In recent months, China has been acting suspiciously helpful with regards to cyber crime and its international role in cybersecurity. The usually reticent nation (which many people feel is involved in a full blown ‘cyber war’ with the West), has been engaged in a number of negotiations with US officials and has come to some surprising agreements on how the two nations should deal with cybercrime moving forward. The going appears to be good, and Obama is for once looking like a president that can get things done and incite change on the international stage.
He couldn’t have timed it better either. Having lost the records of around 22 million current and former federal employees (when Chinese hackers penetrated the Office of Personnel Management earlier this year) Obama has been desperate to look like he is doing something. Now, the latest news that the Chinese government has arrested a number of hackers involved in that high profile case is serving to further lessen tensions between the two powers.
Earlier this week, China’s Public Security Minister Guo Shengkun met with Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson in order to capitalise on the momentum that the two nations have set in motion. The meeting’s aim? To further shore up agreements between the two countries, and put in place a number of practical protocols about how cybercrime should be dealt with in future. It is during those talks, that Chinese officials have made claims about arresting a number of hackers involved in the devastating OPM hacks.
As of yet, it is unclear exactly what the Chinese government has told the US about those arrests, or whether the hackers have any direct connections to the Chinese government itself. One US official, who has spoken anonymously (due to the sensitivity of the case) says that it is hard to tell if the Chinese government can be trusted,
‘We don’t know that the arrests the Chinese purported to have made are the guilty parties. There is a history [in China] of people being arrested for things they didn’t do.’
‘It is representative of a desire to signal a shift [in China’s approach to cybersecurity], but whether such a shift is actually occurring is a different issue altogether.’
Despite the US administration’s refusal to officially point the finger at Beijing, it is commonly accepted that the US believes the Chinese government was complicit in the OPM hacks. This week’s claims from Chinese officials that it has made arrests pertaining to that case (as long ago as September) – seems to stand in stark contrast to those beliefs – and seems awfully well timed, almost too well timed. After all, if China has arrested hackers that it believes were involved in the OPM hacks, then why has it waited til now to inform the US about it? Highly suspicious.
Prior to this week, September’s arrests had been thought to be related to corporate espionage rather than the OPM hacks – so US officials are right to remain alert as to the truth of the matter. Consider this for a moment: Only weeks after September’s agreement had been struck between the two nations, the security firm CrowdStrike made the claim that it had evidence to show that the Chinese had been involved in no less than seven new cases of hacking US technology and pharmaceutical firms. Hardly the sudden halt in Chinese hacking that Obama’s administration would like us to believe the negotiations resulted in.
Interestingly, the usually vocal White House would not say whether if felt there was any credibility behind CrowdStrike’s claims – no doubt to keep alive the illusion of a US diplomatic win. It being more important, as usual, for Obama to appear to be quelling China’s ongoing and large-scale theft of US trade secrets than to actually be orchestrating any real change in China’s behaviour.
It is also worth noting that in the weeks running up to the September agreements, the US had been preparing a number of sanctions against China as a retort to the extreme cybercrimes originating from behind the Great Firewall. One can not help wondering then, whether this entire Chinese move has been a clever ploy to keep the US calm as it continues with its customary policy of subterfuge.
Jason Healey, a senior researcher at the Columbia University School of International Public Affairs, has gone on record with his belief that if China had arrested the OPM hackers ‘it would be the most important arrest that we’ve perhaps seen in cybercrime.’ Considering, however, that it would be almost impossible for the US to tell whether the Chinese government had caught the real perpetrators (or had just framed some other persons it wanted to imprison – or perhaps done nothing at all), and you start to get closer to the worrying reality of the US’s position in all of this.
As Healy says, ‘the last two months have been nothing but shocks. Who would have thought that we would have gone from no norm on commercial espionage and no movement on the OPM hack to a new G20 norm and today’s news of criminal arrests on OPM? This is a string of incredible diplomatic successes.’ Who would have thought indeed? Considering that the threat of economic sanctions was fundamental in kickstarting the entire process – no matter which way you look at it – one can not help but wonder if perhaps the US is being outplayed and outmaneuvered by the Chinese in the world of cyberpolitics.