During Chinese President Xi Jinping’s visit to the United States, an historic agreement was reached to limit malicious cyber-attacks between the U.S. and China. While the politicians made pledges, the facts on the ground a month later give little credence to the idea that much, if anything, has changed.
Dmitri Alperovitch, co-founder and CTO of CrowdStrike, publicly reported that his company has seen continued attacks from Chinese government-backed threat actors over the past month. The attacks are new intrusion attempts from China that his firm caught, Alperovitch explained.
CrowdStrike’s report attributes the attacks to Chinese nation-state backed actors, but it’s not entirely clear how decisions made in China at the political level manifest in the cyber realm.
“We don’t have specific information on the hierarchy of command, so we’re not able to shed any light here,” Alperovitch told eWEEK.
From what CrowdStrike is able to shed light on, there has been little change.
“We haven’t observed much difference in the typical tradecraft that we’ve seen before from Chinese-affiliated groups,” Alperovitch said. “The hackers are using the same infrastructure.”
A number of security experts contacted by eWEEK share CrowdStrike’s assessment of continued Chinese hacking attempts against U.S. targets.
Matt Harrigan, president and CEO of PacketSled, noted that his company has sensors located in the defense, health care, retail, and online services industries. “There is no indication from our perspective that the usual behavior from nation-state attackers in China or any other country has slowed in any way,” Harrigan told eWEEK. “It is important to remember that public-facing international policy statements are often vastly different from the reality of what happens in the world of U.S. and foreign intelligence agencies engaged in tradecraft.”
The agreement between President Obama and Chinese President Xi on Sept. 25, 2015 has done nothing to discourage the continued aggressive cyber-attacks against American business, claimed Ian Trump, security lead at LogicNow. That said, he added that the Chinese arrest of 15,000 alleged cyber-criminals during operation “Clean Internet” and the recent roundup of a handful of hackers at the urging of the U.S. government show a willingness of the Chinese government to avoid the Obama administration threatened economic sanctions.
“This is political grandstanding and will do little to deter the existing, sophisticated cyber-criminals plundering American business—no matter what nation may be responsible,” Trump said. “Even if the new official Chinese position of no government hacking for economic advantage is enforced, it will do little to deter [the] Chinese or anyone else as the cost of conducting cyber-crime is low and the reward is high.”
Lance James, cyber-security and intelligence advisor for Unit 221b, said his firm agrees that attacks are likely ongoing. In his view, attacks don’t stop overnight just because two leaders got together and agreed to stop.
China has never admitted to hacking American firms in the first place, James added, so if hacking continues, China will continue to deny it and won’t admit it anyway.
“If it stopped all of a sudden, they would be caught in the fact that they did do this,” James said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.