Is China still hacking US companies to steal trade secrets?

Home Top

PICTURE EXCLUSIVE: Lamar Odom passed out on brothel bed hours before his sordid overdose on cocktail of drink and drugs
EXCLUSIVE: Saudi prince charged with sex assault on maid at Los Angeles mansion is the son of country's last king - but will now ESCAPE felony charges over alleged attack
'A gangster through and through': Goodfellas mobster, 80, goes on trial accused of pocketing his share of $6m JFK robbery that was made infamous by the hit movie
Eat bacon, don't jog and NEVER eat fruit: Health guru reveals the 10 surprising ways YOU can shed the pounds and get fit
Will he or won't he? Biden-watchers say Joe is could announce his decision about a White House run in the next 48 hours
Eat with your left hand, sit next to a lamp and wash your pillow case weekly: 20 ingenious ways to stay well this winter
Are YOU easily scared? Scientists pinpoint brain region that controls fear of the unknown
Terror on Southwest flight at LAX as 'passenger starts CHOKING woman who reclined her seat in front of him' - before the plane has even taken off
The moment officers board Aer Lingus flight after Brazilian man BITES a fellow passenger and then drops dead...
Tuna may ward off breast cancer: Fish's fatty acids have anti-inflammatory effects
Apple pulls hundreds of apps after 'rogue' ad system that could spy on users is discovered
Say goodbye to dentures: Humans could one day regrow their own teeth by copying the behaviour of a tropical fish
New Jersey burlesque dancer dies in freak accident at saltwater hotel pool in El Salvador when a wave sucks her out to sea
On your bike! Moped rider begs mercy from angry elephants who attacked him because they are sick of noisy motorcycles in national park
Mystery of the Shroud of Turin deepens: Genetic study reveals the fabric contains DNA from plants found all over the world
Two-year-old boy found wandering Philadelphia alone at night reveals tragic truth that his entire family are sleeping in a makeshift cardboard home
Nasa predicts 'near miss' with scary asteroid on Halloween (but don't panic, it will still be 310,000 miles away)
The search for an alien MEGASTRUCTURE: Radio telescope starts analysing 'bizarre' star that could be surrounded by a Dyson sphere built by extraterrestrials
Amazon hits back at blistering New York Times report with damning blog post
The new Air Force One will have improved defenses to fend off heat seeking missiles and resist nuclear blasts under plans being finalized
'He freaked out on me': Johnny Manziel's girlfriend is hysterical in dashcam video of them being questioned by cops during fight 'after she tried to jump out his speeding car'
Are you the eldest child? Then you're probably smarter than your siblings: First-born may get an IQ boost from teaching brothers and sisters
Opposites DON'T attract: We are more likely to choose partners who have similar genes to us
Clock boy Ahmed Mohamed heads to the White House for Astronomy Night

California-based company CrowdStrike says hackers linked to Chinese government have launched seven cyber attacks over last three weeks
One hack attempt came September 26, a day after President Obama and China's Xi Jinping announced pact banning economic espionage
The agreement between Washington and Beijing prohibits cyber attacks designed to steal trade secrets
Hacking group known as Deep Panda is believed to have been behind some of the attacks on American companies

Published: 00:33 EST, 19 October 2015 | Updated: 12:53 EST, 19 October 2015

View
comments

American companies have been repeatedly targeted by Chinese hackers over the past three weeks, suggesting that China almost immediately began violating its newly minted pact with the US, according to a cybersecurity company.

The Irvine, California-based company, CrowdStrike, which has close ties to the US government, says it documented seven Chinese cyberattacks against five technology and two pharmaceutical companies 'where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national security-related intelligence collection.'

'We've seen no change in behavior,' said Dmitri Alperovich, a founder of CrowdStrike who wrote one of the first public accounts of commercial cyberespionage linked to China in 2011.

Scroll down for video

Business as usual? A cybersecurity firm claims seven American companies have been targeted by Chinese hackers in the three weeks since the signing of a new agreement by Chinese President Xi Jinping and President Obama banning economic espionage

High-level meeting: One attack came on September 26, the day after Obama and Xi announced their deal in the White House Rose Garden

One attack came on September 26, CrowdStrike says, the day after President Barack Obama and Chinese President Xi Jinping announced their deal in the White House Rose Garden.

CrowdStrike, which employs former FBI and National Security Agency cyberexperts, did not name the corporate victims, citing client confidentiality. And the company says it detected and thwarted the attacks before any corporate secrets were stolen.

Alperovitch said he believed the hackers who attacked the seven companies were affiliated with the Chinese government based in part on the servers and software they used.

The software included a program known as Derusbi, according to Alperovitch. Other analysts have said Derusbi previously turned up in attacks on Virginia defense contractor VAE Inc and health insurer Anthem Inc.

Expert opinion: Dmitri Alperovich, founder of the cybersecurity company CrowdStrike, laid out his findings regarding China's suspected hacking activities in a blog post

A senior Obama administration official, speaking on condition of anonymity because he was not allowed to discuss the matter publicly, said officials are aware of the report but would not comment on its conclusions. The official did not dispute them, however.

The US will continue to directly raise concerns regarding cybersecurity with the Chinese, monitor the country's cyberactivities closely and press China to abide by all of its commitments, the official added.

The US-China agreement signed last month does not prohibit cyberspying for national security purposes, but it bans economic espionage designed to steal trade secrets for the benefit of competitors. That is something the US says it doesn't do, but Western intelligence agencies have documented such attacks by China on a massive scale for years.

China denies engaging in such behavior, but threats of US sanctions led Chinese officials to conduct a flurry of last-minute negotiations which led to the deal.

CrowdStrike on Monday released a timeline of recent intrusions linked to China that it says it documented against 'commercial entities that fit squarely within the hacking prohibitions covered under the cyberagreement.'

The intrusion attempts are continuing, the company says, 'with many of the China-affiliated actors persistently attempting to regain access to victim networks even in the face of repeated failures.'

CrowdStrike did not explain in detail how it attributes the intrusions to China, an omission that is likely to draw criticism, given the ability of hackers to disguise their origins. But the company has a long track record of gathering intelligence on Chinese hacking groups, and US intelligence officials have often pointed to the company's work.

'We assess with a high degree of confidence that these intrusions were undertaken by a variety of different Chinese actors, including Deep Panda, which CrowdStrike has tracked for many years breaking into national security targets of strategic importance to China,' Alperovich wrote in a blog posting that laid out his findings.

Familiar name: The hacking group known as Deep Panda, which is believed to have carried out an attack on Anthem Health, earlier this year, has been tentatively linked to this latest batch of breaches

Chinese Foreign Ministry spokeswoman Hua Chunying repeated that the Chinese government opposed all forms of hacking or stealing commercial secrets.

'Internet hacking attacks are marked by their secretive, cross border nature,' she told a daily news briefing.

The hacking group known as Deep Panda, which has been linked to the Chinese military, is believed by many researchers to have carried out the attack on Anthem earlier this year.

CrowdStrike and other companies have tracked Deep Panda back to China based on the malware and techniques it uses, its working hours and other intelligence.

Another US cyber security company, FireEye Inc, said the state-sponsored Chinese hackers that it monitored were still active but it was too soon to say whether their aims had shifted.

'It is premature to conclude that activity during this short time frame constitutes economic espionage,' FireEye spokesman Vitor De Souza said

In 2013, the cybersecurity company Mandiant published a report exposing what it said was a hacking unit linked to China's People's Liberation Army, including identifying the building housing the unit in Beijing. Those findings were later validated by American intelligence officials.