How the U.S. Could Escalate Its Name-and-Shame Campaign Against China’s Espionage
Earlier this week the U.S. Department of Justice indicted five Chinese military officers for industrial espionage, accusing them of leading attacks on the computers of U.S. companies including U.S. Steel and Westinghouse to gather material to be passed on to Chinese companies.
The move puts U.S. policy in line with experts who have argued that only naming and shaming the perpetrators, and pursuing them through legal action, will rein in such attacks. Digital IP theft is now normal for U.S companies, although few victims disclose the fact.
Dmitri Alperovitch, cofounder and chief technology officer (see “TR35: Dmitri Alperovitch”) of the security company Crowdstrike, a company that offers new ways to trace and fight back against cyberattacks, told MIT Technology Review’s Tom Simonite how the U.S. could use its new strategy to increase the pressure on China even further.
Why has this indictment happened now? Has new evidence come to light?
This case has not popped out of the blue. The deputy attorney general has been pushing to use prosecutions for some time. We have had the evidence needed for a long time from investigations of breaches at U.S. companies.
There are a lot of things out there in the open source intelligence that you can use to identify these guys specifically. The guy known as UglyGorilla [according to the indictment, this is Wang Dong, an officer in China’s Third Department of the General Staff Department of the People’s Liberation Army] we’ve known for years.
I’m under no illusion that this will solve the problems we face, but it’s a big step in that direction. It sends a signal that we very much care about this issue.
Since 2011 the U.S. government has warned China several times about industrial espionage. President Obama raised the issue in his 2013 summit with President Xi Jinping. Have you seen any decrease in the theft of information from U.S. companies?
It’s continued pretty unabated over the last number of years. The tradecraft has changed a little bit in response to public information put out—new tools and exploits—but at the end of the day they’re continuing operations. There are still plenty of people doing this and more and more victims.
I would expect the U.S. government to step back and let this play out for a few more months at least. Don’t expect any action until next year unless the Chinese start to take other actions.
What further action could the U.S. take?
There’s still room for escalation. In the indictment they talk about the SOEs [state-owned enterprises] getting this stolen data but didn’t name them. But it’s pretty easy to figure out. These are massive, multibillion dollar companies in China. The next step could be to charge those SOEs. If you want to make an impact you go after the recipient of the information.
That would have a big impact because it would restrict people from doing business with these companies. Going after them would be a major escalation. This is not a step that the U.S. government would take lightly because it would probably lead to trade retaliations, but that’s an option we have in our back pocket.
Keep Reading
Most Popular
This new data poisoning tool lets artists fight back against generative AI
The tool, called Nightshade, messes up training data in ways that could cause serious damage to image-generating AI models.
The Biggest Questions: What is death?
New neuroscience is challenging our understanding of the dying process—bringing opportunities for the living.
Rogue superintelligence and merging with machines: Inside the mind of OpenAI’s chief scientist
An exclusive conversation with Ilya Sutskever on his fears for the future of AI and why they’ve made him change the focus of his life’s work.
How to fix the internet
If we want online discourse to improve, we need to move beyond the big platforms.
Stay connected
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.