On Tuesday, reports emerged that U.S. Middle East experts at major U.S. think tanks had been hacked by a Chinese cyperespionage group with links to the Chinese government. The hacker group, known as “DEEP PANDA” by security researchers, left few clues as to why specifically it targeted these U.S. targets, but it is likely that the incident could overshadow the looming U.S.-China Strategic and Economic Dialogue. Cyber issues are coming to the fore in U.S.-China relations and the U.S. government is growing increasingly wary of government-sponsored cyberespionage originating from China.
According to the Washington Post’s report on the incident, the “latest breach follows a pattern identified by experts of Chinese cyberspies targeting major Washington institutions, including think tanks and law firms.” Following this breach, we are left to speculate on the motive. Security researcher Dmitri Alperovitch, cited by the Post notes that his firm noticed a “radical” change in DEEP PANDA’s activity on June 18, “the same day witnesses reported that Sunni extremists seized Iraq’s largest oil refinery.” Although Alperovitch did not disclose specifically which experts or think tanks were affected, the motive prima facie appears to be interest in learning what U.S. experts know about the ongoing situation in Iraq. The hackers may have been attempting to gain access to to non-public information that these experts were privy to.
Additionally, for these hackers, targeting a think tank might make more sense than targeting the U.S. government because the latter would be more sensitive to noticing a breach. As the Post notes, China’s risk exposure in Iraq is relatively large. Chinese state-owned enterprises and private investors have around $14.5 billion invested in Iraq. Furthermore, 8 percent of all Chinese crude oil imports originate in Iraqi oil fields. Given this, China has significant motive to navigate the ongoing crisis in Iraq with care.
Alperovitch notes that rather than hacking U.S. think tanks to gain access to U.S. intelligence and analysis, the Chinese government may be more interested in knowing exactly how determined the U.S. is to not get involved militarily in Iraq at this point in time. “It wouldn’t be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq,” speculates Alperovitch. While the Obama administration has sent military advisors, it has publicly stated that it has no intention of undertaking a major military campaign in Iraq again.
Given that several prominent U.S. think tanks regularly interface electronically with government officials and some have former government officials with access to sensitive information on their staffs, this breach might lead to a greater focus on security at these institutions. Alperovitch correctly notes that think tank fellows “often have close connections with government officials.” The incident further highlights the non-digital side to good cybersecurity practices as these think tanks became targets of value to Chinese hackers in part due to the relationships they maintain with government officials.
This breach is revealing in terms of how widely Chinese hackers are willing to cast their data collection nets. The actual data gathered by this breach on Iraq may ultimately prove unimportant in terms of driving China’s relatively calm response to the crisis unfolding in Iraq. It is more likely instead to prompt U.S. think tanks to take their information security practices more seriously.