Chinese Industrial Spies Cast a Wider Net

One of the emerging trends in today’s expanding cyber espionage landscape has been China’s emergence as the leading practitioner of economic cyber espionage.

What does the trajectory of Chinese economic espionage look like, and where do we still see barriers to the establishment of effective norms barring the practice before it becomes common among developing countries that will soon possess their own cyber capabilities?

Cyber economic espionage is the theft of intellectual property, trade secrets, and business intelligence to gain an advantage in negotiations. It is distinguishable from more traditional, and more accepted, forms of political espionage.

However, practical enforcement against economic espionage based on intent is hard, and such differentiation implies that economic well-being and national security may not be deeply linked.

Samantha Ravich, a Senior Advisor at the Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance, argues that, “This cyber-enabled economic espionage is part of Beijing’s overall campaign to weaken the U.S. economy and, by so doing, the country’s ability to both fund and field defense capabilities.” Such “cyber-enabled economic warfare” is essentially the use of cyber attacks against a country “with the intent to weaken its economy and thereby reduce its political and military power,” Ravich says.

China’s use of the practice first began to strain relations with the U.S. in the early 2000s. By 2011, the scope of Chinese theft forced the issue into the limelight. In 2014, marking the first instance of attaching criminal charges to state hackers, the U.S. Justice Department obtained indictments for five Chinese military officers for stealing trade secrets, such as technical data, and intelligence on trade negotiations.

The calls for action against Chinese economic espionage within the U.S. prompted denial from Beijing, but the tone changed after the U.S. threatened sanctions against China the following year. While this could have been prompted by alleged Chinese political espionage against the Office of Personnel Management, where hackers siphoned off 22 million files on past and present federal employees, the backdrop of longstanding economic espionage was still on the minds of U.S. officials. Public condemnation intensified after a series of NSA presentation slides were leaked to the press shortly after the OPM incident showing a U.S. map littered with red dots identifying over 600 corporate and government victims of Chinese cyber espionage during a five-year period beginning in 2009.

Chinese President Xi Jinping and former President Barack Obama agreed in 2015, in what is known as the Xi Agreement, to not “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” Despite some evidence of incidents continuing, it is clear the volume of such operations has dropped significantly, at least in the United States.

One of the more notable exceptions to the decline was an operation dubbed Cloud Hopper, which involved the Chinese threat group APT10 – thought to be connected to the Chinese government – infiltrating the IT supply chain that services a wide array of businesses around the globe, including in the United States. The details of intrusions into U.S. firms remains unknown, but the scope of the operation around the world suggests China still systematically targets private industry around the world.

The Xi Agreement was, for many, a milestone. But did not on its own stem the deluge of attacks on U.S. corporations. There were several factors that potentially could have led to Chinese concessions, including domestic politics such as Xi’s aggressive clampdown on corruption.

Following the 2015 agreement, other Western countries, such as the United Kingdom, Germany, and, more recently, Australia have forged similar agreements with China to lessen the impact of economic espionage.

John Hultquist, the Manager of Analysis at the cybersecurity firm FireEye, points out that there has not been significant evidence of economic espionage against countries in the West that have agreements with China. “In Asia, however, economic espionage continues unabated,” says Hultquist – adding that notable incidents also occur in Latin America and Scandinavia.

If China targets companies in the region purely for its own economic benefit – consequently undermining the economic health of those neighboring countries – it will create ripple effects that could harm the U.S. position in the region. This is why countries should not simply view agreements to curtail economic cyber espionage in terms of protecting their own industries, but rather as a geopolitical maneuver that should be adopted beyond the West. Just as the theft of intellectual property from U.S. companies undermines the U.S. economy and its ability to project power, so too does the undermining of allied economies.

To complicate the matter further, not all espionage against private industry is necessarily for economic gain. Last month Chinese hackers targeted South Korean companies involved in the deployment of a U.S. missile defense system in anticipation of continued North Korean ballistic missile tests. As Hultquist points out, “Many of their products have military applications, so even with an agreement to stop economic espionage, they could find themselves straddling that line between political and economic value.”

Levi Maxey is a cyber and technology analyst at The Cipher Brief. Follow him on Twitter @lemax13.