Hack findings highlight China, U.S. in game of spy vs. spy
China-U.S. relations over cyberespionage could one day resemble the U.S. and the Soviet Union's Cold War, says cybersecurity expert
By Antone Gonsalves
February 20, 2013 — CSO —
A view of "Unit 61398" outside Shanghai, China. Photo: Reuters
A large-scale cyberespionage operation recently linked to China's military is unlikely to change the longstanding game of spy vs. spy with the U.S., experts say.
Security company Mandiant said in a report released Tuesday that a group of cyberspies it had watched for sometime was similar in mission, capabilities and resources to a secretive group called PLA Unit 61398, which is run by China's People's Liberation Army. The evidence collected by Mandiant indicates the two groups are the same.
The discovery does not mark an escalation in Chinese cyberspying, which has been on the rise for sometime. Nor does it bring the U.S. and China any closer to cyberwar, as some have reported, experts say. That's because Chinese activities remain focused on stealing government secrets and intellectual property from private industry, including information technology, defense and aerospace, energy, transportation, communications and chemical.
[Related news analysis: Chinese Army link to hack no reason for cyberwar]
The Mandiant report also showed that the group it watched, called APT1, was increasingly focused on stealing information from companies involved in U.S. critical infrastructure, such as electrical power grids, gas lines and waterworks, The New York Times reported.
While certainly a major concern, activities involving the gathering of information remain spying and are not militarily a cyberattack, which depending on the damage could lead to cyberwar. An example of a true cyberattack would be the Stuxnet malware, reportedly designed by the U.S. and Israel. The malware destroyed centrifuges in Iran's nuclear facilities.
"It's cyberwar when you break something and it hurts bad enough that you think it's war," said Stewart Baker, a partner at Steptoe & Johnson and a former assistant secretary for policy at the Department of Homeland Security.
With cyberespionage, there is no diplomatic solution. That's because both sides spy on each other and neither would admit it. Key to any successful spy operation is to deny involvement, in the absence of direct evidence to prove otherwise.
"I'm not aware of anybody who thinks that we can, or maybe not even should, try to reach an agreement on espionage with China or anybody else," Baker said.
While there is no diplomatic solution, the U.S. can take other steps against China to create a tacit agreement on the limits of cyberspying, experts say. For example, the U.S. could use its own spy networks to feed information to Chinese dissidents to bring more political grief to the Chinese government.
"What we really have to do is punish them for theft," said Paul Rosenzweig, a former deputy assistant secretary for policy at DHS and the founder of Red Branch Law & Consulting.
The area where punishment would be most effective is in the theft of intellectual property from private industry. U.S. laws prevent the government from hacking private companies in China, but law enforcement could use those laws to prosecute Chinese companies that use stolen IP.
Those companies can be barred from doing business in the U.S., and cyberthieves can be prosecuted, if they are arrested in a country outside of China and if the U.S. can extradite them, experts say.
Because of the close economic ties between China and the U.S., both countries have options for pressuring each other, while not crossing a line that would threaten their respective economies. In the case of the U.S, it could enact sanctions against China, leveraging the fact that the U.S. market is the largest buyer of Chinese goods.
For now, there is no international organization for either the U.S. or China to turn to.
"Corporate espionage almost certainly constitutes an unfair trade practice, but national governments, including the U.S., have hesitated bringing actions against the most egregious violators to the World Trade Organization for economic and political reasons," said Jacob Olcott, principal consultant for cybersecurity at Good Harbor Consulting.
In time, relations between China and the U.S. over cyberespionage could resemble those between the U.S. and the Soviet Union during the Cold War.
"I suspect that like the Cold War, at some point the U.S. and China will come to some sort of tacit agreement on what is acceptable and what isn't," Murray Jennex, a cybersecurity expert and associate professor at San Diego State University, said in an email.
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.