As US and Chinese negotiators prepare to begin their seventh round of trade talks this week, more reports are being leaked to the media about China’s efforts to steal trade secrets from US companies via “Operation Cloudhopper”, the Ministry of State Security-backed infiltration campaign that used service providers in the US and Europe to infiltrate the systems of their clients.
According to a report in the New York Times that detailed how China and Iran have ramped up their hacking efforts since 2015, when the now-abandoned Iran deal was initially struck, and China promised the Obama administration that it would pull back on its cyberespionage efforts. After an 18-month lull, China’s 10-year-long commercially motivated campaign was revitalized in the midst of growing trade tensions between the US and China (tensions that predated Trump’s trade war).
Among the latest targets of China’s hacks, according to the NYT’s military and private sources, were GE Aviation, Boeing and T-Mobile.
A summary of an intelligence briefing read to The New York Times said that Boeing, General Electric Aviation and T-Mobile were among the recent targets of Chinese industrial-espionage efforts. The companies all declined to discuss the threats, and it is not clear if any of the hacks were successful.
Offering some background on China’s hacking strategy in recent years, sources described how China has managed to carry out more sophisticated attacks that have been increasingly difficult to detect.
But the 2015 agreement appears to have been unofficially canceled amid the continuing trade tension between the United States and China, the intelligence officials and private security researchers said. Chinese hacks have returned to earlier levels, although they are now stealthier and more sophisticated.
“Cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war,” said Joel Brenner, a former leader of United States counterintelligence under the director of national intelligence.
Federal agencies and private companies are back to where they were five years ago: battling increasingly sophisticated, government-affiliated hackers from China and Iran – in addition to fighting constant efforts out of Russia – who hope to steal trade and military secrets and sow mayhem. And it appears the hackers substantially improved their skills during the lull.
Mr. Segal and other Chinese security experts said attacks that once would have been conducted by hackers in China’s People’s Liberation Army are now being run by China’s Ministry of State Security.
These hackers are better at covering their tracks. Rather than going at targets directly, they have used a side door of sorts by breaking into the networks of the targets’ suppliers. They have also avoided using malware commonly attributed to China, relying instead on encrypting traffic, erasing server logs and other obfuscation tactics.
“The fingerprint of Chinese operations today is much different,” said Priscilla Moriuchi, who once ran the National Security Agency’s East Asia and Pacific cyber threats division. Her duties there included determining whether Beijing was abiding by the 2015 agreement’s terms. “These groups care about attribution. They don’t want to get caught.”
One of Beijing’s primary motivations in carrying out these attacks has been to bolster its latest five-year economic plan to make China a leader in AI and other cutting edge technology.
But Chinese hackers have resumed carrying out commercially motivated attacks, security researchers and data-protection lawyers said. A priority for the hackers, researchers said, is supporting Beijing’s five-year economic plan, which is meant to make China a leader in artificial intelligence and other cutting-edge technologies.
“Some of the recent intelligence collection has been for military purposes or preparing for some future cyber conflict, but a lot of the recent theft is driven by the demands of the five-year plan and other technology strategies,” said Adam Segal, the director of the cyberspace program at the Council on Foreign Relations. “They always intended on coming back.”
This is only the latest in a string of leaks about China’s espionage efforts since 2015. But the constant stream of evidence being leaked to the press, all of which seems to corroborate Robert Lighthizer’s claims that China’s cyberespionage efforts have continued unabated since the trade war began, are happening at an interesting time. Which would seem to raise serious questions about the US’s ability to strike a sweeping trade compromise without President Trump looking like he has caved to the Chinese.