing.

“There’s a difference between an agreement on paper and having the Chinese government, including the People’s Liberation Army, actually stop conducting and supporting cyber attacks on U.S. companies,” Senate Intelligence Committee Ranking Member Dianne Feinstein (D-Calif.) said when the agreement was announced.

The report identifies one of China’s most notorious hacking groups, the apparently Beijing-sponsored Deep Panda, as the culprit behind some of the post-agreement hacks.

The group is thought to be behind this year’s massive breach of health insurance company Anthem, which exposed the personal information of more than 80 million insurance policyholders.

Deep Panda has also been tied to cyberattacks on U.S. foreign-policy think tanks and individuals who are experts on the Middle East.

The Chinese government has publicly denied any links to Deep Panda.

Last week, the news broke that Beijing arrested several Chinese hackers accused of hacking U.S. firms.

The arrests were at the request of the U.S. government, sources told The Washington Post, and came from a list drawn up by Obama administration officials that identified cyber thieves who stole trade secrets from U.S. firms to pass along to Chinese competitors.

They came a week or two before President Xi’s tense state visit, causing some to question whether the action was a simple public relations stunt.

The White House has not laid aside the possibility of sanctioning Chinese companies that benefit from corporate espionage, but policy experts have said the administration will likely wait to see if the Chinese government holds up its end of the bargain.

“What I’ve said to President Xi and what I say to the American people, the question now is: Are words followed by actions?” President Obama said when the agreement was announced. “We will be watching carefully to make an assessment as to whether progress has been made in this area.”