Analysis: Significance of China's Arrest of Hackers
Report: At U.S. Request, Chinese Nab Those Stealing Trade SecretsHackers who pilfered trade secrets from American companies have been arrested by the Chinese government at the request of the Obama administration, the Washington Post reports.
See Also: Forrester Top 35 Global Breaches Report: Balance Defense with Defensibility
The arrests occurred a week or two before President Xi Jinping visited the White House last month (see U.S.-China Cybersecurity Agreement: What's Next?), the newspaper reported Oct. 9. The action was seen as a step to soothe strains between the two nations after the Obama administration threatened economic sanctions for Chinese thefts of U.S. corporate intellectual property.
"Assuming that the Washington Post report is accurate, these arrests mark the first time China has taken real action to address a U.S. concern related to commercial spying," Richard Bejtlich, chief security strategist for the threat intelligence and IT security company FireEye, writes in a soon-to-be published paper for the Brooking Institute, where he's a nonresident senior fellow.
The arrests, along with China's cybersecurity deal with the United States, are not about China "buckling in the face of U.S. pressure and threats of sanctions," says David Fidler, adjunct senior fellow for cybersecurity at the Council on Foreign Relations think tank. "The arrests suggest that President Xi has determined that it is in China's self-interest to act against hacking taking place within China. Chinese leadership might be undertaking a policy shift in its approach to Chinese-based hacking because this problem negatively affects China's influence and reputation on cyber issues."
Offering an Olive Branch
Surviving Cyberwar author Richard Stiennon characterizes the arrests as "the first concrete demonstration that the still unpublished agreement that Xi and Obama made is real. At the very least, this move on the part of China is an olive branch that helps President Obama save face."
The news report did not say whether those arrested worked for the Chinese government or the People's Liberation Army or were private citizens or contractors. "It would be most significant - almost breathtaking - if the arrested individuals were arrested for activity they undertook under China's command and control," says Martin Libicki, a national and cybersecurity expert at the think tank The Rand Corp. "It would be next most significant if the arrested individuals were on the government payroll but were moonlighting. It would still be significant if the arrested individuals were freelancing."
If those arrested were government employees or PLA members, the Chinese government would likely claim they were rogue actors, Bejtlich says in a tweet: "Fits w/anti-corruption campaign, but bad for PLA morale."
In May 2014, a federal grand jury indicted five officers of PLA Unit 61398 for breaches of American manufacturers between 2006 and 2014, alleging that trade secrets were stolen (see The Real Aim of U.S. Indictment of Chinese ).
Next milestone would be extradition of CN hackers to US. I doubt that will happen. Dangerous precedent. Wouldn't want our guys sent to CN.
� Richard Bejtlich (@taosecurity) October 9, 2015
It's highly unlikely that China would extradite those arrested to the United States for trial.
Fidler says he doubts the U.S. requested extradition, noting that the U.S. and China do not have a bilateral extradition treaty. "The United States will watch what happens with those arrested very closely, and, given what appear to be the political calculations of China's leadership, the Chinese will release enough information about any trials and convictions to keep the Americans from calling the process an empty gesture," he says.
Revealing Sensitive Information
China, in prosecuting the hackers, could ask the United States to turn over evidence, which could result in the U.S. sharing sensitive information about how it identified the suspects. Would the U.S. do this?
"It might, and the U.S. might choose to burn some intel just to test Chinese intentions, especially if it was preparing sanctions," says Adam Segal, Council on Foreign Relations senior fellow for China studies and director of its digital and cybersecurity policy program.
Stiennon agrees that the U.S. would likely turn over information regarding the hacks. "In this case they would have to reveal IP addresses, linkages, fingerprints on malware, things they rarely share even within their own community," he says. "If the U.S. is careful, they do not have to reveal the tools and techniques used."
The White House, in response to a query, did not respond directly to the report of the hackers' arrests. "As the president has said, we have repeatedly raised our concerns regarding cybersecurity with the Chinese, and we will continue to use all of our engagements to address our concerns directly with the Chinese," a senior administration official said in a statement. The Chinese agreed "to provide timely responses to requests for assistance from the United States regarding malicious cyber activity emanating from China; that neither government will conduct or knowingly support cyber-enabled economic espionage for commercial gain. ... As we move forward, we will be watching to ensure China's words are matched by actions."