Vulnerabilities / Threats //

Advanced Threats

5/11/2015
07:45 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

What Does China-Russia 'No Hack' Pact Mean For US?

It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.

Russia and China on Friday signed a pact agreeing not to hit one another with cyberattacks. Experts agree, however, that the countries don't actually have any intention of ceasing their cyberespionage campaigns against each other. They say that the agreement instead is political posturing intended to send a message to the United States and its allies, though they differ slightly on what that message is, what motivated Russia and China to send it, and what it means for the U.S.

The nations also agreed to exchange technology, share information between their law enforcement agencies, and "jointly counteract technology that may 'destabilize the internal political and socio-economic atmosphere,' 'disturb public order' or 'interfere with the internal affairs of the state,'" as the Wall Street Journal reports.

Tom Kellermann, chief cybersecurity officer of Trend Micro, says this is a natural progression of the economic and military relationship Russia and China have already had together since the Shanghai Cooperation Organization was established in 2001. He says this announcement could be happening now as a reaction to two things: the U.S-backed efforts to change Japan's pacifist constitution to allow Japan's Self-Defense Forces to engage in combat overseas (which would naturally extend to combat in cyberspace) and the U.S.'s new, more aggressive cybersecurity strategy.

Last month, the U.S. Department of Defense announced a new cybersecurity strategy and revealed that Russian hackers had accessed an unclassified DoD network. Also last month, a Department of Justice official explained that the U.S. is giving "no free passes" to cybercriminals, regardless of whether or not they are nation-state actors. This Russian-Chinese cybersecurity pact could be seen, says Kellermann, as a way of the two countries presenting a united front against the U.S.

As Kellermann puts it, "Oh, Mr. Secretary of Defense, you're taking the gloves off? Well, there's two of us. Now what?"

"When the U.S. pursues active defense against one of them, will [Russia and China] respond collectively?" says Kellermann. "That's the inevitable question."

Others say this is an effort probably instigated by the Russians to bolster their stance on Internet governance. Opinions about Internet governance are polarized around openness and sovereignty; Russia and China are largely aligned on the side of sovereignty.

"Russians have tried to shape how the Chinese think about these issues," says James Lewis, senior fellow and program director of the Center for Strategic and International Studies. "The Chinese just went along with it because anything the U.S. disagrees with can't be all bad."

Having two super-powers allied as a united front helps further the agenda in the international debate.

As Richard Bejtlich, Senior Fellow at the Brookings Institute explains, these nations' definition of "information security" is closer to "information control," including censorship and surveillance.

Lewis explains that the countries' tactics on information control are slightly different -- the Chinese are very focused on censorship, while the Russians, he says, have pervasive surveillance and a greater willingness to use physical force.

Bejtlich says that by the agreement to jointly counteract technology that may "disturb public order," Russia and China may be sharing technologies that improve surveillance or help automate censorship, which is still largely manual in China.

He does not, however, think that they would share malware, at least not anything significant. "Possibly they might share some low-level stuff to show good will," says Bejtlich, but those nations aren't going to share serious tricks of the trade because they have each have teams established specifically for cyberspying on the other and he doesn't expect that to change just because they agreed not to hack each other.

"I think they're trying to push the norm of not going to attack each other's critical infrastructure," says Bejtlich.

It's hard to know how close the partnership really is. "We'll know how seriously to take this when we see Chinese sources report it," says Lewis. "The Chinese haven't said anything."

Lewis also says the Russians made the announcement "largely to jerk the Americans' chain. We're always asking for law enforcement cooperation. What better way to irritate us than to cooperate with someone else?"

Will this closer partnership, if it is indeed closer, have any impact on Western law enforcement's efforts to pursue cybercriminals in Russia and China?

Bejtlich proposed one possibility. Suppose the U.S. and the Dutch are planning to capture a Russian cybercriminal while he's on vacation in Holland and a Chinese law enforcement agency gets wind of it? Maybe the Chinese officials would give their Russian counterparts a call.  "I wouldn't be surprised if they said 'The Americans are gonna pounce; get your guy out of there,'" says Bejtlich.

Kellermann says that this pact may just be posturing on the part of China and Russia, but that doesn't mean it shouldn't be taken seriously. "If they're saying they're no longer pointing their guns at each other," says Kellermann, "the guns have to be faced somewhere."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/14/2015 | 5:34:43 PM
Re: Opposing Viewpoints
@RyanSepe I think that sums it up nicely: "This pact seems like more of statement of disapproval more than a statement of things to come." But I'll tell you what: if it DOES change things in the future, it could make things very interesting.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/12/2015 | 8:38:49 AM
Opposing Viewpoints
It will be interesting to see if the US tries to handle this in a similiar fashion...(Creating an InfoSec Coalition with other countries that have similar viewpoints) I think you will still see the same amount of traffic aimed at the US regardless of this pact.

Action Items for the United States? That will depend on the detrimental effects of the pact, if any. This pact seems like more of statement of disapproval more than a statement of things to come, at least in the near future.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.