Earlier this week the U.S. Department of Justice indicted five Chinese military officers for industrial espionage, accusing them of leading attacks on the computers of U.S. companies including U.S. Steel and Westinghouse to gather material to be passed on to Chinese companies.
The move puts U.S. policy in line with experts who have argued that only naming and shaming the perpetrators, and pursuing them through legal action, will rein in such attacks. Digital IP theft is now normal for U.S companies, although few victims disclose the fact.
Dmitri Alperovitch, cofounder and chief technology officer (see “TR35: Dmitri Alperovitch”) of the security company Crowdstrike, a company that offers new ways to trace and fight back against cyberattacks, told MIT Technology Review’s Tom Simonite how the U.S. could use its new strategy to increase the pressure on China even further.
Why has this indictment happened now? Has new evidence come to light?
This case has not popped out of the blue. The deputy attorney general has been pushing to use prosecutions for some time. We have had the evidence needed for a long time from investigations of breaches at U.S. companies.
There are a lot of things out there in the open source intelligence that you can use to identify these guys specifically. The guy known as UglyGorilla [according to the indictment, this is Wang Dong, an officer in China’s Third Department of the General Staff Department of the People’s Liberation Army] we’ve known for years.
I’m under no illusion that this will solve the problems we face, but it’s a big step in that direction. It sends a signal that we very much care about this issue.
Since 2011 the U.S. government has warned China several times about industrial espionage. President Obama raised the issue in his 2013 summit with President Xi Jinping. Have you seen any decrease in the theft of information from U.S. companies?
It’s continued pretty unabated over the last number of years. The tradecraft has changed a little bit in response to public information put out—new tools and exploits—but at the end of the day they’re continuing operations. There are still plenty of people doing this and more and more victims.
I would expect the U.S. government to step back and let this play out for a few more months at least. Don’t expect any action until next year unless the Chinese start to take other actions.
What further action could the U.S. take?
There’s still room for escalation. In the indictment they talk about the SOEs [state-owned enterprises] getting this stolen data but didn’t name them. But it’s pretty easy to figure out. These are massive, multibillion dollar companies in China. The next step could be to charge those SOEs. If you want to make an impact you go after the recipient of the information.
That would have a big impact because it would restrict people from doing business with these companies. Going after them would be a major escalation. This is not a step that the U.S. government would take lightly because it would probably lead to trade retaliations, but that’s an option we have in our back pocket.
This startup wants to copy you into an embryo for organ harvesting
With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.
VR is as good as psychedelics at helping people reach transcendence
On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.
This nanoparticle could be the key to a universal covid vaccine
Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.
This artist is dominating AI-generated art. And he’s not happy about it.
Greg Rutkowski is a more popular prompt than Picasso.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.