Despite U.S.-China Agreement, Corporate Hacking Attempts Persist

Three weeks ago, US president Barack Obama and Chinese president Xi Jinping made a groundbreaking announcement in the White House Rose Garden—both governments pledged to stop supporting cyber theft of the other country’s corporate intelligence. Just one day after that deal was made public, entities affiliated with the Chinese government attempted to hack into a US tech company, according to data security company CrowdStrike. Several US pharmaceutical and tech companies have been attacked since, CrowdStrike says.

The hackers are looking for corporate intelligence, Dmitri Alperovitch, co-founder of CrowdStrike, said in an Oct. 19 post on the company’s website:

…the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the Cyber agreement does not prohibit.

Many of the attacks were made through web servers, using SQL, a programming language used to gather data. No intellectual property was stolen during any of the attacks, CrowdStrike said. Still, “the very fact that these attempts occurred highlights the need to remain vigilant despite the newly minted Cyber agreement,” Alperovitch said.

So does this mean the Obama-Xi agreement is a failure? It is possible that China’s government-affiliated cyber-intelligence community just needs more than three weeks to halt all activity. Still, it’s not a great sign. When the cybertheft agreement was announced Sept. 25, Obama said “The question now is, are words followed by actions?” The short answer appears to be “No.”