Saturday, December 26, 2015
Cybersecurity Firm Says Chinese Hackers Keep Attacking U.S. Companies
HONG KONG — It was heralded as the first concrete step taken by the United States and China on the thorny issue of online espionage.
With President Xi Jinping of China beside him at a news conference in the White House Rose Garden last month,President Obama said the two had come to an agreement that China and the United States would refrain from attacks aimed at pilfering company intellectual property or trade secrets for commercial advantage.
Less than a day after that announcement and after Mr. Xi had met in Seattle with the executives of leading American technology companies, a hacking group accused of having links to the Chinese government attacked one such company, looking for trade secrets.
In a blog post on Monday, the security services provider CrowdStrike, based in Irvine, Calif., said that it had tracked a number of attacks on American tech and pharmaceutical companies leading up to and after Mr. Xi’s visit to the United States last month. (Mr. Xi has been logging airtime, making his first state visit to Britain this week.)
“We detected and stopped the actors, so no exfiltration of customer data actually took place,” according to the post, written by the CrowdStrike co-founder and chief technology officer, Dmitri Alperovitch.
But more problematic, he wrote in the post, was that the attacks had continued in the three weeks since Washington and Beijing signed the security agreement.
The news of further hacking attempts is likely to put new pressure on the countries’ agreement to limit attacks on private companies. A number of analysts had already expressed skepticism that the accord would lead to concrete changes in a Chinese policy they say has sought for years to plunder secrets from companies in the United States.
In announcing the agreement, Mr. Obama said the United States would be “watching carefully” to see if the accord led to progress, and he did not rule out economic sanctions against Chinese companies if the attacks continued.
Of those attacked, “seven of the companies are firms in the technology or pharmaceuticals sectors, where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets,” Mr. Alperovitch wrote in the blog post.
“The intrusion attempts are continuing to this day, with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures,” he added.
According to the CrowdStrike blog post, several of the recent attacks were the responsibility of a group it calls Deep Panda, which the company said it had tracked for many years. Deep Panda often goes after strategic national security targets, but it has also hacked companies in an array of industries, including in agriculture, finance, chemicals and technology.
Mr. Alperovitch did not write that the continued hackings were evidence that the deal had failed, though he called for the Obama administration to explain what it expected the agreement to accomplish.
“The fact that there is some time delay between agreement and execution is not entirely unexpected,” Mr. Alperovitch wrote. “But we need to know the parameters for success, and whether the parties to the agreement discussed a time frame for implementation, or, instead, expected it to be immediate.”
In one of the first major markers of Chinese action against the attacks, the country arrested a number of hackers who were said to have stolen secrets of United States companies before Mr. Xi’s American visit, according to The Washington Post.
Even so, further attacks were likely to be viewed as a setback. Though China is home to a hard-to-control and diffuse network of state-affiliated hackers, it would probably be fairly simple for Beijing to control a central group like Deep Panda.