Wednesday, May 21, 2014

US swipes at China over cyberespionage

China has acted angrily to the US issuing several indictments naming 5 members of the People's Liberation Army and their involvement in a number of cyberattacks on American companies.

The unprecedented move comes a few months after the security firm Mandiant released a detailed dossier pointing to a nondescript building in Shanghai where it said China was launching a series of cyberattacks and conducting cyberespionage operations on a massive scale. [See also: tvnewswatch: Chinas growing hacking army Feb 2013 / tvnewswatch: China angry over US accusations of hacking May 2013]

Scare tactics

The release of the indictments may be intended to scare Chinese hackers into submission. By naming the individuals it would be clear to China that the US now has the capability to trace the origins of the attacks, not only to the country, town or city but to an actual individual. While the indictments are unlikely to result in any extraditions, the people named may well feel a little more uncomfortable than they did prior to the FBI posting their details.

Indeed, these individuals will certainly not be able to freely travel outside of China now that they run the risk of ending up behind bars in a US prison on charges which could result in sentences of up to 240 years.

In the highly unusual move, the men were named in the indictment document complete with photographs. Huang Zhenyu (黄振宇), Wen Xinyu (文新宇), Sun Kailiang (孙凯良), Gu Chunhui (顾春晖) and Wang Dong (王东) were named in the charges for what the US says is a widespread problem [Indictment / Indictment PDF].

Earlier Monday, US Attorney General Eric Holder announced that the men, all members of the People's Liberation Army (PLA), "maintained unauthorized access to victim computers to steal information from these entities that would be useful" to the victims' competitors in China.

Holder said some of the "victims" included U.S. Steel Corp., Westinghouse, Alcoa, Allegheny Technologies, the United Steel Workers Union and SolarWorld [BBC / Guardian / Daily Mail].


However, China has accused the United States of "hypocrisy" and "double standards" following its decision to charge the five Chinese army officers with cybertheft against major American businesses.

The Foreign Ministry in Beijing even took the step of summoning US Ambassador Max Baucus late Monday, the state-run Xinhua news agency reported, as tensions between the two countries threatened to escalate into a full-scale diplomatic incident [Washington Post].

Meanwhile China's defence ministry put out a strongly-worded statement on its website on Tuesday saying that China's government and its military "had never engaged in any cyberespionage activities" [].

It also took aim at the US, saying, "For a long time, the US has possessed the technology and essential infrastructure needed to conduct large-scale systematic cyberthefts and surveillance on foreign government leaders, businesses and individuals. This is a fact which the whole world knows."

"The US' deceitful nature and its practice of double standards when it comes to cybersecurity have long been exposed, from the Wikileaks incident to the Edward Snowden affair."

Snowden became the main pivot to China's criticism from several quarters. A day after the United States announced indictments against five members of the Chinese military, China's ambassador to the US also accused America of hypocrisy and cited the whistleblower during an exclusive interview with CNN's Christiane Amanpour [Full transcript].

"It's really amazing to see that some people still believe they have moral high ground and credibility to accuse others, if we consider the Snowden revelations and so on and so forth," Cui Tiankai said [BBC / CNN / Guardian / Telegraph].

Indeed the revelations concerning the NSA and Prism make the US's position all the more difficult. There is also the accusation that the United States also practices cyberespionage, both on friendly and less friendly countries.

Nonetheless, even if true the advantages taken by the US are somewhat different to its counterparts, at least in respect to the United States stated aim. Much of the US surveillance program is concerned with security, both domestic and international.

However China's cyberespionage is on a very different scale and its motives are varied. As well as defensive cyberespionage, China is engaged in IP theft on a grand scale, be it industrial or military. In addition there is also a growing number of actual cyberattacks emanating from China which are crippling foreign competitors computer systems and costing companies millions of dollars.

Hitting back

Mike Rogers, a Michigan Republican and chairman of the House Permanent Select Committee on Intelligence, is focused on making China pay a price. "Right now there is no incentive for the Chinese to stop doing this," The New York Times quoted Rogers as saying in February 2013. "If we don't create a high price, it's only going to keep accelerating."

It was "beyond a shadow of a doubt" that the Chinese government and military was behind growing cyberattacks against the United States, Rogers said, adding that the US was losing the war to prevent such attacks.

"They use their military and intelligence structure to steal intellectual property from American businesses, and European businesses, and Asian businesses, re-purpose it and then compete in the international market against the United States," Rogers told ABC's This Week.

Eliot Engel, a New York Democratic party representative and ranking member of the House Foreign Affairs Committee, said that there had to be greater consequences for Chinese cyberhacking and cyberespionage, and called for sanctions and indictments against those responsible, as well as limiting access to visas.

"I think we have to make it very clear to them that they – this cannot be business as usual," Engel said. "If they're going to continue to do this to the extent that they're doing it, there's a price to pay."

This week Rogers' call for greater action took a step forward as the FBI posted the indictments on its website. Certainly the individuals concerned are unlikely to get a US visa, unless they really want to stand trial for cyberespionage. But whilst China may have received a small punch on the nose, it was hardly a forceful blow. Indeed, despite the flow of rhetoric coming from the state media, China was not even bloodied from this latest swipe by the United States.

The indictments were unprecedented, but the US needs to be a lot more forceful in order to effect any behavioural change by China or others engaged in cyberattacks. It perhaps also needs to level with its own people and allies over the revelations concerning Snowden and attempt to reclaim the moral high-ground.

tvnewswatch, London, UK

No comments: