Hacker indictments against China's military unlikely to change anything

The move makes for good publicity, but will do little to deter hackers

The U.S. government's decision Monday to formally indict five members of the Chinese military on criminal hacking charges marks a significant escalation of what until now has been largely a war of words between officials of both countries.

Many see the indictments as long overdue. U.S. government officials and security experts have long pointed to China as the single largest source of state-sponsored attacks against U.S. government, military and corporate networks. Over the past several years, China-based hackers are believed to have stolen huge troves of military and industrial data from the U.S.

The big question is whether today's indictments will accomplish anything.

It's a near certainty that China will not hand over the five individuals to the U.S. or hold them accountable in that country. And it's unlikely that the indictments alone will significantly slow the alleged Chinese attacks against U.S. assets -- if that is, indeed, the goal.

Instead, all the move is likely to do is provoke China to retaliate in similar fashion. Already, the Chinese government has said it would suspend its participation in the activities of the China-US Cyber Working Group.

In a < a href=" http://www.china-embassy.org/eng/fyrth/t1157487.htm">statement, Monday, the Chinese government promised further action. "It is a fact known to all that relevant U.S. institutions have long been involved in large-scale and organized cyber theft as well as wiretapping and surveillance activities against foreign political leaders, companies and individuals," the statement read, with an obvious reference to the National Security Agency.

"China is a victim of severe U.S. cyber theft, wiretapping and surveillance activities," the Chinese government said. The statement went on to say that the indictments are based on "fabricated facts."

The U.S. Department of Justice (DOJ) earlier today handed down indictments against Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui, all officers in Unit 61398 of the Third Department of the Chinese People's Liberation Army (PLA).

A report by security firm Mandiant last year had identified Unit 61398 as a Shanghai-based Chinese military operation responsible for hacking attacks against nearly 150 companies around the world.

In its complaint, the DOJ charged the individuals with hacking, or conspiring to hack, into several major U.S. companies, including Westinghouse Electric Co, United States Steel Corp., Allegheny Technologies Inc., United Steel and the U.S. subsidiary of SolarWind AG. The incidents allegedly occured between 2006 and 2014.

The intrusion at Westinghouse took place in 2010 when the company was building four power plants in China and was negotiating terms of the construction with a Chinese state-owned entity. Sun allegedly stole proprietary technical information and design specifications for pipes, pipe supports and other equipment from the company.

The data theft at SolarWind happened in 2012 about the same time Chinese solar product manufacturers were dumping products in the U.S market at below market prices, the indictment alleged. A group led by Wen and other unnamed conspirators allegedly broke into computers at SolarWind and stole thousands of documents pertaining to the company's manufacturing costs, production lines, cash flow and other proprietary information.

Monday's indictment similarly accused members of the group of stealing network credentials belonging to thousands of employees at U.S. Steel and Allegheny and of stealing thousands of emails from Alcoa.

This marks the first time that the U.S. has filed criminal charges against officials of another government. It highlights the level of concern that exists at the highest levels over the extent of the espionage that many believe China's military and government-sponsored hacking groups are systematically carrying out.

But few expect anything to come out of it.

"I would be surprised if anything happens materially," said Dov Yoran, CEO and co-founder of security vendor ThreatGRID. "There's no way these guys are going to be sent here" to face trial. "This is more a political recognition of what has been happening under the radar" for a long time, he said.

The pushback by the U.S. government is a good thing, he said. And while the U.S. action may spark retaliatory charges, little will change on the ground, Yoran said. China's penetration of U.S. critical infrastructure assets is already so comprehensive that a few indictments will make no difference. "I don't see how that is going to be possible,," he said,

John Pescatore, director of emerging security threats at SANS, said the U.S. move is not without risks.

"Everything I've seen so far seems like it is a trial balloon being floated by someone in the administration to gauge response," said Pescatore, a former analyst at the National Security Agency. "My response is that [this is] a pure political public relations stunt. People who live in glass houses and throw stones usually cause as much damage to their own house as they do at whomever they were throwing stones."

Richard Stiennon, principal at security consultancy IT-Harvest, called the indictments overdue, though somewhat inconsequential. "Certainly a good idea, although more than a day late and a billion dollars short," Stiennon said.

The evidence pieced together by the DOJ in its indictments is fascinating, he said. "From tracking domain registrations, changes to DNS pointers and email account creation, the prosecutors were able to piece together a good case.

"It is easy to predict that China will react with statements of outrage and denial," he said. "[But] I do not expect anything to come of the indictment, unless one of the accused is foolish enough to travel to the US. But the fallout from this public indictment will have at least as great an impact on awareness within the C suite as did the Target hack."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Cybercrime and HackingsecurityMalware and Vulnerabilities

More about Alcoa AustraliaDepartment of JusticeDOJInc.indeedNational Security AgencyTopicWang

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place