Hack findings highlight China, U.S. in game of spy vs. spy

A large-scale cyberespionage operation recently linked to China's military is unlikely to change the longstanding game of spy vs. spy with the U.S., experts say.

Security company Mandiant said in a report released Tuesday that a group of cyberspies it had watched for sometime was similar in mission, capabilities and resources to a secretive group called PLA Unit 61398, which is run by China's People's Liberation Army. The evidence collected by Mandiant indicates the two groups are the same.

The discovery does not mark an escalation in Chinese cyberspying, which has been on the rise for sometime. Nor does it bring the U.S. and China any closer to cyberwar, as some have reported, experts say. That's because Chinese activities remain focused on stealing government secrets and intellectual property from private industry, including information technology, defense and aerospace, energy, transportation, communications and chemical.

[Related news analysis: Chinese Army link to hack no reason for cyberwar]

The Mandiant report also showed that the group it watched, called APT1, was increasingly focused on stealing information from companies involved in U.S. critical infrastructure, such as electrical power grids, gas lines and waterworks, The New York Times reported.

While certainly a major concern, activities involving the gathering of information remain spying and are not militarily a cyberattack, which depending on the damage could lead to cyberwar. An example of a true cyberattack would be the Stuxnet malware, reportedly designed by the U.S. and Israel. The malware destroyed centrifuges in Iran's nuclear facilities.

"It's cyberwar when you break something and it hurts bad enough that you think it's war," said Stewart Baker, a partner at Steptoe & Johnson and a former assistant secretary for policy at the Department of Homeland Security.

With cyberespionage, there is no diplomatic solution. That's because both sides spy on each other and neither would admit it. Key to any successful spy operation is to deny involvement, in the absence of direct evidence to prove otherwise.

"I'm not aware of anybody who thinks that we can, or maybe not even should, try to reach an agreement on espionage with China or anybody else," Baker said.

While there is no diplomatic solution, the U.S. can take other steps against China to create a tacit agreement on the limits of cyberspying, experts say. For example, the U.S. could use its own spy networks to feed information to Chinese dissidents to bring more political grief to the Chinese government.

"What we really have to do is punish them for theft," said Paul Rosenzweig, a former deputy assistant secretary for policy at DHS and the founder of Red Branch Law & Consulting.

The area where punishment would be most effective is in the theft of intellectual property from private industry. U.S. laws prevent the government from hacking private companies in China, but law enforcement could use those laws to prosecute Chinese companies that use stolen IP.

Those companies can be barred from doing business in the U.S., and cyberthieves can be prosecuted, if they are arrested in a country outside of China and if the U.S. can extradite them, experts say.

Because of the close economic ties between China and the U.S., both countries have options for pressuring each other, while not crossing a line that would threaten their respective economies. In the case of the U.S, it could enact sanctions against China, leveraging the fact that the U.S. market is the largest buyer of Chinese goods.

For now, there is no international organization for either the U.S. or China to turn to.

"Corporate espionage almost certainly constitutes an unfair trade practice, but national governments, including the U.S., have hesitated bringing actions against the most egregious violators to the World Trade Organization for economic and political reasons," said Jacob Olcott, principal consultant for cybersecurity at Good Harbor Consulting.

In time, relations between China and the U.S. over cyberespionage could resemble those between the U.S. and the Soviet Union during the Cold War.

"I suspect that like the Cold War, at some point the U.S. and China will come to some sort of tacit agreement on what is acceptable and what isn't," Murray Jennex, a cybersecurity expert and associate professor at San Diego State University, said in an email.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationsData Protection | MalwareChinalegalsoftwareMandiantdata protectioncybercrimeChinese hackers

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts