China Cuffs Hackers at Request of US Officials

The Chinese government has arrested several hackers at the request of the US authorities in a sign of greater co-operation between the two superpowers on cyber issues.

According to a Washington Post report, US law enforcement and intelligence agencies drew up a shortlist of suspects they’d identified as engaging in such activity and handed it to the Chinese authorities.

“We need to know that you’re serious. So we gave them a list, and we said, ‘Look, here’s these guys. Round them up’,” one person familiar with the matter told the paper.

The move came one or two weeks before president Xi Jinping’s visit to Washington at a time when there was talk of the US enforcing unprecedented economic sanctions in retaliation for economic cyber espionage against American companies.

It remains to be seen, however, whether this is the start of ongoing co-operation on such matters or whether Beijing agreed on this occasion to avoid sanctions and any embarrassment ahead of Xi’s state visit.

During that visit, China and the US signed a joint deal promising that neither side would engage in cyber espionage for commercial advantage, and agreeing to share intelligence on cyber attacks.

It noted:

“The United States and China committed that neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”

Experts claimed that Beijing would try to distance itself from those arrested.

Commenting on the news via his Twitter feed, FireEye/Mandiant strategist Richard Bejtlich said: “Arresting CN hackers explicitly tied to theft for biz benefit puts CN gov in awkward position. I bet they nabbed ‘contractors,’ not PLA/MSS.

He added: “If CN gov arrested 61398 members, CN gov will likely claim they were rogue actors. Fits w/anti-corruption campaign, but bad for PLA morale.”

The infamous Unit 61398 was first exposed by Mandiant two years ago in a landmark report which linked the Chinese People’s Liberation Army to prolific hackers APT1 for the first time.

The report was cited by Washington when it took the unprecedented step last year of indicting five PLA officers for hacking US firms for economic advantage.

China has always denied state-sponsored snooping for such ends goes on, claiming it is a victim not a perpetrator.

Washington will now want to see those arrested get a public trial to show China is serious about cracking down on hackers.

What’s Hot on Infosecurity Magazine?