Did China Just Steal $360 Billion From America?
The principal group in question is believed to be the one codenamed APT6. The three letters stand for Advanced Persistent Threat, and this group appears to be among the first tagged as an “APT.”
Kurt Baumgartner of Russian firm Kaspersky Lab suggests APT6 is state-sponsored.That sounds correct because as Craig Williams WMB -4.47% at Talos, a part of Cisco, notes, it is “an advanced, well-funded actor.”
Baumgartner declined to identify APT6’s nationality, but others have. Vice Media’s Motherboard reports that experts think the group is Chinese. As the FireEye security firm notes, APT6 is “likely a nation-state sponsored group based in China.”
In any event, APT6 has caught the attention of the FBI. The group also appears to be the subject of the Bureau’s February 12 alert.
The February 12 alert says the group in question was attacking U.S. networks “since at least 2011,” but Baumgartner thinks it was active as early as 2008.
In September of last year during Xi Jinping’s state visit, President Obama said the U.S. and China had reached “a common understanding on the way forward” on cybertheft. Washington and Beijing, he said, had affirmed the principle that neither government would use cyber means for commercial purposes.
China indeed affirmed that principle, and the agreement was, as Adam Segal and Tang Lan write, “a significant symbolic step forward.” The pair correctly note that “trust will be built and sustained through implementation.”
As might be expected, there was little implementation on the Chinese side at first. CrowdStrike , the cyber security firm, for instance, in October reported no letup in China’s cyber intrusions into the networks of American corporates.
Related: Economic Terrorism
Beijing, according to the Financial Times, has since reduced its cyber spying against American companies. As Justin Harvey of Fidelis Cybersecurity told the paper, “What we are seeing can only be characterized as a material downtick in what can be considered cyber espionage.”
And FireEye noted that all 22 Chinese hacking units identified by the firm as attacking American networks discontinued operations.
Nonetheless, the Obama administration is not declaring victory quite yet, and for good reason. “The days of widespread Chinese smash-and-grab activity, get in, get out, don’t care if you’re caught, seem to be over,”says Rob Knake, who once directed cyber security policy at the National Security Council and is now at the Council on Foreign Relations. “There’s a consensus that activity is still ongoing, but narrower in scope and with better tradecraft.”
Whether espionage is overt or not, the damage to American business is still large. According to the May 2013 report of the Blair-Huntsman Commission on the Theft of American Intellectual Property, “The scale of international theft of American intellectual property is unprecedented—hundreds of billions of dollars per year, on the order of the size of U.S. exports to Asia.”
William Evanina, America’s chief counterintelligence official, told reporters in November that hacking espionage costs U.S. companies $400 billion each year and that China is responsible for about 90% of the attacks. Beijing’s haul, therefore, looks like something on the order of $360 billion.
And how do we know the Chinese are culprits? For one thing, bold Chinese cyber thieves like to show their victims the information they have stolen.
Moreover, the U.S. government has gotten better at attribution, going from being able to attribute one-third of the attacks to more than two-thirds. The improvement is largely due to the government’s partnership with the private sector. Microsoft, Google, and Twitter, for example, will share information if they detect attacks on their customers.
And their customers are still getting attacked. “We continue to see them engage in activity directed against U.S. companies,” said Admiral Mike Rogers, the head of U.S. Cyber Command, in early April in testimony before the Senate Armed Services Committee. “The questions I think that we still need to ask is, is that activity then, in turn, shared with the Chinese private industry?”
It’s right for Rogers to be cautious, but it would be strange for Chinese hackers not to share as they have done in the past. At the moment, there is little reason for Beijing to stop hacking, because Washington is not willing to impose costs on China for its “21st century burglary.”
There was the May 2014 indictment of five officers of the People’s Liberation Army for cyberattacking American businesses, like Alcoa and U.S. Steel, and the United Steelworkers union. That move, while welcome, was overdue and only symbolic. The Blair-Huntsman Commission suggested an across-the-board tariff on Chinese goods, but the imposition of a penalty of that sort is unlikely without a radical change of thinking in Washington.
Therefore, the FBI, even after all these years, is just playing catch up. The February alert is a tacit admission that the U.S. government is not in control of its own networks said Michael Adams, who served in U.S. Special Operations Command. “It’s just flabbergasting,” Adams told Motherboard. “How many times can this keep happening before we finally realize we’re screwed?”
The People’s Republic of China is still committing monumental thefts in large part because successive American governments cannot get beyond half-measures.
Beijing may be an intruder, but Washington somehow finds it unseemly to lock the door and punish the thief.
