from Net Politics and Digital and Cyberspace Policy Program

Chinese Arrest of Hackers a Good Sign, But Not the End of the Story

China Xi Cyber Net Politics CFR Cybersecurity

October 13, 2015

China Xi Cyber Net Politics CFR Cybersecurity
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

More on:

Cybersecurity

China

Diplomacy and International Institutions

Politics and Government

Heads of State and Government

On Friday, the Washington Post ran a story on arrests the Chinese government made at the behest of the United States in the weeks leading up to the Xi-Obama summit. Even if only a token arrest, it indicates that China was at least willing to do more than just have their president stand at a podium and get scolded by President Obama.

That’s the good news.

The bad news is that in the days, weeks, and months ahead, reports will undoubtedly begin to surface that Chinese espionage against U.S. companies has continued unabated. What will follow is months of back and forth, point-counterpoint between those who support the agreement and those who don’t. More details on the arrests will emerge; more reports will come out documenting the last case of intellectual property theft.

For many of us who have been working on changing China’s behavior in cyberspace for years, we aren’t expecting a massive change overnight. We’re looking for signs that an adversary that has often been implacable and brazen is starting to change its behavior.

It’s a game of move and countermove, played out over many years.

Before I joined government in 2010, I went on a trip to China under the pretense of track two diplomacy--think tanks trying to hammer out non-binding agreements on issues that their respective governments could not resolve.

The negotiations went nowhere. At the final banquet dinner, following the speeches and toasts, our hosts gave each of us a gift: thumb drives. Red ones. Emblazoned with gold Chinese dragons. The packages had already been opened and crudely resealed. One of our delegates broke with decorum and shouted loudly, “Oh, come on. Really?” We all headed to the bar.

The incident is a prime example of the “talk and take” strategy--quite literally, spend a few days exchanging meaningless words then hope some policymaker in waiting is dumb enough to use the thumb drive and scrape up information.

When I got back to the United States, I gave mine to a forensics lab. They couldn’t find any malware on it but the device had been reimaged, the file format changed, and the USB connection showed the telltale scratches of having been inserted into a computer before. They smashed it with a hammer.

Quiet diplomacy clearly didn’t have much of an effect. Here’s what did:

  • The Mandiant report detailing the activities of the People’s Liberation Army’s (PLA) most famed hacking unit. Released in 2013, it resulted in a quiet period for the group.
  • A year later, the U.S. government indicted five members of the unit, putting faces and names to the actors.
  • In the spring of 2015, the Obama administration follows with an executive order that threatens sanctions.
  • Six months later, China agrees publicly to law enforcement cooperation and an end to state-sponsored targeting of private companies. In the deal, the United States gives up nothing.
  • Now, it looks like when President Obama said, “the question now is, are words followed by actions,” he at least already had a partial answer.

Talk about using “all instruments of national power.” Yet many critics of the current deal won’t recognize success as anything short of the five PLA hackers standing trial in the United States. If you end up in the next administration, good luck with that. It’s about as likely as a member of the U.S. intelligence community being sent off to The Hague to stand trial for hacking Angela Merkel’s phone. I wouldn’t support that. And I wouldn’t expect the Chinese government to take a different position here. I highly doubt that any of the PLA five will ever see the inside of a Chinese jail cell, much less an American courtroom.

In the end, although it would be great to see Ugly Gorilla take FBI Director Comey up on his invitation to “come over and enjoy the remarkable protections of our criminal justice system,” few people who worked on the indictments ever thought that would happen. The goal was to demonstrate U.S. attribution capabilities down to a name and a face, and to put China on notice that it was being labeled as a kleptocracy. The goal was to change Chinese behavior, not obtain justice.

At this stage, I’ll bet that Xi will call off the government hacking teams but turn a blind eye on criminal groups doing the same work. It will take another round of move and countermove to get an actual reduction in the targeting of private companies for private gains. But to anyone sitting at the bar that night in Beijing with a drink in one hand and a red dragon-emblazed thumb drive in the other, the deal and the arrests look like progress.

More on:

Cybersecurity

China

Diplomacy and International Institutions

Politics and Government

Heads of State and Government

Close