China doesn’t plan to cease conducting commercial espionage that benefits the central government, even as the U.S. is rolling out new, proactive cyber strategies to counter threats from Beijing, a new report by an Australian think tank says.
Furthermore, China’s hacking capabilities have gotten more sophisticated, with the intention of making the hacking harder to detect, according to a new report by the Australian Strategic Policy Institute.
The report analyzed Chinese espionage in three countries—the United States, Australia, and Germany—and found that the Chinese regime often breached cyber agreements it had signed.
With the United States, for example, former President Barack Obama and Chinese leader Xi Jinping signed an agreement in September 2015 promising that both parties won’t “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.”
Washington sought to have China acknowledge the difference between legitimate espionage for political and military purposes, versus illegitimate IP theft for the purpose of economic gains.
Initially, Chinese hacking activity post-agreement seemed to decrease in absolute numbers. But the report said: “A decline in the number of attacks doesn’t necessarily mean a decrease in their impact on US economic interests, as Chinese operators have significantly improved their tradecraft.”
Instead, attacks became more targeted and calculated after the Chinese military was reorganized, and industrial espionage attacks were transferred to another organ of the Chinese regime, the Ministry of State Security (MSS), according to the report. The MSS is an intelligence agency.
Beginning in 2017, hackers re-emerged, targeting “high-technology and advanced manufacturing companies.”
One unidentified security researcher cited in the report said: “Beijing never intended to stop commercial espionage. They just intended to stop getting caught.”
James Mulvenon, a U.S. security researcher, concluded that Beijing never truly accepted the distinctions between legitimate and illegitimate hacking.
Australia and China also signed an agreement in April 2017. While Australian intelligence reports indicate that economic espionage is occurring, government and businesses have been reluctant to provide details on what’s been stolen and who carried out the theft.
“While not publicly named, China is regarded as Australia’s primary cyber adversary, including in the area of IP theft. The fact that it remains unnamed in public statements from the government is perhaps the start of the explanation of why Australia’s policy response so far has been ineffective,” the report said, noting that China is making more of an effort to disguise and focus its cyber spying for commercial purposes.
The report recommends that Australia identify opportunities to publicly identify its adversaries.
Meanwhile, in Germany, there is no formal bilateral agreement with China on cyber commercial espionage.
China has been identified in a government report as a main cyber adversary. A July 2017 report by Bitkom, Germany’s digital industry association, found that German companies lose roughly $64 billion annually from cyber espionage.
The recent Australia report identified a trend of fewer China cyber attacks, coinciding with an uptick in Chinese foreign direct investment in Germany’s high-tech and advanced manufacturing industries.
As Hans-Georg Maassen, head of BfV, Germany’s domestic intelligence agency, said at an April cyber conference: “Industrial espionage is no longer necessary if one can simply take advantage of liberal economic regulations to buy companies and then disembowel or cannibalize them to gain access to their know-how.”
The Australia report concluded that, ultimately, Western nations need to take more aggressive action: “Unless the targeted states ramp up pressure and potential costs, China is likely to continue its current approach.”
The U.S. White House and Department of Defense recently unveiled new cyber strategies that will take a more proactive approach to countering Chinese cyber attacks, for commercial purposes or otherwise.