Earlier this week the U.S. Department of Justice indicted five Chinese military officers for industrial espionage, accusing them of leading attacks on the computers of U.S. companies including U.S. Steel and Westinghouse to gather material to be passed on to Chinese companies.
The move puts U.S. policy in line with experts who have argued that only naming and shaming the perpetrators, and pursuing them through legal action, will rein in such attacks. Digital IP theft is now normal for U.S companies, although few victims disclose the fact.
Dmitri Alperovitch, cofounder and chief technology officer (see “TR35: Dmitri Alperovitch”) of the security company Crowdstrike, a company that offers new ways to trace and fight back against cyberattacks, told MIT Technology Review’s Tom Simonite how the U.S. could use its new strategy to increase the pressure on China even further.
Why has this indictment happened now? Has new evidence come to light?
This case has not popped out of the blue. The deputy attorney general has been pushing to use prosecutions for some time. We have had the evidence needed for a long time from investigations of breaches at U.S. companies.
There are a lot of things out there in the open source intelligence that you can use to identify these guys specifically. The guy known as UglyGorilla [according to the indictment, this is Wang Dong, an officer in China’s Third Department of the General Staff Department of the People’s Liberation Army] we’ve known for years.
I’m under no illusion that this will solve the problems we face, but it’s a big step in that direction. It sends a signal that we very much care about this issue.
Since 2011 the U.S. government has warned China several times about industrial espionage. President Obama raised the issue in his 2013 summit with President Xi Jinping. Have you seen any decrease in the theft of information from U.S. companies?
It’s continued pretty unabated over the last number of years. The tradecraft has changed a little bit in response to public information put out—new tools and exploits—but at the end of the day they’re continuing operations. There are still plenty of people doing this and more and more victims.
I would expect the U.S. government to step back and let this play out for a few more months at least. Don’t expect any action until next year unless the Chinese start to take other actions.
What further action could the U.S. take?
There’s still room for escalation. In the indictment they talk about the SOEs [state-owned enterprises] getting this stolen data but didn’t name them. But it’s pretty easy to figure out. These are massive, multibillion dollar companies in China. The next step could be to charge those SOEs. If you want to make an impact you go after the recipient of the information.
That would have a big impact because it would restrict people from doing business with these companies. Going after them would be a major escalation. This is not a step that the U.S. government would take lightly because it would probably lead to trade retaliations, but that’s an option we have in our back pocket.