This is no surprise: in the wake of damaging revelations about its online attacks on the west, China has disclosed attacks on its networks.
Not only was last week's Mandiant report a gamechanger, I’m predicting that within a year or two China will drop its large-scale corporate espionage programme.
In part, that's because China's disclosures in fact highlight the criminal nature of the PLA hacks. Whereas China has only suffered attacks on military sites, the real damage in the reports by Mandiant and Business Week were the details of China’s theft of business secrets.
Sooner rather than later China will come to see the corporate attacks as a low-percentage play.
The underlying narrative in western reporting has been of a clever China Inc. stealing into foreign networks, downloading terabytes of data and seamlessly transferring it to its own corporate sector for easy profit.
In truth, China’s giant, secretive bureaucracies don’t play well. They are severely constrained by their size, dysfunction, deep-rooted corruption and suspicion of each other (proof point: it took Beijing a typically tardy ten days to respond to Mandiant).
Mandiant estimates PLA hacking teams have stolen data from hundreds if not thousands of foreign organizations. The task of sifting through those petabytes of material, identifying valuable corporate information and somehow directing it to the ‘right’ agency or state enterprise would tax the most efficient system.
To take one prominent example, the attempts to steal Google’s search engine secrets don’t seem to have helped Jike, the Chinese state-backed search engine with a market share of close to zero.
More likely, I suspect, is that the corporate attacks have taken place with the tolerance of rather than the active direction by the top leadership. Few officials would wish to get into a scrap with the PLA, and certainly not on behalf of foreign corporations.
Plus, this being China, it’s not beyond the bounds that some PLA officers are running these hacks commercial agendas in mind.
This is not to say that politically-motivated attacks, such as those on activists’ Gmail accounts, or on the New York Times and Bloomberg, aren’t directed from the highest level, or that none of the corporate spying has yielded results.
But these industrial-strength raids on corporate networks surely yield little, except increasing embarrassment. China may despise the democratic west but it can ignore world opinion only up to a point.
Just as diplomatic and trade pressure forced China to stop transferring weapons technology to the Middle East in the 1990s, transparency will help it abandon its heist of foreign commercial secrets.