In a rare bit of good cyber security news, Chinese hacking thefts of American corporate secrets have plummeted in the 13 months since China signed an agreement with the Obama administration to curb economic espionage, U.S. officials and outside experts say.
Analysts say the success may hold lessons for how the U.S. should deal with Russia, which at the same time has stepped up a different sort of hacking campaign that officials says is aimed at undermining confidence in the American election.
The change in China’s behavior “has been the biggest success we’ve had in this arena in 30 years,” said Dmitri Alperovitch, co-founder of Crowdstrike, a cyber security firm that tracks computer network intrusions.
“And it wasn’t anything we did in cyber space — it was the threat of sanctions and the impact on their economy.”
Alperovitch said his firm has observed a 90 percent drop in commercial hacking against U.S. firms attributable to Chinese government actors. U.S, intelligence agencies also have reported a sharp falloff, according to officials briefed on the matter.
To be sure, Alperovitch and others say, Chinese intelligence agencies are still hacking to steal national U.S. security secrets, including attacking defense firms. But those attacks are considered commonplace, because they are exactly what the National Security Agency does to China and other U.S. adversaries.
At issue in the agreement President Obama signed with President Xi Jinping in September 2015 was hacking to steal corporate intellectual property to benefit Chinese firms. The U.S. says it doesn’t do that, but China did it with impunity for years, in what a former NSA director called the biggest transfer of wealth in modern history.
After years of pressure, Obama elevated the issue and threatened sanctions on China. The U.S. also indicted five members of the People’s Liberation Army in 2014, accusing them of commercial hacking.
In the agreement, China essentially promised to stop doing it.
The dropoff actually began a year before the agreement was signed, according to a study released in June by the iSight intelligence unit of FireEye, a cyber security company.
“Since mid-2014, we have observed an overall decrease in successful network compromises by China-based groups against organizations in the U.S. and 25 other countries,” the report said. “These shifts have coincided with ongoing political and military reforms in China, widespread exposure of Chinese cyber activity, and unprecedented action by the U.S. government.”
In addition, a cyber hotline to facilitate speedy communication between China and the U.S. over hacking incidents is in the testing phase, U.S. officials told NBC News.
Instead of targeting U.S. firms, Alperovitch said, China has turned its hackers inward, probing Chinese companies as part of an anti-corruption campaign — and also against Russia.
“We’re seeing a massive increase in domestic intrusions (by the Chinese government) against companies in China where they are using this for an anti-corruption campaign,” he said. “And we’re actually seeing a massive increase in attacks on Russia. They’ve stolen everything that Russia has in the defense space.”
Last week, the Obama administration formally accused Russia of a campaign of hacking designed to interfere in the U.S. election campaign, including an effort to steal and leak embarrassing emails by Democrats. So far, the U.S. has taken no observable action in response.
White House Press Secretary Josh Earnest said Tuesday that the U.S. is mulling a “proportional” response to Russia, but he declined to be more specific.
“The president has talked before about the significant capabilities that the U.S. government has to both defend our systems in the United States but also carry out offensive operations in other countries,” he said on Air Force One en route to a Hillary Clinton campaign event in North Carolina. “So there are a range of responses that are available to the president and he will consider a response that is proportional.”