When the US this week indicted five alleged People’s Liberation Army members for launching various cyber espionage activities against US firms, the world sat up and took notice. After all, this was the first case of its kind and, as attorney general Eric Holder said, “should serve as a wake-up call to the seriousness of the on-going cyber threat”.
But how effective will it really be in changing the way governments and enterprises react to the growing digital threat from outside their borders? As continued revelations of NSA spying on foreign entities spill out from the Edward Snowden treasure trove, does this bold statement from Washington instead smack more of desperation and hypocrisy?
The charges themselves, which Holder described on Monday as the first against “known state actors for infiltrating US commercial targets by cyber means", were levelled against the PLA operatives for activities from 2006 up to April this year, according to the indictment.
Specifically, they are said to have hacked Westinghouse Electric, US Steel, Alcoa, Allegheny Technologies, SolarWorld and the US Steelworkers Union. This was done, said Holder, with the aim of using the intelligence gleaned to “advantage state-owned companies and other interests in China, at the expense of businesses here in the United States”.
This “economic espionage” is not something that Washington allows its own state-allied cyber operatives to get involved in, he added.
Yet many may question whether this is actually the case, given the widespread snooping activities allegedly carried out by the NSA. Most recently it was reported that this even extended to hacking private companies including Huawei.
China more sinned against
For its part, China repeated the line that it is more sinned against than sinning, when it comes to global cyber attacks and that the US is the number one source of attacks aimed at organizations within its borders.
"China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets," said Foreign Ministry spokesman Qin Gang in a statement.
To back up its claims, Beijing released the latest stats from the China CERT (CNCERT) which purported to show that from March 19 to May 18, 2,077 Trojan horse networks or botnet servers in the US directly controlled 1.18 million host computers in China.
Further undermining US attempts to take the moral high ground and shame China into modifying or at least reducing cyber operations against it, were new revelations appearing to come from Edward Snowden and published in The Intercept.
They claimed the spy agency has been recording every phone call made in the Bahamas using a system known as SOMALGET.
The system is derived from a broader program known as MYSTIC, which has been secretly recording the metadata of calls in Mexico, the Philippines, and Kenya. However, unlike MYSTIC, SOMALGET can record actual content of conversations as well, according to the report.
The US has been raising cyber espionage with China for some time now, and senior figures including President Obama have gone on record to publically register their displeasure at continued intrusions into US networks.
Yet it has done little to arrest this kind of activity. In fact, security firm Mandiant claimed in a report last month that one year on from naming and shaming PLA unit 61398 as being behind attacks launched by the notorious APT1 group, little had changed.
It concluded:
In the end, rather than shaming China into stopping its activities, the indictment of five PLA officers may cause a backlash against Western companies in the Middle Kingdom.
It is a move apparently designed to reduce dependence on essential software which could be end-of-lifed at will by US firms, as Windows XP was last month, although the timing could hint at other motives.
On Monday, researchers at ThreatConnect released a detailed report pointing to widespread Chinese APT activity against several Asian countries including the Philippines and Vietnam. This was aimed at “gaining intelligence connected to the deep-rooted, multi-national disputes that are ongoing in the South China Sea (SCS) region”, the firm said.
A genuine wake-up call?