Skip to Content

Data Espionage Sleuths Aim to Put Chinese Corporations in Court

CrowdStrike says it can help U.S. companies identify the companies that benefit from stolen data.
February 25, 2013

In recent years, computer security companies and even U.S. government officials have alleged that attackers in China and elsewhere routinely steal company secrets from U.S. corporate computers. But tracing the perpetrators of such breaches and showing which companies may have received the data copied is extremely difficult. Now a startup company, CrowdStrike, has developed tools that it says can track attacks in enough detail for victims to publicly accuse those benefiting. The companies can then take legal action or lobby for international trade sanctions.

That would be a new tactic for U.S. companies, and one that could have significant geopolitical implications. CrowdStrike, like other security companies, says the Chinese military, the People’s Liberation Army—acting on behalf of Chinese companies—is the most prolific infiltrator of U.S. corporate networks. Although the private sector and government are increasingly willing to acknowledge the problem, specific accusations have not yet been made in public, and Washington’s response has been cautious and mostly concerned with national security.

“If we wait for government to solve this problem, we’ll be waiting for a long time,” says Dmitri Alperovitch, CrowdStrike’s cofounder and CTO. “But we can effect a lot of leverage against these groups if we look at where the data goes.”

That requires going a step beyond the type of analysis revealed in a detailed report published by CrowdStrike competitor Mandiant last week. The report grabbed headlines by accusing a particular Chinese army unit of regularly infiltrating U.S. companies (see “Exposé of Chinese Data Thieves Reveals Sloppy Tactics”).

“It’s not the PLA that’s interested in Coca-Cola’s data—there’s another consumer,” says Alperovitch. “It may be state-owned enterprises or a company working closely with the government. You can’t do a lot against the PLA, but you can do a lot against that company.”

CrowdStrike isn’t revealing many details about its technology for fear of helping out attackers. But Alperovitch says that tactics could include using decoys inside a company’s network to deceive attackers into doing things that allow their technology, methods, and communication systems to be reverse-engineered. Other strategies could include directing attackers toward fake versions of valuable data and then watching possible beneficiaries for clues that they saw and acted on it. An approach dubbed “beaconing,” which involves embedding code into data that phones home after it is copied, can also help identify where data ends up, says Alperovitch. The company offers customers a software package called Falcon that can detect attacks, gather data, and help deploy such responses. It also makes computer security and intelligence specialists available to help interpret the data available and advise how a company should proceed.

CrowdStrike has already been working with some U.S. companies and nonprofits, and Alperovitch says it’s gathered strong evidence about companies that have benefited from stolen data. He’s now trying to talk some clients into making a public response such as legal action, but he concedes that the idea causes some nervousness in the boardroom: “A number are thinking hard about it, but they worry about retaliation.” Alperovitch believes that risk could be mitigated if several companies in a particular industry stepped forward together.

Irving Lachow, director of the program on technology and U.S. national security at the Center for a New American Security, a think tank in Washington, D.C., says that many U.S. corporations are ready for new ideas about how to protect themselves because conventional security software isn’t doing the job (see “The Antivirus Era Is Over”). “The level of activity has increased to the point where U.S. companies need to do something different to what they’ve been doing,” he says.

Even so, gathering evidence that ties specific companies to industrial espionage will be a challenge, and Lachow says even strong evidence may not be enough for the U.S. government to impose sanctions. “Sanctions are a government decision, and they have to weigh a number of considerations, economic and political,” he says. Pursuing sanctions for computer-based crime could set a precedent that Washington doesn’t want, he explains. Although the U.S. is not often accused of industrial espionage the way China is, it is known to be home to many developers of criminal malware and a growing military malware industry (see “Welcome to the Malware-Industrial Complex”).

Keep Reading

Most Popular

open sourcing language models concept
open sourcing language models concept

Meta has built a massive new language AI—and it’s giving it away for free

Facebook’s parent company is inviting researchers to pore over and pick apart the flaws in its version of GPT-3

transplant surgery
transplant surgery

The gene-edited pig heart given to a dying patient was infected with a pig virus

The first transplant of a genetically-modified pig heart into a human may have ended prematurely because of a well-known—and avoidable—risk.

Muhammad bin Salman funds anti-aging research
Muhammad bin Salman funds anti-aging research

Saudi Arabia plans to spend $1 billion a year discovering treatments to slow aging

The oil kingdom fears that its population is aging at an accelerated rate and hopes to test drugs to reverse the problem. First up might be the diabetes drug metformin.

Yann LeCun
Yann LeCun

Yann LeCun has a bold new vision for the future of AI

One of the godfathers of deep learning pulls together old ideas to sketch out a fresh path for AI, but raises as many questions as he answers.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.