CFR Presents

Asia Unbound

CFR experts give their take on the cutting-edge issues emerging in Asia today.

Print Print Cite Cite
Style: MLA APA Chicago Close


Chinese Cyber Espionage: We Know the Who, How, Why, and Why it Matters–We’re Missing the What to Do

by Adam Segal
June 11, 2014

A demonstrator from the pro-China "Caring Hong Kong Power" group protests over claims from former U.S. spy agency contractor Edward Snowden that the National Security Agency (NSA) hacked computers in the Chinese territory, outside the U.S. Consulate in Hong Kong July on 9, 2013. (Bobby Yip/Courtesy Reuters) A demonstrator from the pro-China "Caring Hong Kong Power" group protests over claims from former U.S. spy agency contractor Edward Snowden that the National Security Agency (NSA) hacked computers in the Chinese territory, outside the U.S. Consulate in Hong Kong July on 9, 2013. (Bobby Yip/Courtesy Reuters)


Three documents that came out this week lay out the “who,” “how,” “why,” and “why it matters” of Chinese cyber espionage. Unfortunately, we still lack the “what to do.”

The “who” and “how” was contained in a new report, Putter Panda, by the cybersecurity company CrowdStrike [Full disclosure: CrowdStrike helps fund a speaker series at CFR]. The report, like the Department of Justice (DoJ) indictment of five hackers alleged to be part of the People’s Liberation Army (PLA) and Mandiant’s 2013 APT1 report, uses IP addresses, email accounts, and other forensic details to describe attacks on European and U.S. businesses and government agencies, with a particular focus on the satellite, aerospace, and communications sectors. CrowdStrike identified a hacker using the handle “cppy”, and through images posted on a picture sharing website and other clues linked the individual to PLA 3rd Department 12th Bureau Unit 61486 in Shanghai.

The “why” was laid out in a speech Chinese President Xi Jinping made on science and technology to the Chinese Academy of Sciences and Chinese Academy of Engineering on Monday, June 9. As the New York Times notes, Xi hit many of the nationalistic notes that have motivated technology policy over the last twenty years: China was in the past a great science and technology power; China is now too dependent on the West for critical technologies and must spur its own indigenous innovation; and science and technology are key to economic and national security. China is pursuing this goal through massive investments in science, technology, and education; the continued reform of research institutes, state-owned enterprises, and government agencies; and efforts to create incentives for entrepreneurship and innovation. Research and development (R&D) investments have increased by double digits annually for each of the past twenty years, and in 2011 China passed Japan as the world’s second largest spender on R&D. There is, however, a darker side to these efforts. The illicit transfer of intellectual property (IP) through the failure to protect IP in the domestic market, industrial espionage, or cyber theft, also plays a role in efforts to move the economy up the value chain and to bolster the competitiveness of Chinese companies.

The “why it matters” was answered when the Center for Strategic and International Studies (CSIS) and McAfee published their attempt to determine the costs of cyber crime and espionage. They estimated the annual cost to the global economy to be more than $400 billion; this includes crimes like bank fraud and identity theft targeted at individuals and cyber espionage directed at governments and companies. The report argues that the situation will get worse as more businesses move online creating more targets and as countries get more adept at using the IP they have stolen to manufacture competing goods.

Over a three-day period we answered the “who,” “how,” “why,” and “why it matters,” but we’re still struggling with the “what to do about it.” The CSIS-McAfee report suggests that countries will tolerate cyber crime as long as it stays at acceptable levels—less than 2% of GDP. Though the report estimates that the cost of cyber crime to the United States is 0.64% of GDP, the DoJ indictment is certainly escalated the issue in the U.S.-China relationship. George Kurtz, CEO and President of CrowdStrike, hopes to build on the campaign of “naming and shaming” and that Panda Putter “further cast the spotlight on China, and helps encourage the dialogue on dealing with this issue.” The CSIS-McAfee reports argues that there are two possible responses to the rising tide of cyber crime: improved technology and better defenses, and international agreements on law enforcement and state behavior.

Beijing’s response does not give much hope for bilateral agreements. It continues to deny that it engages in cyberattacks and to denounce the United States as a hypocrite, citing the Snowden revelations as evidence that Washington is the “real hacking empire.” Though some argued that more details and evidence might force a change in behavior, the Chinese Foreign Ministry denounced the CrowdStrike report as “accusing others of theft while he himself is the thief.” In a speech last week, Vice Foreign Minister Li Baodong rejected U.S. efforts to distinguish between political or military cyber espionage as expected and defensible, and cyber theft designed to steal intellectual property as bad and against international norms. “An individual country,” said Li, “has exercised double standards on the cyber issue, drawn lines out of its selfish interests and concocted ‘regulations’ only applicable to other countries.”

With little hope for change in Chinese behavior in the short term, the most important “what to do” will remain self help—technological innovation and better defenses.

Post a Comment 2 Comments

  • Posted by Richard Schramm

    Great job at summarizing some of the key various components of a very difficult challenge.

    A few things. I don’t see a reference to China’s S&T strategy, announced in 2006, which lays out the road map for all of this. Coincidentally, or not, it happens to come just before the PLA Units were formed. I view that as very similar to Al Qaeda’s Second Fatwa – a blueprint and announcement of what is to come – one the rest of the world had better pay attention to. Unlike 9/11, the critical mass behind this strategy has the potential to disrupt, or replace, huge segments of international law developed post WW II and Bretton Woods Conference.

    We do know much of what can be done internationally, domestically, technically, and at the organizational level. Technical tools are being developed to address this but even then, China is using the free market’s Achilles heel, capitalism, to help capture foreign innovation.

    China has an overarching objective of pivoting from the world’s factory to the worlds innovator.How they are pursuing this, and what we can do about it is my area of speciality.

    I’d be happy to discuss this with you further in a non public medium (phone, email, or?) You’ve laid important ground work. The timing is perfect and this could be developed into a series of easy to consume articles to educate others. Given the complexity of the topic, ease of consumption is critical.

    If I can be of help, please feel free to contact me. I assume you can respond to the email address I’ve left even though it is not published. If not, let me know here.

    Richard Schramm

  • Posted by Todd L. Platek, Esq.

    An additionally alarming aspect of the Chinese government-sponsored hacking of U.S. Government files is the ability to identify and track Chinese scholars, dissidents and asylum-seekers in the U.S. As a tool of the totalitarian regime, the Party’s hacking offers it huge benefits in further controlling families in China of its citizens who are abroad and voicing opinions contra the Party. Every Chinese in America is genuinely and justifiably concerned that the Party will wreak vengeance on relatives, friends and associates in China, for their actions in criticizing the Party, the rampant corruption of Chinese officials on every level of local, provincial and central government, and the policies of the Party.

Post a Comment

CFR seeks to foster civil and informed discussion of foreign policy issues. Opinions expressed on CFR blogs are solely those of the author or commenter, not of CFR, which takes no institutional positions. All comments must abide by CFR's guidelines and will be moderated prior to posting.

* Required