Despite an uneasy relationship over mutual cyber espionage allegations, the US and China have reached an agreement on fighting cyber crime.
The agreement on guidelines for requesting assistance on cyber crime and malicious cyber activity was reached in talks in Washington with China’s public security minister, Guo Shengkun.
The US and China also agreed to hold a “tabletop” cyber crime exercise in 2016, to establish a cyber crime hotline between the two countries’ presidents, and to hold further talks in Beijing in June 2016.
The talks follow the September 2015 meeting between US president Barack Obama and his Chinese counterpart Xi Jinping at which they agreed that neither government would support the cyber theft of intellectual property (IP).
The agreement appeared to be making progress with reports that China had arrested a number of Chinese hackers at the request of the US, but in October 2015 US security firm CrowdStrike claimed that hackers linked to the Chinese government had attempted to hack into at least five US technology and two pharmaceutical firms.
However, US officials say the latest talks in Washington are an indication that the diplomatic row over cyber intrusions is beginning to smooth over, according to Bloomberg News.
The talks coincided with an announcement by China’s state-run news agency, Xinhua, that investigations had revealed that criminals, not state-backed hackers were behind the cyber attacks on the US Office of Personnel Management (OPM), which compromised personal data on more than 20 million current and former government employees.
The US government disclosed in June 2015 that hackers had stolen federal personnel data on 22 million government employees and contractors, and James Clapper, the US director of national intelligence, said China was the main suspect.
Australia blames China for cyber attack
Unfortunately for the Chinese, the latest talks in Washington also coincided with reports that China was being blamed for a massive cyber attack on a supercomputer at Australia’s Bureau of Meteorology (BoM) that has links to multiple government agencies including the Department of Defence.
China was swift to deny the claims. “The Chinese side has repeated on many occasions that the Chinese government firmly opposes and cracks down on all forms of cyber attacks,” Ministry of Foreign Affairs spokeswoman Hua Chunying said in Beijing.
“The cyber security issue is a global one which calls for the international community’s joint efforts through dialogue and co-operation in the spirit of equality and mutual respect. It is not constructive to make unfounded accusations and speculations,” she added.
A report by the Australian Broadcasting Corporation (ABC) said “multiple official sources” had confirmed the attack, that it was expected to cost millions of dollars and possibly take years to plug the security breach, and that government officials were “confident” the attack came from China.
The BoM supercomputer contains a lot of research, but could be viewed as a potential gateway to a host of government agencies that have even more sensitive information.
However, some commentators have said it is unlikely that the Chinese government would risk antagonising Australia.
Bloomberg News quoted Jill Slay, director of the Australian Centre for Cyber Security, as saying: “I would be highly sceptical that the Chinese government would have much to gain from hacking into a meteorological organisation at a time when it’s trying to secure trade ties with Australia.”
According to ABC, a leading Chinese cyber analyst agrees. Reports quote Liu Deliang, head of the Beijing-based Asia-Pacific Institute for Cyber-Law Studies, as saying: “Even if there are real Chinese IP addresses, it doesn’t mean the attack was carried out by the Chinese government or Chinese individuals. Technically, it’s totally possible for a third country – including Australia itself – to control computers and servers in China, and to carry out an attack on Australia.” Liu said China is a convenient target to blame, and he called for a neutral organisation or a third party to analyse international cyber attacks. “Only with solid evidence should one country accuse another,” he said.
The problem of attribution
In August 2015, former US diplomat turned private sector consultant David An told attendees of the DEF CON 23 hacker conference in Las Vegas that the problem of attribution is often a major roadblock to international cyber diplomacy.
The attribution problem, he said, is where a cyber attack appears to be coming from country A, yet it is only a proxy in country A, and the attack is really coming from country B.
“Or maybe it is several proxies, with the attack coming from country F, but going through proxies in E, D, C and A,” added An.
The issue of attribution was highlighted when the US blamed North Korea for the massive November 2014 cyber attack on Sony Pictures Entertainment.
Security experts, including Bruce Schneier, cast doubt on US claims that North Korea was behind the attack, but Schneier subsequently said he believed the US had enough evidence.
An said the US has spent a lot of resources trying to solve the attribution problem, according to a new book.
“It is a sensitive topic, so I can’t really get into myself, so I am going to cite journalist Shane Harris’s new book,” he said.
According to Harris’s research on the US National Security Agency (NSA) and cyber security, he said the NSA has spent a lot of money buying software from computer companies and developing its own software in-house to solve the attribution problem.
“So according to his research and interviews with US officials, he is saying the US government is very adept on this,” said An.
Harris’s research, therefore, appears to support the FBI’s confidence in attributing the Sony attack to North Korea.
In January 2015, FBI director James Comey told the International Conference on Cyber Security in New York that “critics do not have access to the same facts as the FBI”.
“We know who hacked Sony. It was the North Koreans. I have very high confidence about this attribution,” he said.
An called on all those with cyber security expertise to think like cyber diplomats by keeping dialogue in mind and aiming to engage other companies and countries to foster greater global collaboration in countering cyber attacks.