No watershed: China hacker groups in decline before Xi-Obama deal

Respected spook group finds early Washington, Beijing pivoting left China hackers clean and focused

6 Reg comments Got Tips?

The US-China pledge to put an end to state-backed intellectual property theft was made when Middle Kingdom hacking groups had been receding for more than a year, researchers say.

Presidents Barack Obama and Xi Jinping agreed September to not "conduct or knowingly support cyber-enabled theft of intellectual property" in a move praised widely on both sides of the Pacific.

That Chinese paid and patriot hacking groups were already in decline led iSight security intelligence wonks to rob the agreement of its watershed title of "cybercrime killer".

"Rather than viewing the Xi-Obama agreement as a watershed moment, we conclude that the agreement was one point among dramatic changes that had been taking place for years," iSight researchers say.

"We attribute the changes we have observed among China-based groups to factors including President Xi’s military and political initiatives, the widespread exposure of Chinese cyber operations, and mounting pressure from the US Government."

Criminal groups in the Middle Kingdom have fallen off since mid-2014, more than a year before the Xi-Obama handshake.

This is marked by a decline in attacks by China-based groups against more than two dozen countries.

iSIGHT in its report RedLine Drawn [PDF] examined the activities of 72 pro-Chinese hacking groups which notched 262 network compromises since early 2013.

Active network compromises conducted by 72 suspected china-based groups by month

Active network compromises conducted by 72 suspected china-based groups by month. Image: iSight

Among the activities credited for the crime decline is President Xi's 2012 crackdown on members of the People's Liberation Army who conducted unofficial hacking operations for financial gain.

President Xi's bolstering of the PLA hacking wings and establishment of formal information security associations is also tipped for the more disciplined Chinese espionage environment.

Increasing tensions in the South China Sea are also requiring more targeted and organised Chinese cyberwarefare units.

Since 2014 the US Government has taken punitive action against Chinese hackers including indicting members of the PLA and threatening sanctions.

The research team says the current threat from Chinese hacking outfits is less voluminous but "more focused and calculated", unsurprisingly finding success in hosing corporate networks.

China's black hat scene is unsurprisingly diverse: PLA hackers knock about with contractors, patriots, and regular criminals, all of who may work in shared-value concert during political disputes.

This, iSight says, complicates attribution and broad stroke descriptions of hacking group motivations. ®


Biting the hand that feeds IT © 1998–2020