2014-05-21

U.S. Indictment Of Chinese Hackers Could Be Awkward For The NSA


Windwing - U.S. Indictment Of Chinese Hackers Could Be Awkward For The NSA

Attorney General Eric Holder, Assistant Attorney General for National Security John Carlin, second right, U.S. Attorney for Western District of Pennsylvania David Hickton, left, and FBI Executive Associate Director Robert Anderson, right, speak at a news conference at the Justice Department in Washington.Photo: Charles Dharapak/AP

It's no secret that the Chinese military represents a real threat to online security here in the U.S. Over the last several years, state-sponsored Chinese hackers have broken into hundreds of American targets–both inside the U.S. government and across the private sector. But when the Department of Justice announced criminal charges against five hackers working for China's military this morning, it came at an awkward time. After a year of revelations from ex-NSA contractor Edward Snowden, it's clearer than ever before that America's own government hackers have been running rampant through the world's networks.

On Monday, the Justice Department indicted five hackers associated with China's People's Liberation Army, accusing them of stealing information from six American companies across the energy, metals, and manufacturing industries. The charges represent a new elevation of America's cyberspy-versus-cyberspy conflict with China, transforming a diplomatic situation into a criminal issue. But cybersecurity policy-watchers say that the arrival of the indictments in the wake of Snowden's serial revelations could both lessen the charges' impact and leave American officials open to parallel criminal allegations from Chinese authorities.

In other words, US intelligence officials should think twice before planning any summer vacations in the People's Republic. "It's an unprecedented move, and we'll have to see if other counties reciprocate with the same kind of actions," says Sean Lawson, a professor who focuses on public policy, cybersecurity and the military at the University of Utah. "This could potentially open U.S. officials to similar charges, not just in China but other countries as well. Brazil could turn around and say: 'If you start charging foreign officials for cyberespionage against companies, maybe we'll do the same to officials at the NSA.'"

Calling the Kettle Black

Last September, a story based on information from Snowden said that the NSA recently hacked into the Brazilian oil firm Petrobras. Just two months ago, another Snowden leak revealed the NSA had hacked Chinese networking company Huawei to steal source code. And those are just two of a slew of reports over the last year that the NSA and its allies have hacked foreign governments and occasionally private sector targets to gather intelligence. The attacks may have happened as many as 231 times in 2011 alone.

In fact, NSA's British counterpart GCHQ last week was hit by a legal complaint from Privacy International, which accused the UK agency of illegally using malware to spy on its targets, including British citizens.

"Hacking a computer is a crime," says Privacy International deputy director Eric King, who also teaches law at the London School of Economics.1 "There are real questions about whether these agencies' employees are independently criminally liable. If China wants to start prosecuting those who hack their infrastructure, NSA employees could be arrested on the exact same legal justifications as the Chinese who have been put on the FBI's most-wanted list."

Windwing - U.S. Indictment Of Chinese Hackers Could Be Awkward For The NSA

Press materials are displayed on a table of the Justice Department before Attorney General Eric Holder was to speak at a news conference. Photo: Charles Dharapak/AP

Ammunition for the Chinese

Chinese officials didn't miss the opportunity to make a similar jab. "For a long time, the U.S. has clearly conducted large-scale, organized theft, network monitoring and control activities against foreign dignitaries, corporations, and individuals," reads a statement in Chinese from the country's ministry of foreign affairs. "Once again, we strongly urge the U.S. to offer a clear explanation and immediately stop such activities."

The fact that the Chinese government has the ammunition to make that rebuttal shows how the NSA's spying has weakened America's position, and also makes the Justice Department criminal charges less likely to stop future attacks, says the University of Utah's Lawson. "They've muddied the water," he says. "This doesn't mean Chinese should get a pass, but it shows how the NSA has been doing real harm to American companies." Bruce Schneier, a cryptography expert who has reviewed some of Snowden's leaked documents for the Guardian, puts it more simply: "We've lost any moral high ground to complain about this stuff. That's bad."

To be fair, the five Chinese hackers named in Monday's indictment are accused specifically of stealing trade secrets to give Chinese companies an advantage in industry negotiations and competition. That's a kind of spying that US officials have repeatedly denied the NSA engages in. But it's not clear how much that point helps to legally or diplomatically distinguish Chinese hacking activities from cyberespionage by America and its allies. And Snowden has also alluded to forthcoming revelations that may show the NSA isn't above industrial espionage, either.

In the meantime, the FBI posters showing Chinese hackers' faces should also send a message to the staffers of American intelligence agencies carrying out similar intrusion operations, says Privacy International's King. "I'd be looking long and hard at what the justification for those actions are," he says. "And if they're found wanting, raise hell."

1Correction 6:14 EST 05/19/14: This story has been updated to properly identify Eric King.


No comments: