Inherency

Attacks Decreasing Now

US- Sino Relations already check cyber attacks

Katie Bo Williams, 6-21-16 http://thehill.com/policy/cybersecurity/284235-security-firm-sees-sharp-decline-in-chinese-hacking Chinese hacking sharply declining: report National Security Reporter for The Hill, The Hill

Chinese hacking of U.S. government and corporate networks has sharply declined since 2014, according to a new report from a prominent cybersecurity firm. FireEye observed only a handful of network intrusions attributed to Chinese groups in April of this year, down from more than 60 in February of 2013. The shift is likely the result of a confluence of factors, including actions taken by the U.S. government — but it is not solely the result of a September anti-hacking pledge struck by President Obama and Chinese President Xi Jinping, FireEye said. When China’s expansive hacking operations began to come into the public eye, according to the report, the U.S. was able to muster the political support to confront China directly on its cyber espionage tactics — indicting five Chinese military officers in 2014 and striking the anti-hacking pledge. Lawmakers and others have repeatedly pressed the Obama administration on whether the September deal — which prohibits hacking commercial firms for economic gain — has lead to a drop in intrusions. “Although many in the U.S. initially doubted that these actions would have any effect, they may have prompted Beijing to reconsider the execution of its network operations,” the report said. But the decline in hacking attempts started prior to the September deal, and FireEye stops short of suggesting that the anti-hacking pledge are solely responsible for the decrease. “The problem with the question, ‘is it working?’ is that it’s a yes-or-no answer, and there’s really no yes-or-no answer. You’ve got a really complex system behind China’s cyber activity,” Jordan Berry, FireEye’s principal threat intelligence analyst, told The Hill. “It’s more a confluence of events that caused this decline.” Military reforms within the Chinese government also played a role, Berry said. Since taking power in late 2012, Xi has implemented a series of significant military reforms aimed at centralizing China’s cyber elements that may also be a factor. FireEye also noted that there is a lag time in its research, meaning that it’s possible the trend has reversed since April — although Berry said that’s not what he expects to see. Chinese hackers are still targeting some private-sector U.S. firms, he said — but that data could be considered “dual use,” meaning that it has military applications, not just commercial ones. This suggests that the intrusions could be traditional intelligence-gathering, which is not prohibited by the September agreement. The country’s cyber operations have remained in the spotlight thanks to the massive breach of the Office of Personnel Management (OPM), discovered last summer and widely believed to be the work of Beijing-backed hackers. The hack, thought to be a traditional intelligence-gathering mission, exposed the personal information of more than 20 million U.S. employees, contractors and others.

Sharp decrease in Chinese cyber attacks after Obama and Jinping agreement

Sanger, chief Washington correspondent of The New York Times, 2016 (David, “Chinese Curb Cyber Attacks on U.S. Interests, Report Finds,” New York Times, June 20, Online: http://www.nytimes.com/2016/06/21/us/politics/china-us-cyber-spying.html?_r=0, accessed July 16, RS)

WASHINGTON — Nine months after President Obama and President Xi Jinping of China agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets. But the study, conducted by the iSight intelligence unit of FireEye, a company that manages large network breaches, also concluded that the drop-off began a year before Mr. Obama and Mr. Xi announced their accord in the White House Rose Garden. In a conclusion that is largely echoed by American intelligence officials, the study said the change is part of Mr. Xi’s broad effort to bring the Chinese military, which is considered one of the main sponsors of the attacks, further under his control. As a result, the same political forces that may be alleviating the theft of data from American companies are also responsible for Mr. Xi’s stunningly swift crackdown on the Chinese media, bloggers and others who could challenge the Communist Party. “It’s a mixed bag,” said Kevin Mandia, the founder of Mandiant, now part of FireEye, which first detailed the activities of a People’s Liberation Army cyber-arm, called Unit 61398, that had been responsible for some of the most highly publicized thefts of American technology. “We still see semiconductor companies and aerospace firms attacked.” But the daily barrage of attacks has diminished, which Mr. Mandia attributed to “public pressure” from, among others, the Justice Department’s decision to indict five members of the P.L.A. unit about a year after its activities were exposed. Today, Unit 61398 appears to be largely out of business, its hackers dispersed to other military, private and intelligence units. Many China scholars and legal experts remain skeptical that the Chinese are deterred by American indictments, since the P.L.A. officers are unlikely to see the inside of an American courtroom. But John P. Carlin, the assistant attorney general for national security, said the report validated his strategy. “The lesson is that when you figure out who has done this kind of theft, don’t fear making it public,” he said. “This is a slow process, but we are beginning to make people realize that even in cyberspace, laws and norms are applicable.” Mr. Obama and Mr. Xi drew up their agreement narrowly. It covers intellectual property theft — Chinese cybercriminals have stolen everything from designs for the F-35 fighter jet to the design of gas distribution networks — but not ordinary espionage against government targets. So, for example, the administration has not publicly talked about penalizing China for the theft of personal data on roughly 22 million Americans, whose security-clearance information was taken from the Office of Personnel Management. In fact, the administration has never publicly blamed China for that theft, although the director of national intelligence, James R. Clapper Jr., did talk about China’s role once, before he was told by the administration not to refer to any specific country. As recently as last week, senior administration officials were in Beijing trying to flesh out the agreement between the two presidents. Participants say that among the points of discussion was how to set up a hotline through which the two countries can alert each other to malicious software they have detected in global networks, with the expectation that Chinese and American investigators would work to find its source. Establishing such norms of behavior is far more likely to be effective than attempting to negotiate a treaty, according to outside experts who have been trying to devise the cyberequivalent of arms-control agreements. “Treaties are not verifiable in the cyberarena,” said Joseph Nye, a Harvard professor known for his studies of how nations use “soft power,” who in recent years has turned to the problem of regulating activity in cyberspace. “The same code can be benign or a weapon depending on the user’s intent,” he said. For example, a six-digit code that unlocks a cellphone is a protection for the user — and a potential weapon for a hacker. “So instead of focusing on the weapons, you have to focus on targets,” Mr. Nye said. “You start by saying that you don’t target something that has a clearly civilian use, like a power grid.” Mr. Nye and Michael Chertoff, the secretary of Homeland Security during the Bush administration, who now runs a private firm that is deeply involved in cybersecurity, were among the lead authors of a report to be published on Tuesday by the Global Commission on Internet Governance that will describe those norms to the United Nations and other groups. Just how fundamentally the Chinese are changing is a matter of debate. There is some evidence, American intelligence officials say, that while the People’s Liberation Army is not stealing as much on behalf of Chinese state-owned firms, much of the hacking activity has been shifted to the intelligence agencies, which can make the case that they are stealing national security secrets, not commercial information. Often, the difference is blurry, especially when the target is, say, the design of a satellite or a ship. Even after Mr. Obama and Mr. Xi announced their agreement last fall, American officials have said they have discovered malware in power grids, cellphone networks and other purely civilian targets. But it is unclear whether that malicious software is intended to collect information about users, shut the system down or both. The FireEye study concluded that as early as 2014, around the time of the indictment of the P.L.A.’s officers and hackers, the Chinese government had already been modifying its approach to cyberoperations. The study of 72 Chinese hacking groups showed a sharp drop-off in the volume of attacks. But as recently as March, FireEye saw efforts to obtain information on American military projects by stealing access credentials to a contractor, and there has been continual theft of personal information from health care providers. The Chinese hacking groups have also focused on non-American targets, including Russia, South Korea and Vietnam, and have sometimes aimed at targets related to the disputes over Chinese claims in the South China Sea. The report concludes that Chinese attacks have decreased in volume, but increased in sophistication. The result is that Chinese hackers are now acting more like Russian hackers: They pick their targets more carefully, and cover their tracks. “We see a threat that is less voluminous but more focused, calculated, and still successful in compromising corporate networks,” the report said.

China seems to be decreasing the amount of economic cyberattacks on the USA

Menn and Finkle 13 (Joseph Menn is the technology projects reporter for Reuters in San Francisco and the author of "All the Rave: The Rise and Fall of Shawn Fanning’s Napster and Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet”. Jim works in the Reuters Boston bureau covering cyber security, hacking and technology privacy issues. He previously covered technology, media and biotechnology for Broadcasting & Cable, the Orange County Register and Bloomberg News out Tokyo, Taipei, San Francisco, Los Angeles and Santa Ana, California." Reuters. June 21, 2016. http://www.reuters.com/article/us-cyber-spying-china-idUSKCN0Z700D)

The Chinese government appears to be abiding by its September pledge to stop supporting the hacking of American trade secrets to help companies there compete, private U.S. security executives and government advisors said on Monday.

FireEye Inc, the U.S. network security company best known for fighting sophisticated Chinese hacking, said in a report released late Monday that breaches attributed to China-based groups had plunged by 90 percent in the past two years. The most dramatic drop came during last summer's run-up to the bilateral agreement, it added.

FireEye's Mandiant unit in 2013 famously blamed a specific unit of China's Peoples Liberation Army for a major campaign of economic espionage.

Kevin Mandia, the Mandiant founder who took over last week as FireEye chief executive, said in an interview that several factors seemed to be behind the shift. He cited embarrassment from Mandiant's 2013 report and the following year's indictment of five PLA officers from the same unit Mandiant uncovered.

Prosecutors said the victims included U.S. Steel, Alcoa Inc and Westinghouse Electric. Mandia also cited the threat just before the agreement that the United States could impose sanctions on Chinese officials and companies.

"They all contributed to a positive result," Mandia said.

A senior Obama administration official said the government was not yet ready to proclaim that China was fully complying with the agreement but said the new report would factor into its monitoring. "We are still doing an assessment," said the official, speaking on condition he not be named.

The official added that a just-concluded second round of talks with China on the finer points of the agreement had gone well. He noted that China had sent senior leaders even after the U.S. Secretary of Homeland Security pulled out because of the Orlando shootings.

China's Foreign Ministry, the only government department to regularly answer questions from foreign reporters on the hacking issue, said China aimed to maintain dialogue on preventing and combating cyber-spying.

"We've expressed our principled position on many occasions," ministry spokeswoman Hua Chunying told a daily news briefing on Tuesday. "We oppose and crack down on commercial cyber-espionage activities in all forms."

FireEye said that Chinese intrusions into some U.S. firms have continued, with at least two hacked in 2016. But while the hackers installed "back doors" to enable future spying, FireEye said it had seen no evidence that data was stolen.

Both hacked companies had government contracts, said FireEye analyst Laura Galante, noting that it was plausible that the intrusions were stepping stones toward gathering information on government or military people or projects, which remain fair game under the September accord.

FireEye and other security companies said that as the Chinese government-backed hackers dropped wholesale theft of U.S. intellectual property, they increased spying on political and military targets in other countries and regions, including Russia, the Middle East, Japan and South Korea.

Another security firm, CrowdStrike, has observed more Chinese state-supported hackers spying outside of the United States over the past year, company Vice President Adam Meyers said in an interview.

Targets include Russian and Ukrainian military targets, Indian political groups and the Mongolian mining industry, Meyers said.

FireEye and CrowdStrike said they were confident that the attacks are being carried out either directly by the Chinese government or on its behalf by hired contractors.

Since late last year there has been a flurry of new espionage activity against Russian government agencies and technology firms, as well as other targets in India, Japan and South Korea, said Kurt Baumgartner, a researcher with Russian security software maker Kaspersky Lab.

He said those groups use tools and infrastructure that depend on Chinese-language characters.

One of those groups, known as Mirage or APT 15, appears to have ended a spree of attacks on the U.S. energy sector and is now focusing on government and diplomatic targets in Russia and former Soviet republics, Baumgartner said.