Vulnerabilities / Threats //

Advanced Threats

5/11/2015
07:45 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

What Does China-Russia 'No Hack' Pact Mean For US?

It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.

Russia and China on Friday signed a pact agreeing not to hit one another with cyberattacks. Experts agree, however, that the countries don't actually have any intention of ceasing their cyberespionage campaigns against each other. They say that the agreement instead is political posturing intended to send a message to the United States and its allies, though they differ slightly on what that message is, what motivated Russia and China to send it, and what it means for the U.S.

The nations also agreed to exchange technology, share information between their law enforcement agencies, and "jointly counteract technology that may 'destabilize the internal political and socio-economic atmosphere,' 'disturb public order' or 'interfere with the internal affairs of the state,'" as the Wall Street Journal reports.

Tom Kellermann, chief cybersecurity officer of Trend Micro, says this is a natural progression of the economic and military relationship Russia and China have already had together since the Shanghai Cooperation Organization was established in 2001. He says this announcement could be happening now as a reaction to two things: the U.S-backed efforts to change Japan's pacifist constitution to allow Japan's Self-Defense Forces to engage in combat overseas (which would naturally extend to combat in cyberspace) and the U.S.'s new, more aggressive cybersecurity strategy.

Last month, the U.S. Department of Defense announced a new cybersecurity strategy and revealed that Russian hackers had accessed an unclassified DoD network. Also last month, a Department of Justice official explained that the U.S. is giving "no free passes" to cybercriminals, regardless of whether or not they are nation-state actors. This Russian-Chinese cybersecurity pact could be seen, says Kellermann, as a way of the two countries presenting a united front against the U.S.

As Kellermann puts it, "Oh, Mr. Secretary of Defense, you're taking the gloves off? Well, there's two of us. Now what?"

"When the U.S. pursues active defense against one of them, will [Russia and China] respond collectively?" says Kellermann. "That's the inevitable question."

Others say this is an effort probably instigated by the Russians to bolster their stance on Internet governance. Opinions about Internet governance are polarized around openness and sovereignty; Russia and China are largely aligned on the side of sovereignty.

"Russians have tried to shape how the Chinese think about these issues," says James Lewis, senior fellow and program director of the Center for Strategic and International Studies. "The Chinese just went along with it because anything the U.S. disagrees with can't be all bad."

Having two super-powers allied as a united front helps further the agenda in the international debate.

As Richard Bejtlich, Senior Fellow at the Brookings Institute explains, these nations' definition of "information security" is closer to "information control," including censorship and surveillance.

Lewis explains that the countries' tactics on information control are slightly different -- the Chinese are very focused on censorship, while the Russians, he says, have pervasive surveillance and a greater willingness to use physical force.

Bejtlich says that by the agreement to jointly counteract technology that may "disturb public order," Russia and China may be sharing technologies that improve surveillance or help automate censorship, which is still largely manual in China.

He does not, however, think that they would share malware, at least not anything significant. "Possibly they might share some low-level stuff to show good will," says Bejtlich, but those nations aren't going to share serious tricks of the trade because they have each have teams established specifically for cyberspying on the other and he doesn't expect that to change just because they agreed not to hack each other.

"I think they're trying to push the norm of not going to attack each other's critical infrastructure," says Bejtlich.

It's hard to know how close the partnership really is. "We'll know how seriously to take this when we see Chinese sources report it," says Lewis. "The Chinese haven't said anything."

Lewis also says the Russians made the announcement "largely to jerk the Americans' chain. We're always asking for law enforcement cooperation. What better way to irritate us than to cooperate with someone else?"

Will this closer partnership, if it is indeed closer, have any impact on Western law enforcement's efforts to pursue cybercriminals in Russia and China?

Bejtlich proposed one possibility. Suppose the U.S. and the Dutch are planning to capture a Russian cybercriminal while he's on vacation in Holland and a Chinese law enforcement agency gets wind of it? Maybe the Chinese officials would give their Russian counterparts a call.  "I wouldn't be surprised if they said 'The Americans are gonna pounce; get your guy out of there,'" says Bejtlich.

Kellermann says that this pact may just be posturing on the part of China and Russia, but that doesn't mean it shouldn't be taken seriously. "If they're saying they're no longer pointing their guns at each other," says Kellermann, "the guns have to be faced somewhere."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/14/2015 | 5:34:43 PM
Re: Opposing Viewpoints
@RyanSepe I think that sums it up nicely: "This pact seems like more of statement of disapproval more than a statement of things to come." But I'll tell you what: if it DOES change things in the future, it could make things very interesting.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/12/2015 | 8:38:49 AM
Opposing Viewpoints
It will be interesting to see if the US tries to handle this in a similiar fashion...(Creating an InfoSec Coalition with other countries that have similar viewpoints) I think you will still see the same amount of traffic aimed at the US regardless of this pact.

Action Items for the United States? That will depend on the detrimental effects of the pact, if any. This pact seems like more of statement of disapproval more than a statement of things to come, at least in the near future.
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.