Will US Indictment of PLA Cyber Villains Do More Harm Than Good?

Will US Indictment of PLA Cyber Villains Do More Harm Than Good?
Will US Indictment of PLA Cyber Villains Do More Harm Than Good?

When the US this week indicted five alleged People’s Liberation Army members for launching various cyber espionage activities against US firms, the world sat up and took notice. After all, this was the first case of its kind and, as attorney general Eric Holder said, “should serve as a wake-up call to the seriousness of the on-going cyber threat”.

But how effective will it really be in changing the way governments and enterprises react to the growing digital threat from outside their borders? As continued revelations of NSA spying on foreign entities spill out from the Edward Snowden treasure trove, does this bold statement from Washington instead smack more of desperation and hypocrisy?  

The charges themselves, which Holder described on Monday as the first against “known state actors for infiltrating US commercial targets by cyber means", were levelled against the PLA operatives for activities from 2006 up to April this year, according to the indictment.

Specifically, they are said to have hacked Westinghouse Electric, US Steel, Alcoa, Allegheny Technologies, SolarWorld and the US Steelworkers Union. This was done, said Holder, with the aim of using the intelligence gleaned to “advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”.

This “economic espionage” is not something that Washington allows its own state-allied cyber operatives to get involved in, he added.

Yet many may question whether this is actually the case, given the widespread snooping activities allegedly carried out by the NSA. Most recently it was reported that this even extended to hacking private companies including Huawei.

China more sinned against

For its part, China repeated the line that it is more sinned against than sinning, when it comes to global cyber attacks and that the US is the number one source of attacks aimed at organizations within its borders.

"China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets," said Foreign Ministry spokesman Qin Gang in a statement.

To back up its claims, Beijing released the latest stats from the China CERT (CNCERT) which purported to show that from March 19 to May 18, 2,077 Trojan horse networks or botnet servers in the US directly controlled 1.18 million host computers in China.

Further undermining US attempts to take the moral high ground and shame China into modifying or at least reducing cyber operations against it, were new revelations appearing to come from Edward Snowden and published in The Intercept.

They claimed the spy agency has been recording every phone call made in the Bahamas using a system known as SOMALGET.

The system is derived from a broader program known as MYSTIC, which has been secretly recording the metadata of calls in Mexico, the Philippines, and Kenya. However, unlike MYSTIC, SOMALGET can record actual content of conversations as well, according to the report.

The US has been raising cyber espionage with China for some time now, and senior figures including President Obama have gone on record to publically register their displeasure at continued intrusions into US networks.

Yet it has done little to arrest this kind of activity. In fact, security firm Mandiant claimed in a report last month that one year on from naming and shaming PLA unit 61398 as being behind attacks launched by the notorious APT1 group, little had changed.

It concluded:“APT1 and APT12’s reactions to their public exposure suggest that the PRC, despite publicly denying engaging in state-sponsored data theft, is unwilling to permanently cease its use of intrusive cyber operations.”

In the end, rather than shaming China into stopping its activities, the indictment of five PLA officers may cause a backlash against Western companies in the Middle Kingdom.

China has already summoned the US ambassador to protest against Washington’s actions, and it pulled out of a joint cybersecurity working group.
It has also been reported by state-run news service Xinhua that China is looking to ban the use of Windows 8 in all new government computers.

It is a move apparently designed to reduce dependence on essential software which could be end-of-lifed at will by US firms, as Windows XP was last month, although the timing could hint at other motives.

That’s not to say that the US doesn’t have allies on the global stage when it comes to alleged Chinese cyber incursions.

On Monday, researchers at ThreatConnect released a detailed report pointing to widespread Chinese APT activity against several Asian countries including the Philippines and Vietnam. This was aimed at “gaining intelligence connected to the deep-rooted, multi-national disputes that are ongoing in the South China Sea (SCS) region”, the firm said.

A genuine wake-up call?

Greg Day, EMEA CTO at Mandiant owner FireEye, argued that the incident will at least force some of those organizations with a head-in-the-sand approach to targeted attacks to address the issue.
“In many ways the attack that we are least likely to spot due to the targeted nature is the one that will have the greatest impact,” he told Infosecurity. “Whilst we don’t yet have reporting on cyber incidents such examples as this recent case can only help organizations to understand that targeted attacks are real and relevant to every organization.”
Day was more circumspect about whether the US action could ultimately harm Western business interests in China.
“This is not the first conversation between the countries on the subject on hacking and I’m sure it won’t be the last,” he added. “Whilst nation states work on their own capabilities this in many ways seemed to be more about increasing public awareness to the problem. We have seen that in recent years the public can have significant impact on topics they become passionate about.”
Charles Sweeney, CEO of web filtering firm Bloxx, claimed that the backlash on US firms could be huge.
“The question is what form it will take. The Chinese have some of the most sophisticated cyber resources in the world, so will they choose to 'out' American cyber activity or will they instead seek to block US interests in one of the most important economies in the world?” he said to Infosecurity.
“Perhaps the US feels that after the Snowden revelations it has nothing to lose from the former, but surely it's economic recovery isn't robust enough yet to withstand the second? One thing is for sure, the entire security world is waiting to see what China's next move will be.”
Martin Sutherland, MD of consultancy BAE Systems Applied Intelligence, was more optimistic that the bold move by Washington could have a positive effect.
“This really could be a landmark moment that has the potential to change the way in which we respond to the growing threat presented by digital criminality,” he said. “We are constantly working to devise the most rigorous and comprehensive cyber defences possible, but there is little real deterrent against these crimes if the crime cannot be attributed to any individual or if those responsible are not brought to justice.”
He added that the move might set “an interesting precedent for other countries combating digital crime”.
Bit9 CTO Harry Sverdlove argued that while the indictments will not have a significant impact, they at least send a “welcome message”.
“One of the challenges for security professionals when dealing with state-sponsored cyber attacks is determining how far to take an investigation,” he told Infosecurity.
“Once an attack is traced to China or organizations affiliated with the Chinese government, for example, there is a sense of frustration because as individuals or private corporations, there is not much you can do in terms of holding the attackers accountable. Whether these indictments will go anywhere or not, it is refreshing to see that the U.S. government may be willing to pursue the evidence gathering during such investigations.”
While China might not be in the mood for compromise, the US is sending a pretty clear message to the international community about where it considers the line in the sand to be, and if in the process it forces a few companies to rethink their approach to information security, then so much the better.

What’s hot on Infosecurity Magazine?