A new report released today from the Institute for Critical Infrastructure Technology (ICIT) warns that China's five-year plan for the years 2016-2020 is heavily reliant upon the digital theft of Western nations' intellectual property, despite the 2015 Sino-U.S. pact to eliminate cyberattacks against corporate assets.
Entitled China's Espionage Dynasty: Economic Death by a Thousand Cuts, the paper looks to paint a comprehensive portrait of China's cyberspy program through the aggregation of reports from the U.S. government, cybersecurity firms and independent sources. The ICIT will present its findings in Washington D.C. on July 28 before an audience of federal agencies and critical infrastructure private-sector organizations.
In September 2015, the U.S. and China publicly agreed not to digitally spy on each other for commercial gain. “While it is possible that China has reduced its targeted attacks against American organizations, it seems more likely that it restructured its cyber operations to assert greater control over its operatives,” the report concludes. In other words, the report states, China may have reined in its most obvious threats, while continuing to infiltrate Western businesses with more advanced, virtually undetectable advanced persistent threat (APT) attacks.
“I think that the only part of Chinese hacking that has slowed down are the independent patriot script kiddies,” said author Scott, a senior fellow at the ICIT, in an interview with SCMagazine.com. “I believe that since that ‘agreement,' the Chinese have moved forward with a more targeted attack model and have replaced much of the 'smash and grab' hacking they are known for, with an attempt to be more covert and stealthy.”
The paper claims that China's ongoing APTs are designed to help the country achieve the objectives of its latest five-year plan, which places a heavy emphasis on “cutting-edge technology and socioeconomic reform.” It then goes on to profile 15 known state-sponsored Chinese APT groups that allegedly steal intellectual property and spy on various Western organizations in order to stay economically competitive.
In another section that could prove controversial, the report's authors issued a warning about Chinese Student and Scholar Associations (CSSAs) – organizations that help Chinese students studying abroad to acclimate to Western university life. The report contended that at least some these organizations are acting on behalf of the Chinese government by asking often unwitting students to report details of their research, which can later serve as actionable intelligence.