Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

5/11/2015
07:45 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

What Does China-Russia 'No Hack' Pact Mean For US?

It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.

Russia and China on Friday signed a pact agreeing not to hit one another with cyberattacks. Experts agree, however, that the countries don't actually have any intention of ceasing their cyberespionage campaigns against each other. They say that the agreement instead is political posturing intended to send a message to the United States and its allies, though they differ slightly on what that message is, what motivated Russia and China to send it, and what it means for the U.S.

The nations also agreed to exchange technology, share information between their law enforcement agencies, and "jointly counteract technology that may 'destabilize the internal political and socio-economic atmosphere,' 'disturb public order' or 'interfere with the internal affairs of the state,'" as the Wall Street Journal reports.

Tom Kellermann, chief cybersecurity officer of Trend Micro, says this is a natural progression of the economic and military relationship Russia and China have already had together since the Shanghai Cooperation Organization was established in 2001. He says this announcement could be happening now as a reaction to two things: the U.S-backed efforts to change Japan's pacifist constitution to allow Japan's Self-Defense Forces to engage in combat overseas (which would naturally extend to combat in cyberspace) and the U.S.'s new, more aggressive cybersecurity strategy.

Last month, the U.S. Department of Defense announced a new cybersecurity strategy and revealed that Russian hackers had accessed an unclassified DoD network. Also last month, a Department of Justice official explained that the U.S. is giving "no free passes" to cybercriminals, regardless of whether or not they are nation-state actors. This Russian-Chinese cybersecurity pact could be seen, says Kellermann, as a way of the two countries presenting a united front against the U.S.

As Kellermann puts it, "Oh, Mr. Secretary of Defense, you're taking the gloves off? Well, there's two of us. Now what?"

"When the U.S. pursues active defense against one of them, will [Russia and China] respond collectively?" says Kellermann. "That's the inevitable question."

Others say this is an effort probably instigated by the Russians to bolster their stance on Internet governance. Opinions about Internet governance are polarized around openness and sovereignty; Russia and China are largely aligned on the side of sovereignty.

"Russians have tried to shape how the Chinese think about these issues," says James Lewis, senior fellow and program director of the Center for Strategic and International Studies. "The Chinese just went along with it because anything the U.S. disagrees with can't be all bad."

Having two super-powers allied as a united front helps further the agenda in the international debate.

As Richard Bejtlich, Senior Fellow at the Brookings Institute explains, these nations' definition of "information security" is closer to "information control," including censorship and surveillance.

Lewis explains that the countries' tactics on information control are slightly different -- the Chinese are very focused on censorship, while the Russians, he says, have pervasive surveillance and a greater willingness to use physical force.

Bejtlich says that by the agreement to jointly counteract technology that may "disturb public order," Russia and China may be sharing technologies that improve surveillance or help automate censorship, which is still largely manual in China.

He does not, however, think that they would share malware, at least not anything significant. "Possibly they might share some low-level stuff to show good will," says Bejtlich, but those nations aren't going to share serious tricks of the trade because they have each have teams established specifically for cyberspying on the other and he doesn't expect that to change just because they agreed not to hack each other.

"I think they're trying to push the norm of not going to attack each other's critical infrastructure," says Bejtlich.

It's hard to know how close the partnership really is. "We'll know how seriously to take this when we see Chinese sources report it," says Lewis. "The Chinese haven't said anything."

Lewis also says the Russians made the announcement "largely to jerk the Americans' chain. We're always asking for law enforcement cooperation. What better way to irritate us than to cooperate with someone else?"

Will this closer partnership, if it is indeed closer, have any impact on Western law enforcement's efforts to pursue cybercriminals in Russia and China?

Bejtlich proposed one possibility. Suppose the U.S. and the Dutch are planning to capture a Russian cybercriminal while he's on vacation in Holland and a Chinese law enforcement agency gets wind of it? Maybe the Chinese officials would give their Russian counterparts a call.  "I wouldn't be surprised if they said 'The Americans are gonna pounce; get your guy out of there,'" says Bejtlich.

Kellermann says that this pact may just be posturing on the part of China and Russia, but that doesn't mean it shouldn't be taken seriously. "If they're saying they're no longer pointing their guns at each other," says Kellermann, "the guns have to be faced somewhere."

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/14/2015 | 5:34:43 PM
Re: Opposing Viewpoints
@RyanSepe I think that sums it up nicely: "This pact seems like more of statement of disapproval more than a statement of things to come." But I'll tell you what: if it DOES change things in the future, it could make things very interesting.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/12/2015 | 8:38:49 AM
Opposing Viewpoints
It will be interesting to see if the US tries to handle this in a similiar fashion...(Creating an InfoSec Coalition with other countries that have similar viewpoints) I think you will still see the same amount of traffic aimed at the US regardless of this pact.

Action Items for the United States? That will depend on the detrimental effects of the pact, if any. This pact seems like more of statement of disapproval more than a statement of things to come, at least in the near future.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15239
PUBLISHED: 2019-08-20
In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifi...
CVE-2019-15227
PUBLISHED: 2019-08-20
FlightPath 4.8.3 has XSS in the Content, Edit urgent message, and Users sections of the Admin Console. This could lead to cookie stealing and other malicious actions.
CVE-2019-15237
PUBLISHED: 2019-08-20
Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, leading to homograph attacks.
CVE-2019-15228
PUBLISHED: 2019-08-20
FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.
CVE-2019-15229
PUBLISHED: 2019-08-20
FUEL CMS 1.4.4 has CSRF in the blocks/create/ Create Blocks section of the Admin console. This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.