That was quite a show the government put on Monday. The dramatic press conference featuring Attorney General Eric Holder, the coordinated press leaks ahead of the announcement, the strong statements about the sanctity of American commerce and how the United States will prosecute those who conduct cyberespionage against American targets. There were even cyber-wanted posters. All that was missing was a folding table loaded down with the weapons of choice: hard drives, mouses and keyboards.
It was high drama. Indicting five Chinese military officers for allegedly hacking into the networks of several old-line American companies and stealing financial data, technical specifications, internal communications and other sensitive information was an unprecedented step in what has been a long-running war of words between American and Chinese politicians and diplomats. The Obama administration has accused the Chinese military of running regular operations to compromise the networks of American businesses and steal as much intellectual property as they can. The Chinese, of course, deny this, and counter that the U.S. is in fact the one targeting Chinese businesses and government agencies. The rhetoric has reached the highest levels in recent months, with President Obama talking about the problem of cyberespionage with Chinese President Xi Jinping in September.
The outcome of that discussion apparently wasn’t satisfactory, so now we get the made-for-TV melodrama of Holder and FBI officials reading off charges against Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, officers in the People’s Liberation Army, whom the U.S. accuses of running several operations against companies such as Westinghouse, Alcoa and U.S. Steel. It makes for great clips and sound bites, but at its core, the press conference and the indictments themselves are a lot of sound and fury signifying nothing.
Let’s be honest; the chances of any of these men ever setting foot in the U.S. to face these charges are roughly zero point zero.
That may be rounding down, but only slightly. Traditional cybercrime, such as credit card fraud, bank fraud and online scams, has been a problem for the better part of 20 years now, and the FBI and other law enforcement agencies have made remarkable progress in tracking and disrupting large organized cybercrime groups. Coincidentally, the FBI on Monday announced a major series of arrests of the alleged operators of the Blackshades RAT, a group that stretches around the globe. But as much progress as global law enforcement agencies have made in this area, the difficulty of extraditing accused cybercriminals to the U.S. for prosecution remains a serious issue.
Researchers and law enforcement agencies are getting better at the attribution part of this problem, identifying who is behind a given attack. But finding those attackers and then somehow convincing a perhaps not-so-friendly government to hand them over for prosecution in the U.S. is the hard part. The difficulty is compounded many times over when the alleged attackers reside in China. The Chinese government has virtually no incentive whatsoever to cooperate with the U.S. on this issue. Relations between the two governments are not, shall we say, ideal, and putting five PLA officers on FBI most wanted posters is not likely to help in that regard.
Nor does the U.S. hold the moral high ground here. As the Snowden revelations of the last year have shown, the NSA and the U.S. government have turned the Internet into a turnkey surveillance platform, bending the global network to its will and its purpose. The latest evidence of this also surfaced Monday, with The Intercept revealing that the NSA was recording all of the cell phone traffic in the Bahamas and another, unnamed country. The U.S. also has long accused the Chinese IT company Huawei of being a pawn of the government, and has warned American companies about buying gear from the company, for fear it may be compromised during manufacture. As it turns out, the NSA allegedly has been conducting just such operations on IT gear manufactured by U.S. companies, intercepting shipments and implanting “beacons” that give the agency access to the boxes after installation.
It’s difficult to take a tough stance on things like this, when there’s an army of skeletons banging on the door of your own closet. But that won’t stop the government from building on these indictments, pointing to them as a first step in a historic war on cyber espionage.
“The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources,” Holder said.
There is much more to be done, but saber rattling and legal grandstanding won’t help. Security people like to look at solutions to a given problem in terms of potential outcomes. And none of the likely outcomes from this episode are very good for U.S. interests. The Chinese already have said that they’re suspending participation in the China-U.S. Cyber Working Group. If the Obama administration and those that follow in the coming years are serious about addressing this problem, it should find solutions that have the potential to produce favorable outcomes, rather than those that make a nice media splash and have no hope of actually working.