China's 'patriotic' hackers surely will, and they might target Pittsburgh institutions
May 21, 2014 12:00 AM
The Obama administration took the unprecedented step this week of indicting five Chinese military officials for hacking into American companies and stealing their proprietary data, ending Washington’s years-long war of words with Beijing over Chinese cyberspying in favor of tough action.
The Chinese officials will almost certainly never see the inside of a courtroom — the United States has no extradition treaty with China. But China is certain not to take the indictments lying down.
Beijing has already canceled its participation in a U.S.-China working group on, in an ironic twist, cybersecurity. And cybersecurity experts questioned whether a legal counteroffensive is forthcoming in which Beijing indicts U.S. intelligence officials involved in Washington’s own ongoing cyberspying efforts. That could mean targeting relatively low-level American spooks, but Beijing could theoretically go after high-ranking officials like former National Security Agency director Keith Alexander, who also ran the military’s Cyber Command.
“There could be some tit-for-tat legal proceedings,” said Richard Bejtlich, the chief security strategist at computer security company FireEye and a former military intelligence officer. “Then who do they go after? Individual U.S. hackers? Or Alexander?” Bejtlich asked.
Mr. Alexander was responsible for cyberoperations directed at the Chinese government and corporations, including one to implant surveillance equipment in Chinese-made communications equipment. The United States accuses the Chinese hackers of similar offenses — installing spying equipment inside companies’ computers and stealing secrets.
The U.S. indictments include the first criminal charges against state actors responsible for alleged cyberspying against the United States. The alleged activities involve a years-long campaign by the Chinese military and its proxies to hack into the computer systems of American companies, trade associations, unions and law firms and steal confidential information, including business plans, product designs and private communications.
The five men, all of whom allegedly worked for a hacker group known as Unit 61398 directed by the People’s Liberation Army, are accused of giving U.S. companies’ information to Chinese state-owned enterprises, providing them with an unfair advantage over their American competitors.
Cyberspying has been the subject of a long-simmering dispute between Beijing and Washington. But the criminal indictments take the matter to a new level and signals that Barack Obama’s administration has decided its strategy of publicly shaming China into halting its cyberespionage isn’t working. Chinese officials, for their part, denounced the U.S. indictments as “fabricated facts” and said the Justice Department’s actions “seriously violated basic norms of international relations, damage Sino-U.S. cooperation and mutual trust.”
The tough talk suggests China might match the U.S. indictments with some of its own. And there is precedent for foreign governments coming after U.S. intelligence personnel for operations undertaken on their soil. In 2009, an Italian court convicted in absentia 23 CIA employees for their role in kidnapping an Egyptian man in Milan six years earlier. (Like the Chinese hackers, the CIA personnel were not expected to ever spend time in prison.) But those were alleged crimes committed within a foreign country. China and the United States spy on each other remotely.
To have a credible case against a senior U.S. official or a lower-level hacker, the Chinese would have to provide something they’ve never been able to offer: evidence of American cyberspying. “The Chinese keep saying they have all these statistics on the U.S., but they’ve never released anything or shared any names,” said Mr. Bejtlich, a former chief security officer for the computer security firm Mandiant. Last year, Mandiant released a report on the same Chinese unit for which the five indicted military hackers worked.
The U.S. indictments are filled with specific allegations about the men, including where in China they worked, to whom they reported, the kinds of information they stole, what firms they targeted and what they did with the pilfered data. Unless the Chinese can come up with a similarly detailed list of accusations against the NSA, any legal countermove in a Chinese court is likely to be greeted derisively, said Mr. Rosenzweig. “I think the one thing the Chinese don’t want to be is laughed at.”
Mr. Bejtlich predicted that at a minimum, so-called patriotic hackers in China, who undertake operations on behalf of the government and with its implied consent, would launch retaliatory strikes on U.S. targets, including the Justice Department and the U.S. attorney’s office for the Western District of Pennsylvania, where the indictment was filed. Mr. Bejtlich said the companies named as the victims of the Chinese spying campaign should also expect that hackers might target them in retribution.
The Chinese hackers are accused of penetrating the computers of Westinghouse Electric, Alcoa, Allegheny Technologies, U.S. Steel, the United Steelworkers union and SolarWorld, Attorney General Eric Holder announced Monday. The companies are among the biggest energy and raw materials companies in the United States, and the USW is the largest steel labor union.
The Chinese hackers stole pricing information and equipment designs in order to benefit Chinese state-owned industries, the Justice Department alleges. Officials said they couldn’t put a dollar amount on how much the spying had cost U.S. companies. But Mr. Alexander has called Chinese cyberspying “the greatest transfer of wealth in history.”
Shane Harris is a senior staff writer at Foreign Policy covering intelligence and cyber-security.