The U.S. and China have locked horns over cyber-espionage before, but not quite like this.
Authorities in the U.S. announced today the indictment of five Chinese military personnel for hacking U.S. companies in the nuclear, metals and solar power industries in a series of attacks stretching back to 2006. The indictment is being touted by Justice Department officials as something of a watershed moment in cyber-security – one global power pressing criminal charges against another for economic espionage in cyberspace. But what the impact will be long-term when it comes to the relations between the two countries and efforts to stop the activity remains to be seen.
“Ultimately, today’s events will not likely have a measureable impact on global espionage,” opined Jon Heimerl, senior security strategist at Solutionary. “Private and government-backed espionage will continue regardless of how this particular case progresses. If anything, it is conceivable that this could increase espionage against the United States, as the charges do more to raise the U.S. position than they do the hacker position.”
“As far as the allegations go, it is hard to say how this is all going to shake out,” he continued. “In this case, the foreign government would have to give some acknowledgement of the allegations for there to be any foundation for criminal prosecution. There is a lot of gray here, but it is interesting that the U.S. has decided to proceed with charges. By any number of international standards, it would not be surprising at all to see more lawsuits filed as a result of eavesdropping or corporate spying. These activities could be considered crimes by any and all foreign governments.”
The indictment alleges thatWang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA), and were involved in attacks on a number of U.S. companies. Huang and Gu supported the group’s activities by managing the infrastructure behind the attacks, while the others launched the attacks themselves.
For example, in 2012, Pittsburgh-basedAllegheny Technologies Inc. (ATI) was engaged in a joint venture with a state-sponsored enterprise in China and became involved in a trade dispute. That April, Wen gained access to ATI’s network and stole network credentials for virtually every ATI employee, according to the indictment.
For its part, China has already denounced the accusations, which Foreign Ministry Spokesperson Qin Gang called “ungrounded.”
“This US move, which is based on fabricated facts, grossly violates the basic norms governing international relations and jeopardizes China-US cooperation and mutual trust,” the spokesperson said in a statement. “China lodged protest with the US side right after the announcement, urging the US side to immediately correct its mistake and withdraw the indictment.”
“The position of the Chinese government on cyber security is consistent and clear-cut,” the statement continued. “China is steadfast in upholding cyber security. The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets.”
Craig Carpenter, chief cyber security strategist at AccessData, said he suspects China will likely strike back in the court of public opinion by working to uncovermore Snowden-like activity by the US government, and working with Russia to undermine the U.S. with revelations about U.S. spying activity.
“The public nature of bringing formal charges against Chinese officials – along with the strength of the language used by US officials – is highly unusual and is all but guaranteed to elicit a Chinese response as strongly worded as these allegations, if not more so,” he said.
“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” said FBI Director James B. Comey, in a statement. “The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.”
Despite the strong words, the actual fallout diplomatically may be minimal, argued Dov Yoran, CEO of ThreatGrid.
“I don’t anticipate much diplomatic fallout,” he said. “This will ultimately be a symbolic gesture, and seems to be an act of political brinksmanship, more than anything else, at a time when U.S-Chinese relations are evolving.”
Brian Prince is a Contributing Writer for SecurityWeek.Previous Columns by Brian Prince:U.S. Charges Chinese Hackers With Economic Espionage as China Calls Accusations FabricatedDevices Leak Critical Information Via SNMP Public Community String: ResearchersFormer Subway Franchise Owner Pleads Guilty to PoS System HackingElderwood Attack Platform Linked to Multiple Internet Explorer Zero-Day Attacks: Symantec Review of NIST Crypto Standards and Development Process Kicks Off