Chinese espionage activity is posing a challenge for the Trump administration as it seeks to crack down on China for allegedly unfair trade practices, including persistent cyber intrusions targeting U.S. businesses.
While China has largely stopped hacking into U.S. companies to steal intellectual property in accordance with a 2015 Obama-era pact, security experts say Beijing’s spies have continued to break into U.S. networks to advance China’s economic and national security ambitions—testing the limits of the deal.
{mosads}Chinese hackers continue to steal information from U.S. defense contractors, likely to gain a strategic edge over the U.S. military. There has also been a surge of new activity of Chinese hackers targeting Western think tanks, U.S. law firms and the U.S. maritime industry.
Meanwhile, the security community is warning that some of President Trump’s recent decisions regarding China, including moves to slap tariffs on Beijing and block Chinese acquisitions of U.S. firms, could trigger potential blowback in cyberspace.
“We’re warning some of our high tech customers that this ‘honeymoon’ period they’ve had for the last couple years could be over if the trade conflict between Beijing and Washington intensifies and Chinese companies are no longer able to acquire their U.S. counterparts,” said Christopher Porter, chief intelligence strategist at FireEye.
Chinese cyber activity has long posed a challenge for the U.S. government, which has sought to crack down on Chinese efforts to break into U.S. corporate networks for commercial gain. China is also widely suspected in the massive Office of Personnel Management (OPM) breach that exposed personal data on over 20 million federal workers, though Beijing’s government has denied any involvement.
In September 2015, then-President Obama and Chinese President Xi Jinping reached a watershed agreement to stop supporting cyber-enabled intellectual property theft against businesses in their respective borders.
Since the agreement, security experts have observed a significant decline in Chinese cyber-enabled intellectual property theft from U.S. companies, and the pact has been largely cheered as a diplomatic accomplishment. Indeed, the Trump administration reaffirmed the cyber pact with Beijing last October.
But last month, Trump accused China of continuing to conduct and support “unauthorized intrusions into, and theft from” U.S. company networks when announcing new tariffs on China — raising the specter that Beijing may have run afoul of the agreement. On Wednesday, Trump said intellectual property theft has cost the U.S. economy $300 billion annually.
Experts say that Chinese hackers, widely viewed as among the most sophisticated, have shifted their operations so as not to explicitly violate the agreement while still maintaining a presence in U.S. networks.
Porter said that FireEye, which monitors more than two-dozen groups linked to the Chinese government, has observed espionage activity continue against U.S. firms, including those producing sensitive military technology like satellite navigation systems and semiconductors.
“We do see these same Chinese groups aggressively going after the U.S. private sector,” said Porter. “They are collecting confidential business information, it’s just the intellectual property theft that has been stopped.”
In March, FireEye revealed that Chinese hackers have stepped up attacks on the U.S. maritime and engineering targets. While the espionage group has not been definitively linked to the Chinese government, the hackers appeared to be after information on South China Sea issues, which would be valuable to the Chinese navy.
Others say that Chinese espionage campaigns have picked up steam since Trump’s election. Notably, cyber firm CrowdStrike said in December that Chinese hackers had begun breaching networks of Western think tanks and non-governmental organizations in an effort to harvest data from foreign personnel involved in research on the Chinese economy, defense and other specific topics.
“In the end of 2016 and beginning of 2017, we saw an uptick in offensive operations against U.S. targets by China,” said Adam Meyers, vice president of intelligence at CrowdStrike.
Meyers also told The Hill that the firm has seen a large increase in activity targeting U.S. law firms since June 2017.
Chinese hackers are also suspected in a backdoor attack revealed last September on popular file cleaning software CCleaner, apparently orchestrated to gain access to major tech companies like Google and Microsoft.
The activity is likely to continue to pose a challenge for the new administration, which has sought to cooperate with China on global issues like ending North Korea’s nuclear program. The administration has been increasingly bullish in calling out nations for bad behavior in cyberspace, blaming Pyongyang and later Moscow for separate global malware attacks that ravaged companies worldwide last year.
Last month, Trump described China’s persistent activity as a threat to U.S. businesses, labeling it an unfair trade practice. The Trump administration has threatened to impose tariffs on $50 billion in imports from China.
“The continued use of cyber intrusions by the Chinese government targeting U.S. companies remains a serious problem,” states the 215-page Treasury Department report underpinning Trump’s March 22 decision to impose the trade penalties.
In a statement to The Hill, a spokesperson for the Chinese embassy in Washington denied knowledge of any recent cyber espionage activity.
“China firmly opposes and is committed to combating all forms of cyber crimes,” the spokesperson said. “China and the United States share broad common interests in cybersecurity. The two countries have already established a high-level dialogue mechanism for law enforcement and cybersecurity to address the challenges. Making unfounded accusation is counterproductive.”
Trump’s decision has already triggered blowback from Beijing, which has retaliated by threatening tariffs across numerous U.S. import categories.
Some warn that Trump’s effort to crack down on China’s trade practices or limit Beijing’s foothold in the U.S. market could have negative implications in cyberspace.
“I think that if they see the U.S. potentially slapping trade restrictions on China, then they’re going to see that as probably opening up the flood gates again,” said Meyers. “All bets are kind of off.”