How the U.S. Could Escalate Its Name-and-Shame Campaign Against China’s Espionage
Earlier this week the U.S. Department of Justice indicted five Chinese military officers for industrial espionage, accusing them of leading attacks on the computers of U.S. companies including U.S. Steel and Westinghouse to gather material to be passed on to Chinese companies.
The move puts U.S. policy in line with experts who have argued that only naming and shaming the perpetrators, and pursuing them through legal action, will rein in such attacks. Digital IP theft is now normal for U.S companies, although few victims disclose the fact.
Dmitri Alperovitch, cofounder and chief technology officer (see “TR35: Dmitri Alperovitch”) of the security company Crowdstrike, a company that offers new ways to trace and fight back against cyberattacks, told MIT Technology Review’s Tom Simonite how the U.S. could use its new strategy to increase the pressure on China even further.
Why has this indictment happened now? Has new evidence come to light?
This case has not popped out of the blue. The deputy attorney general has been pushing to use prosecutions for some time. We have had the evidence needed for a long time from investigations of breaches at U.S. companies.
There are a lot of things out there in the open source intelligence that you can use to identify these guys specifically. The guy known as UglyGorilla [according to the indictment, this is Wang Dong, an officer in China’s Third Department of the General Staff Department of the People’s Liberation Army] we’ve known for years.
I’m under no illusion that this will solve the problems we face, but it’s a big step in that direction. It sends a signal that we very much care about this issue.
Since 2011 the U.S. government has warned China several times about industrial espionage. President Obama raised the issue in his 2013 summit with President Xi Jinping. Have you seen any decrease in the theft of information from U.S. companies?
It’s continued pretty unabated over the last number of years. The tradecraft has changed a little bit in response to public information put out—new tools and exploits—but at the end of the day they’re continuing operations. There are still plenty of people doing this and more and more victims.
I would expect the U.S. government to step back and let this play out for a few more months at least. Don’t expect any action until next year unless the Chinese start to take other actions.
What further action could the U.S. take?
There’s still room for escalation. In the indictment they talk about the SOEs [state-owned enterprises] getting this stolen data but didn’t name them. But it’s pretty easy to figure out. These are massive, multibillion dollar companies in China. The next step could be to charge those SOEs. If you want to make an impact you go after the recipient of the information.
That would have a big impact because it would restrict people from doing business with these companies. Going after them would be a major escalation. This is not a step that the U.S. government would take lightly because it would probably lead to trade retaliations, but that’s an option we have in our back pocket.
Geoffrey Hinton tells us why he’s now scared of the tech he helped build
“I have suddenly switched my views on whether these things are going to be more intelligent than us.”
ChatGPT is going to change education, not destroy it
The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.
Meet the people who use Notion to plan their whole lives
The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.
Learning to code isn’t enough
Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.