China Still Hacking US Firms Despite Xi’s Vow

Chinese government hackers have attempted in the past few weeks to penetrate the networks of US companies to steal their secrets despite a pledge by China’s president that they would not do so, according to private researchers.

Chinese hackers have targeted at least seven US companies since President Xi Jinping vowed last month in Washington that his country would not conduct economic cyberespionage — the theft of trade secrets and intellectual property for the benefit of the nation’s industries, according to CrowdStrike, a firm that helps companies track and prevent intrusions.
In the three weeks since Xi left Washington — including the day after he left, on Sept. 26 — hackers linked to the Chinese government have attempted to gain access to tech and pharmaceutical companies’ networks, said Dmitri Alperovitch, CrowdStrike co-founder and chief technology officer, who released a report recently.
The efforts continue to the present, sometimes several times a day, and appear to be distinct from traditional intelligence gathering, which is not covered by Xi’s pledge, Alperovitch noted.
Both President Obama and President Xi Jinping referenced the evolving relationship between their two counties during a toast at the Chinese state dinner. (AP)
The U.S. intelligence community is also seeing continued signs of economic cyberespionage by Chinese hackers, according to a US official, who spoke on the condition of anonymity because of the matter’s sensitivity. But what it means at this point is not clear.
One senior military cyber defense official said recently that any cessation of Chinese economic espionage activity will play out over time. “I think it’s too early for any of us to see any of those changes,” said the US Cyber Command’s deputy commander, Lt. Gen. James K. McLaughlin, speaking at the Center for Strategic and International Studies on Oct. 9.
Nonetheless, the fresh efforts by Chinese hackers, if they prove to be part of a renewed campaign of commercial espionage in cyberspace, will put pressure on the Obama administration to hold China accountable.
While in Washington for a state visit, Xi met with President Obama and promised that China would not “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
Obama said Beijing must now follow through. “The question now is,” Obama said, “are words followed by actions?”
A senior administration official said the White House is aware of CrowdStrike’s report. “We’ll decline comment on its specific conclusions,” said the official, who spoke on the condition of anonymity because of the issue’s sensitivity. “As we move forward, we will monitor China’s cyber-activities closely and press China to abide by all of its commitments.”
The Washington Post reported in late August that the administration was preparing to impose, possibly even before Xi’s visit, economic sanctions on Chinese companies that benefited from government-sponsored hacking. But a promise by the Chinese government to refrain from such activity and its arrests of several hackers, among other gestures, helped persuade the administration to hold off on imposing sanctions.
But if the Chinese continue their behavior, the administration will act, officials said.
Standing next to Xi in the Rose Garden last month, Obama stressed that he had created a sanctions program earlier this year to be used when the administration has proof that the hackers have “gone after US companies or US persons.” He said he had told Xi “that we will apply [sanctions] and whatever other tools we have in our tool kit to go after cybercriminals, either retrospectively or prospectively.”
Many officials have been skeptical — some openly — that China would uphold its end of the agreement. One question: How much time should the administration give China to make changes in its behavior?
Some analysts noted that it could take time for China’s vast apparatus of cyberspies to be dismantled or refocused.

Another threat-detection company, FireEye, also has observed activity from likely Chinese government hacker groups since Sept. 25. “But it is premature to conclude that activity during this short timeframe constitutes economic espionage,” the firm’s intelligence director, Laura Galante, said in an e-mail. “Assessing the complexity of changes in state-sanctioned economic espionage requires far more sufficient time, data and viewpoints,” she said.
Alperovitch said he thinks enough time has passed. “The Chinese need to be held accountable for their continued attempts to steal IP and trade secrets through cyber-intrusions into commercial companies” he said. “The US government needs to make it clear that we will still use those sanctions unless these actions cease.”
CrowdStrike is not identifying the companies that were targeted, Alperovitch said. He said that CrowdStrike’s intrusion-detection platform prevented the hackers from gaining actual entry into their targets’ networks and no data was taken.
But, he said, the detection platform revealed tools and techniques, including servers in other countries, that are used by a variety of Chinese government hacking groups, including one that CrowdStrike has dubbed Deep Panda. For years, these groups have been targeting industries of strategic importance to China, including agriculture, chemical, financial, health care and insurance sectors.
Washington Post: http://wapo.st/1RQUAB3

 

« FBI Say ISIS Is Going After US Vulnerabilities
IBM Gives China Access to Software Code »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Open Information Security Foundation (OISF)

Open Information Security Foundation (OISF)

OISF is a non-profit organization led by world-class security experts, programmers, and others dedicated to open source security technologies.

OcuCloud

OcuCloud

OcuCloud protects businesses' valuable information in the cloud, preventing security breaches caused by employees and remote vendors.

CybExer Technologies

CybExer Technologies

CybExer provide an on-premise, easily deployable solution for complex technical cyber security exercises based on experience in military grade ranges.

Global Lifecycle Solutions EMEA (Global EMEA)

Global Lifecycle Solutions EMEA (Global EMEA)

Global EMEA provides full lifecycle services to corporate Clients covering procurement, configuration, support, maintenance and end-of-life asset management.

IoT M2M Council (IMC)

IoT M2M Council (IMC)

The IMC is the largest and fastest-growing trade organisation in the IoT/M2M sector.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

01 Communique Laboratory

01 Communique Laboratory

01 Communique Laboratory is an innovation leader in the new realm of Post-Quantum Cyber Security.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

TrustGrid

TrustGrid

Trustgrid is a pioneer and leader in secure, cloud-native software-defined connectivity.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

ReasonLabs

ReasonLabs

ReasonLabs have created a next-generation anti-virus that is enterprise grade, yet accessible to any personal device around the world.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Jot Digital

Jot Digital

Jot Digital is a full-service technology company specializing in digital engineering, application modernization and business transformation.

Endari

Endari

Endari specializes in building cybersecurity maturity within the operational DNA of early-stage startups and SMBs.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.