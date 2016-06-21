(Adds Chinese comment)
By Joseph Menn and Jim Finkle
SAN FRANCISCO, June 20 The Chinese government
appears to be abiding by its September pledge to stop supporting
the hacking of American trade secrets to help companies there
compete, private U.S. security executives and government
advisors said on Monday.
FireEye Inc, the U.S. network security company best
known for fighting sophisticated Chinese hacking, said in a
report released late Monday that breaches attributed to
China-based groups had plunged by 90 percent in the past two
years. The most dramatic drop came during last summer's run-up
to the bilateral agreement, it added.
FireEye's Mandiant unit in 2013 famously blamed a specific
unit of China's Peoples Liberation Army for a major campaign of
economic espionage.
Kevin Mandia, the Mandiant founder who took over last week
as FireEye chief executive, said in an interview that several
factors seemed to be behind the shift. He cited embarrassment
from Mandiant's 2013 report and the following year's indictment
of five PLA officers from the same unit Mandiant uncovered.
Prosecutors said the victims included U.S. Steel, Alcoa Inc
and Westinghouse Electric. Mandia also cited the threat
just before the agreement that the United States could impose
sanctions on Chinese officials and companies.
"They all contributed to a positive result," Mandia said.
A senior Obama administration official said the government
was not yet ready to proclaim that China was fully complying
with the agreement but said the new report would factor into its
monitoring. "We are still doing an assessment," said the
official, speaking on condition he not be named.
The official added that a just-concluded second round of
talks with China on the finer points of the agreement had gone
well. He noted that China had sent senior leaders even after the
U.S. Secretary of Homeland Security pulled out because of the
Orlando shootings.
China's Foreign Ministry, the only government department to
regularly answer questions from foreign reporters on the hacking
issue, said China aimed to maintain dialogue on preventing and
combating cyber-spying.
"We've expressed our principled position on many occasions,"
ministry spokeswoman Hua Chunying told a daily news briefing on
Tuesday. "We oppose and crack down on commercial cyber-espionage
activities in all forms."
FireEye said that Chinese intrusions into some U.S. firms
have continued, with at least two hacked in 2016. But while the
hackers installed "back doors" to enable future spying, FireEye
said it had seen no evidence that data was stolen.
Both hacked companies had government contracts, said FireEye
analyst Laura Galante, noting that it was plausible that the
intrusions were stepping stones toward gathering information on
government or military people or projects, which remain fair
game under the September accord.
FireEye and other security companies said that as the
Chinese government-backed hackers dropped wholesale theft of
U.S. intellectual property, they increased spying on political
and military targets in other countries and regions, including
Russia, the Middle East, Japan and South Korea.
Another security firm, CrowdStrike, has observed more
Chinese state-supported hackers spying outside of the United
States over the past year, company Vice President Adam Meyers
said in an interview.
Targets include Russian and Ukrainian military targets,
Indian political groups and the Mongolian mining industry,
Meyers said.
FireEye and CrowdStrike said they were confident that the
attacks are being carried out either directly by the Chinese
government or on its behalf by hired contractors.
Since late last year there has been a flurry of new
espionage activity against Russian government agencies and
technology firms, as well as other targets in India, Japan and
South Korea, said Kurt Baumgartner, a researcher with Russian
security software maker Kaspersky Lab.
He said those groups use tools and infrastructure that
depend on Chinese-language characters.
One of those groups, known as Mirage or APT 15, appears to
have ended a spree of attacks on the U.S. energy sector and is
now focusing on government and diplomatic targets in Russia and
former Soviet republics, Baumgartner said.
(Reporting by Joseph Menn in San Francisco and Jim Finkle in
Boston; Additional reporting by; Megha Rajagopalan in Beijing;
Editing by Jonathan Weber and Richard Chang)