Charging of Chinese hackers signals aggressive new cyber strategy here to stay

Jenna McLaughlin
National Security and Investigations Reporter
Deputy Attorney General Rod Rosenstein speaks at the Justice Department on Thursday as FBI Director Christopher Wray listens. (Photo: Manuel Balce Ceneta/AP)

The U.S. Department of Justice has indicted two Chinese nationals allegedly involved in an international hacking scheme that targeted “dozens of companies in the United States and around the world,” Deputy Attorney General Rod Rosenstein announced Thursday morning.

The hackers targeted companies “in at least a dozen countries,” including the U.S., Rosenstein said. The global hacking campaign involved using malware to target MSPs — managed service providers — which are used to store commercial and proprietary data.

The indictment follows a growing pattern of charging Chinese individuals for hacking operations, ranging from allegations out of New York that an individual stole information about turbine technology to charges against 10 sources alleged to have “conspired to hack U.S. and European defense and aerospace contractors” in Ohio in October.

The Justice Department “will continue” its approach of using “indictments as forms of attribution and deterrence policy,” said John Carlin — the former assistant attorney general for the national security division of the DOJ who pioneered the strategy under President Barack Obama — recently at an event in Washington, D.C.

That strategy remains unchanged under President Trump’s administration, the Justice Department says.

“The department’s position remains that Chinese economic espionage is intolerable, and we will use all of our lawful tools to confront and deter it,” Marc Raimondi, a department spokesperson, told Yahoo News last month.

“China wants the fruits of America’s brainpower to harvest the seeds of its desired economic dominance. Preventing this from happening will take all of us here at the Justice Department, across the U.S. government and within the private sector,” said John Demers, a senior Justice Department official, said last month, announcing new charges against a Taiwanese company, a Chinese company and multiple individuals for economic espionage.

A poster shows two Chinese citizens suspected to be part of the APT 10 Group and carrying out an extensive hacking campaign to steal data from U.S. companies. (Photo: Manuel Balce Ceneta/AP)

The strategy of indicting individual hackers, rather than sanctioning adversaries or military units as a whole, has several benefits, says Peter Mattis, a former intelligence official and now a research fellow in China studies at the Victims of Communism Memorial Foundation.

This approach “ensures evidence becomes public” and “tells Beijing that the United States has some visibility into what the government’s hackers are doing. It also forces the intelligence community to obtain evidence that can be used in a court of law.” The Justice Department “is the critical policy agency, the center of gravity” in cyber investigations, he told Yahoo News.

However, the strategy has potential drawbacks.

Some former intelligence officials who have worked in offensive cyber operations told Yahoo News there is concern that condemning foreign officials doing state-sanctioned work puts U.S. citizens doing similar work at risk. And because countries like Russia and China are not likely to extradite their own intelligence officers, the indictments could be viewed as empty  threats.

The U.S. did succeed in getting a Chinese suspect extradited from Belgium in October, however.

Targeting those who occasionally work for Chinese state security services as freelancers may be even more effective, said Dmitri Alperovitch, co-founder of cybersecurity intelligence firm CrowdStrike.

“Indictments would have a very hard time deterring people working for foreign intelligence services. If our officials in China were indicted, they would not stop their work,” he said at an event in Washington last month. “But contractors — they might think twice.”



Read more from Yahoo News: