The UK and China have agreed not to engage in economic cybercrime against one another in a deal reminiscent of that struck between the People’s Republic and the US nearly a month ago.
The agreement was mentioned in a lengthy joint statement on Thursday during president Xi Jinping’s week-long stay in the UK.
The relevant passage has the following:
“The UK and China agree to establish a high-level security dialogue to strengthen exchanges and cooperation on security issues such as non-proliferation, organised crime, cybercrime and illegal immigration. The UK and China agree not to conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of providing competitive advantage.”
There’s no indication whether the “agreement” has any legal weight, although regardless it could be little more than empty political rhetoric if what has happened in the US is anything to go by.
Threat intelligence firm CrowdStrike warned on Monday that it had “detected and prevented” multiple intrusions targeted at customers’ systems by Chinese state-linked hackers over the past three weeks.
The first attempt was made just a day after president Obama and Xi shook hands on a deal in which the two superpowers vowed never to “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.”
Those attacks were traced back to several groups linked to Beijing, including the infamous Deep Panda gang which has been tracked by CrowdStrike for several years now.
One possible explanation for the continuing attacks is if the two administrations agreed that the deal would only come into effect at a future date which has thus far not been made public.
F-Secure security adviser, Tom Gaffney, argued that the UK-China deal, just like its US counterpart, wouldn’t amount to any real change in policy by Beijing because the government has too much invested in its cyber-attack capability.
“Just like in the cold war, spying carried on despite nation states not owning up,” he told Infosecurity. “And in addition most nations use covert agencies which gives them plausible deniability when caught with their fingers in the till. This will not make a difference.”