U.S. and Chinese officials have agreed to expand cooperation to crack down on cybercrime as China’s state- run news agency said a hacking attack on the U.S. Office of Personnel Management was carried out by criminals there.
White House Press Secretary Josh Earnest pointed to the two-day talks between China and the U.S. which concluded Wednesday in Washington as evidence that the diplomatic row over cyber-intrusions is beginning to smooth over. The talks were a follow-up to a summit between President Barack Obama and his Chinese counterpart, Xi Jinping, who announced an agreement in September that their governments wouldn’t conduct economic espionage through hacking the private networks of companies.
“The one thing that certainly can be pointed to as at least incremental progress is that Chinese officials did follow through on our joint commitment to pursue a cybersecurity dialog,” Earnest told reporters Wednesday.
The two nations agreed to establish guidelines for requesting assistance on cybercrime, hold a “tabletop” cybercrime exercise in Spring 2016, and worked out procedures to establish a cybercrime hot line between their two presidents, according to a statement from the Department of Justice. The next dialog will be held in June in Beijing, it said.
Arrests Reported
Prior to the Xi-Obama summit, the U.S. had threatened sanctions against China if it didn’t do more to curb hacks against U.S. economic interests for commercial gains. U.S. officials had signaled that the attack on the OPM that compromised data on more than 20 million people originated in China.
China’s state-run news agency Xinhua said that an investigation determined that the hacking of the OPM was a criminal case as opposed to a government-sponsored attack. The news service didn’t provide any evidence. U.S. officials declined to comment on the report’s credibility. A handful of hackers linked to the attack were arrested in China before Xi’s visit, the Washington Post reported. The Chinese government has repeatedly denied any role in the attack.
“I don’t have a specific reaction to share with you,” Earnest said when asked about the report.
Participants in the meetings on Tuesday and Wednesday included White House National Security Adviser Susan Rice, Attorney General Loretta Lynch and Homeland Security Secretary Jeh Johnson from the U.S., and Minister of Public Security Guo Shengkun from China.
Nothing Changed
Some U.S. officials said they haven’t seen signs that China is stopping hacking attacks aimed at stealing trade secrets from U.S. companies. William Evanina, the top U.S. national counterintelligence official who works under National Intelligence Director James Clapper, told reporters Nov. 18 that the Chinese government hasn’t stopped.
“We haven’t seen any indication in the private sector that anything has changed,” Evanina said. “It would be turning off a big faucet in China.”
Earnest said progress has been slow. “I would acknowledge it represents modest progress that we can even begin talking about these issues,” he said. “But those conversations are important nonetheless and hopefully can serve as a forum for more and continued information sharing between our two countries on this issue that is a top priority of President Obama.”
Earnest also declined to comment on Chinese claims that U.S. cyber-attacks have increased in China since Xi’s visit in September.
Australian Attack
The meeting in Washington coincided with a report by the Australian Broadcasting Corp. that China is being blamed for a cyber attack on Australia’s Bureau of Meteorology that may have compromised computer systems.
“The Chinese side has repeated on many occasions that the Chinese government firmly opposes and cracks down on all forms of cyber attacks,” Ministry of Foreign Affairs spokeswoman Hua Chunying said in Beijing on Wednesday. “The cybersecurity issue is a global one which calls for the international community’s joint efforts through dialog and cooperation in the spirit of equality and mutual respect. It is not constructive to make unfounded accusations and speculations.”
The security breach at the Bureau of Meteorology would cost millions of dollars to fix as other agencies that receive information from the bureau have been affected, Australia’s national broadcaster said, citing official sources it didn’t identify.
“I would be highly skeptical that the Chinese government would have much to gain from hacking into a meteorological organization at a time when it’s trying to secure trade ties with Australia,” said Jill Slay, director of the Australian Centre for Cyber Security and a professor for the University of New South Wales.
–With assistance from Chris Strohm.