The Meaning Of The U.S. and China Hacking Agreement



Xi and Obama. Photo by APLast Friday, after years of data breaches by Chinese hackers, many months of negotiations and occasional threats from the White House, while China's President Xi was in DC, the U.S. and China announced an agreement not to launch or support cyberattacks that steal corporate records for economic benefit. 

But what does that really mean? China is famous for paying lip service and in the meantime do what it wants to. How is this going to be enforced? Also, China already has most of the data it set out to get, so it's easy to agree to something like this.

President Obama said progress has been made through the talks with Mr. Xi but added that U.S. officials would be monitoring closely to see if Chinese officials stop the attacks. “The question now is: ‘Are words followed by actions?’ And we will be watching carefully to make an assessment,” he said.

Well, apart from the thousands in the Chinese Cyberarmy, hacking in China is a grass-roots kind of thing that works bottom-up. There are hundreds of hacking groups supported by local governments. This is not an easy thing to stamp out because if you try to suppress it, they will go underground and work for cyber crime instead of the government.

This agreement simply is hard to enforce. From the data that is known at the moment, it looks like that the U.S. will have to:

  1. Prove there’s been a cyber incursion, then
  2. Correctly attribute its source, next
  3. Identify what proprietary data was exfiltrated,
  4. Prove that there was a benefit gained from it, and
  5. That the stolen information was put to use
Good luck with that. If you are in the Fortune 100, can call Mandiant after a hack has been discovered, and can write a 10 million dollar retainer check I guess this is not entirely impossible, but getting all 5 points above nailed down is really hard. For the rest of us,  fuhgeddaboutit. You are still on your own. 


Topics: Hacking

Subscribe To Our Blog


Ransomware Has Gone Nuclear Webinar




Get the latest about social engineering

Subscribe to CyberheistNews