CrowdStrike: ‘We Are Not Stating the Chinese Are Violating the Cyber Agreement’

When the network security company CrowdStrike revealed late Sunday that its corporate customers had suffered a series of attempted attacks by hackers linked to the Chinese government, the American media pounced. Coming in the wake of an agreement between China and the United States not to carry out economic espionage against each other, the CrowdStrike report was judged as evidence the pact was worth little more than the paper on which it was written.

The CrowdStrike analysis of customer data suggests “that China almost immediately began violating its newly minted cyberagreement with the United States,” the Associated Press reported. CBS headlined the AP report: “China already violating U.S. cyberagreement, group says.” And the Washington Post chimed in with a report that “Chinese government hackers have attempted in the past few weeks to penetrate the networks of U.S. companies to steal their secrets despite a pledge by China’s president that they would not do so.”

Such analysis goes a step too far, Dmitri Alperovitch, the co-founder and chief technology officer of CrowdStrike, said Monday. “We are not stating anywhere that the Chinese are violating the agreement,” he told Foreign Policy in an interview. “It is not up to us to draw that conclusion.”

In the nearly four weeks since the agreement was signed, CrowdStrike security systems detected and stopped at least 20 separate attacks on technology and pharmaceutical companies from known Chinese-affiliated hackers against the servers of seven client companies. One attempt came the day after the deal was announced, Alperovitch wrote on a blog post Monday. None resulted in the theft of intellectual property.

The Sept. 25 agreement between Presidents Barack Obama and Xi Jinping prohibits transmitting pilfered intellectual property to companies for commercial gain. The narrowly written agreement is designed to mollify U.S. firms outraged over corporate secrets being stolen for their Chinese competitors but allows Washington and Beijing to continue carrying out espionage in cyberspace.

Despite the media reports claiming otherwise, CrowdStrike’s report contains no concrete evidence that such prohibited activities have actually taken place, only an argument by Alperovitch that they were attempted. “The primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national-security related intelligence collection which the cyber agreement does not prohibit,” Alperovitch wrote.

His argument turns on the type of companies being targeted. Chinese hackers, Alperovitch said, have no national security-related reason to attack these pharmaceutical and technology firms and would only do so in order to carry out economic espionage.

He would not disclose the identity of the targeted companies, citing confidentiality agreements with his clients. Alperovitch said that he doesn’t know what particular information the hackers were after.

Prominent spy agencies have in the past targeted technology companies for non-commercial reasons. The NSA and GCHQ, for example, targeted the Dutch sim card manufacturer Gemalto in order to obtain encryption keys, an attack that would not have been prohibited by the U.S.-China agreement, had Gemalto been a Chinese firm.

Alperovitch is very familiar with the hackers who more recently tried to penetrate his clients’ computer systems. One of them, Deep Panda, has been tracked by CrowdStrike for several years, and Alperovitch said his firm has a good sense of the computer infrastructure used to carry out the attacks — one of the reasons CrowdStrike was able to thwart the attempted intrusions.

The CrowdStrike report — and the early reporting around it claiming that it showed a breach of faith by China — represents a huge headache for the White House. A senior administration official, speaking on condition of anonymity, said he was aware of the report but declined to comment on its conclusions.

“As a general matter, malicious cyber actors from a variety of nations find U.S. networks and companies attractive targets, and seek access to sensitive or proprietary information for a variety of purposes, and we take seriously all reports of intrusions,” the aide said Monday. “As we move forward, we will monitor China’s cyber activities closely and press China to abide by all of its commitments.”

Photo credit: Rod Lamkey-Pool/Getty Images