- The Strategist - https://www.aspistrategist.org.au -

Hacking for ca$h

Posted By on September 25, 2018 @ 06:02

In 2015 then-US President Barack Obama metaphorically arm-wrestled Chinese President Xi Jinping into agreeing to stop engaging in commercial cyber espionage. Since then, China has made a similar pact with G20 members and made bilateral declarations with countries like Australia and Germany.

Now, three years on, ASPI has worked with counterparts in the US and Germany to see whether the Chinese Communist Party (CCP) is adhering to these commitments. Spoiler alert: it isn’t [1].

The US played the lead-up to the deal with Xi cleverly, slowly ratcheting up the pressure. In 2013, a high-level Commission on the Theft of American Intellectual Property [2] estimated that the theft of IP totalled US$300 billion (A$413 billion) annually, and that 50–80% of the theft was by China. The same year  cybersecurity firm Mandiant released a blockbuster report that tracked commercial cyber espionage to a People’s Liberation Army (PLA) unit [3].

The next year the FBI indicted five PLA hackers for engaging in commercial cyber espionage and in April 2015, the US put economic sanctions on the table when the president signed an executive order that would allow for such measures. The CCP caved in September 2015 in the face of this astute diplomatic legwork.

At first it looked like China was honouring its commitments, but our review found this was likely coincidental with internal factors that temporarily reduced commercial cyber espionage. As Adam Segal, who authored the US section, wrote:

First, soon after taking office, Xi launched a massive and sustained anticorruption campaign. Many hackers were launching attacks for private gain after work, misappropriating state resources by using the infrastructure they had built during official hours. Hacking for personal profit was caught up in a broad clampdown on illegal activities.

Second, the PLA was engaged in an internal reorganisation, consolidating forces and control over activities. Cyber operations had been spread across 3PLA and 4PLA units, and the General Staff Department Third Department had been managing at least 12 operational bureaus and three research institutes. In December 2015, China established its new Strategic Support Force, whose responsibilities include electronic warfare, cyber offence and defence, and psychological warfare. In effect, PLA cyber forces were told to concentrate on operations in support of military goals and move out of industrial espionage.

However, these internal changes didn’t put an end to commercial cyber espionage. Instead responsibility for it shifted from the PLA to units connected with the Ministry of State Security, which is reported to have significantly better tradecraft than its PLA colleagues.

In the three countries we examined, the amount of publicly available evidence varied, but in all three countries it was found that China was clearly, or likely to be, in breach of its agreements.

The United States Trade Representative’s March 2018 investigation [4] stated that ‘Beijing’s cyber espionage against US companies persists and continues to evolve’. In Germany, the digital industry association found in July 2017 that 53% of German companies [5] are affected by cyber espionage, with losses worth €55 billion (A$89 billion) annually. The German Interior Ministry identifies China alongside Russia and Iran as the primary countries responsible for espionage and cyberattacks against it. And in Australia, in 2012 (before the China–Australia agreement) it was revealed by the MI5 director-general that a Chinese cyberattack had cost a UK-based company [6]—later reported to be Rio Tinto—an estimated £800 million (A$1.44 billion).

Since Australia’s agreement with China to cease its commercial cyber espionage, China has been implicated in the attack on the Australian National University. The 2009–10 annual report of the Australian Security Intelligence Organisation (ASIO) stated that ‘cyber espionage is an emerging issue’. Since then ASIO’s annual reports have consistently mentioned that cyber espionage affecting Australian commercial interests and for commercial intelligence purposes is taking place, although without explicitly naming China.

ASPI’s report summarises the current situation this way: ‘China appears to have come to the conclusion that the combination of improved techniques and more focused efforts have reduced Western frustration to levels that will be tolerated. Unless the targeted states ramp up pressure and potential costs, China is likely to continue its current approach.’

The question is how to ramp that pressure back up. The approach taken by Obama managed to precipitate an agreement with the CCP that distinguished between (legitimate) traditional political–military espionage and (illegal) espionage to advantage commercial companies. However, it only modified rather than stopped the bad behaviour.

To get cyber espionage back on the agenda with China requires both the steady escalation of the issue (the Obama playbook, which Trump seems to be following in his own unique style) and the plausible threat of costs, like sanctions, if the CCP fails to keep its word.

For a country like Australia, it’s time we name China as a perpetrator of commercial cyber espionage and work in coalition with other states to escalate pressure until the Chinese leadership decides the costs are too high for it to keep orchestrating the theft of intellectual property.

Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/hacking-for-cash/

URLs in this post:

[1] it isn’t: https://www.aspi.org.au/report/hacking-cash

[2] Commission on the Theft of American Intellectual Property: http://ipcommission.org/report/IP_Commission_Report_052213.pdf

[3] to a People’s Liberation Army (PLA) unit: https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html

[4] March 2018 investigation: https://ustr.gov/sites/default/files/enforcement/301Investigations/301%20Draft%20Exec%20Summary%203.22.ustrfinal.pdf

[5] 53% of German companies: https://www.dw.com/en/half-of-german-firms-hit-by-industrial-sabotage/a-39796196

[6] cost a UK-based company: https://www.bloomberg.com/news/features/2018-07-13/did-china-hack-rio-tinto-to-gain-a-billion-dollar-advantage

Copyright © 2024 The Strategist. All rights reserved.