Thursday, October 22, 2015

Cyber-Security Firm Says Chinese Hackers Keep Attacking US Companies

Cyber-security Firm Says Chinese Hackers Keep Attacking US Companies
                 This article states that Chinese hackers have continued to attack US companies despite signing an agreement with the US stating that China and the US would not solicit cyber missions whose aims were to steal private company intellectual property or trade secrets that presented evident commercial advantages.  However, the Chinese breached this agreement the very next day. 
                A hacking group, with connections to the Chinese government, hacked US private companies in an attempt to look for trade secrets and was tracked by security service provider CrowdStrike.  Companies the Chinese were particularly targeting were pharmaceutical and technological companies.  The attacks were thwarted but still raised a concern for US cyber security, since these attacks happened after the US and China had signed the agreement.  The news is hopefully going to stagnate future attacks on private companies despite doubts from the US audience.  If the attacks continue, Obama has stated that the US will not rule out economic sanctions against Chinese companies.  Upon investigation, it is evident that the intent of these hackings is to steal intellectual property and trade secrets from private pharmaceutical and technology sectors.  Tempers are continuing to rise on the side of the US considering that many China-affiliated hackers are said to have persistently tried to re-enter US networks even after multiple failed attempt.  It would seem that despite the negotiation and signed agreement, that China has not ceased its cyber warfare.  The group of the utmost concern is called Deep Panda, whose main goal is to reveal national security targets, but who also dabbles in invading agriculture, finance, chemical, and technology industries.  The deal is not entirely for not however, as the Obama administration is expecting lag time between agreement and the execution of that agreement.  The real test will come when an adequate amount of time has passed and the agreement is in full execution, to see if the Chinese hacking attempts will really stop.  China is given some credit though, in that they have taken markers to see that this agreement is upheld, namely arresting a number of hackers who were said to have stolen secrets of US companies prior to the agreement.  As of now, the US is viewing future attacks as a setback but not a deal breaker.  The US administration has faith that China will be able to control groups like Deep Panda and uphold their end of the agreement for now.
                This controversy displayed in this article relates to the issues of cyberwarfare discussed in the course. Agreement breaching aside, the article defines what the Chinese hackers are doing as an attack.  According to the US Army definition of cyber-attack, it must be “a premeditated use of disruptive activities, or the threat, against computers and/or networks with the intention to cause harm…”  In contrast, cyber exploitation and espionage is defined as using cyber tools in order to extract confidential information from the adversary’s computer.  The main difference between attack and espionage is whether or not the intent was to harm or father information.  According to the article, the Chinese objective was to glean intellectual property and steal information from private companies.  Additional information that groups attempted to glean was regarding national security targets.  By definition, this is espionage because the Chinese were trying to gather information.  As a side note, the companies being targeted were private US companies that are part of specific areas of industry.  They were not hacking military computers or other typical essentials of fighting a war.  Therefore, to label the Chinese hacking as an “attack” is slightly inaccurate.  Due to the breaching of the agreement, and the objective to steal intellectual property that rightfully belongs to US private companies, it is surely illegal and in no way self-defense or anything like that.  However, the hackings should be more accurately described as espionage rather than an attack according to the themes discussed in the course.  However, despite the slightly inaccurate label, the US reaction and threats of economic sanctions imply that the Obama administration is not willing to counter the situation the way one would if it was a conventional or “more obvious” cyber-attack.  For example, the threat of economic sanctions should the Chinese not comply with the agreement are not force because the conditions of the sanctions are not to cause harm.  Rather, they would be used, as sanctions often are, to get China “in line” with the terms of the signed agreement that they just breached.  Sanctions are open and direct, despite cyber-attacks not being as pin-pointed.  These sanctions are the threat of choice because of the nature of the victims in these hackings.  In other words, the Obama administration is choosing sanctions over other means in part because the victims in the article have been specified as private companies.
                If the attack is from a company controlled by the state, and acting for the state, then the state is liable to be attacked.  The perpetrators in the article are said to have connections to the Chinese government.  This is why the entire state of China is being held responsible.  If it was simply a private company located in but not working for the state doing the attack, then the victim country, in this case the US, would make a demand for it to stop and demand that the host country take care of the situation, because the attacking company is located in that country.  In this case, if China does not handle the hacking situation, the US is legally able to act and take care of it themselves, hence the threat of sanctions.  Because it would be on record that the US made demands to China for it to be handled without US involvement, the US would then have more legal grounds for means that it takes to handle the situation itself if that arises. 
                Overall, I think that the US is handling the situation appropriately, as far as legality goes.  To attack or sanction China right away, without giving China a chance to fix the situation and reprimand the people responsible, would set an unfair precedent in China-US relations.  Also, because of the government connections that the hacking groups have, I think it is adequate that the US is demanding that China as a state handle the situation before the US decides to take matters into its own hands.  It will be interesting to see how this situation develops now that an official agreement has been signed and China is now expected to halt all future attacks.  It will be interesting to see how this situation affects future Chinese-American foreign relations.

No comments: