A new U.S. indictment against alleged Chinese government hackers suggests the uneasy cyber peace President Obama brokered with China’s leader is hanging on life support, at a time when the U.S. is being increasingly challenged online by adversaries like Russia, Iran, and North Korea.
Zhu “Godkiller” Hua and Zhang “Baobeilang” Shilong were charged with conspiracy to commit computer intrusion, wire fraud, and identity theft in federal court in Manhattan. The two men are allegedly part of the hacking operation known as “APT10” in security circles, and allegedly participated in a broad range of attacks on U.S. companies over a twelve year period beginning in 2006, all on the orders of the Chinese Ministry of State Security’s Tianjin State Security Bureau.
The charges are the latest in a string of indictments over the last year naming Chinese nationals in state-sponsored hack attacks. As with the previous cases, the emphasis is on China’s theft of intellectual property for the benefit of its industries. In one years-long hacking campaign outlined in the indictment, APT10 breached a U.S. managed service provider and used it as entryway into corporate networks in 12 countries, allowing China to “steal, among other data, intellectual and confidential business data on a global scale.”
It’s unlikely that either defendant will ever see a New York courtroom, and bringing the hackers to trial isn’t the point of the indictment. The charges are aimed at pressuring China to comply with a cyber pact Chinese president Xi Jinping reached with the Obama administration in 2015, which China appears to have dustbinned amid its very public and heated trade disputes with the Trump administration.
“As time has gone on and the relationship has become frayed, there's no reason for them not to step up this kind of activity, in their view,” said former State Department official Chris Painter, who led the negotiating team that reached the 2015 accord.
In a joint statement Thursday, Secretary of State Michael Pompeo and Homeland Security chief Kirstjen Nielsen in a joint statement said they were “concerned” that the hacking outlined in the indictment “violates the 2015 U.S.-China cyber commitments made by President Xi Jinping to refrain from conducting or knowingly supporting ‘cyber-enabled theft of intellectual property,” they wrote. “Stability in cyberspace cannot be achieved if countries engage in irresponsible behavior that undermines the national security and economic prosperity of other countries.”
In the early 2000’s China’s hackers were notorious for conducting industrial espionage on a large scale. After years of quiet diplomacy and public shaming—-- notably the 2012 indictment of five Chinese military officials for hacking U.S. Steel— -- the U.S. Washington reached an unprecedented agreement with Beijing China in 2015 that neither country would use computer hacking for corporate espionage.
It was a hard-won concession, recalls Painter, who served as the State Department’s Coordinator for Cyber Issues for six years before the position was eliminated in 2017. At first Xi’s advance team seemed not to recognize a difference between industrial spying and traditional nation-state espionage. “They said they did neither,” recalled Painter. The final negotiations took place in a DC hotel immediately before Xi’s arrival for a White House summit, and a deal was finally reached at 4:00 in the morning.
The agreement was later ratified through the G20. "I think the reason China decided to make that deal is because Obama made it clear it was a key issue in the relationship between the two countries,” Painter said. “Over a year and a half period that point was made over and over again without relent.”
Cyber security experts noted a dramatic decline in breaches attributable to China in the final years of the Obama presidency. Now, though, the trend is reversing. President Trump, who lashed out at China as an “economic enemy” while a candidate, has begun a heated and very-public tariff war with the country as president. And Chinese hackers are being seen aggressively targeting American industry once again.
Priscilla Moriuchi, the former lead for the NSA’s East Asia and Pacific cyber threats office, said it’s unclear that China ever really took its commitments under the deal seriously. The plunge in Chinese government hack attacks could have been the result of the wrenching reorganization that was taking place within China’s military bureaucracy in the same time period. “You can't say what the singular driving factor was behind any trend that you saw in this time frame,” she said.
"The point of the agreement was to get China to admit that's what they were doing, and to understand why it was a problem for us,” said Moriuchi, now director of strategic threat development at the computer security company Recorded Future. “There were no punitive measures attached to it, it was just sort of an understanding.”
Painter said the U.S. had no illusions that China would completely change course. "I don't think we were born yesterday,” he said. Thursday’s indictment might make a difference to China, but only if its combined with international pressure. “If there's high level condemnation from other countries, and this hasn't happened yet, then I think that would be significant,” he said.
"I think it's perfectly appropriate for us to enforce the bargain,” said Painter. “China, unlike Russia, has traditionally cared about their perception in the rest of the world."