Chinese hacking sharply declining: report

Chinese hacking of U.S. government and corporate networks has sharply declined since 2014, according to a new report from a prominent cybersecurity firm.

FireEye observed only a handful of network intrusions attributed to Chinese groups in April of this year, down from more than 60 in February of 2013.

{mosads}The shift is likely the result of a confluence of factors, including actions taken by the U.S. government — but it is not solely the result of a September anti-hacking pledge struck by President Obama and Chinese President Xi Jinping, FireEye said.

When China’s expansive hacking operations began to come into the public eye, according to the report, the U.S. was able to muster the political support to confront China directly on its cyber espionage tactics — indicting five Chinese military officers in 2014 and striking the anti-hacking pledge.

Lawmakers and others have repeatedly pressed the Obama administration on whether the September deal — which prohibits hacking commercial firms for economic gain — has lead to a drop in intrusions.  

“Although many in the U.S. initially doubted that these actions would have any effect, they may have prompted Beijing to reconsider the execution of its network operations,” the report said.

But the decline in hacking attempts started prior to the September deal, and FireEye stops short of suggesting that the anti-hacking pledge are solely responsible for the decrease.

“The problem with the question, ‘is it working?’ is that it’s a yes-or-no answer, and there’s really no yes-or-no answer. You’ve got a really complex system behind China’s cyber activity,” Jordan Berry, FireEye’s principal threat intelligence analyst, told The Hill. “It’s more a confluence of events that caused this decline.”

Military reforms within the Chinese government also played a role, Berry said. Since taking power in late 2012, Xi has implemented a series of significant military reforms aimed at centralizing China’s cyber elements that may also be a factor.

FireEye also noted that there is a lag time in its research, meaning that it’s possible the trend has reversed since April — although Berry said that’s not what he expects to see.

Chinese hackers are still targeting some private-sector U.S. firms, he said — but that data could be considered “dual use,” meaning that it has military applications, not just commercial ones. This suggests that the intrusions could be traditional intelligence-gathering, which is not prohibited by the September agreement.

The country’s cyber operations have remained in the spotlight thanks to the massive breach of the Office of Personnel Management (OPM), discovered last summer and widely believed to be the work of Beijing-backed hackers.

The hack, thought to be a traditional intelligence-gathering mission, exposed the personal information of more than 20 million U.S. employees, contractors and others.