Politics

Chinese hackers might not shrug off US indictments after all

Conventional wisdom holds that nation-state hackers are unaffected by indictments, but a prominent expert thinks it's working against China.

Attorney General William Barr

Conventional wisdom holds that indicting nation-state hackers, as Attorney General William Barr did earlier this month, isn't effective.

Photo: Sarah Silbiger/Getty Images

When Attorney General William Barr announced indictments of four members of the Chinese military for hacking Equifax, you could have dismissed it as toothless hand-waving — or worse, as counterproductive to U.S. cybersecurity.

But several Chinese hacking units have ceased operations following a series of U.S. indictments over the years, Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, said Wednesday at the RSA security conference in San Francisco.

That runs counter to conventional wisdom on the topic, which says doing so is ineffective as a deterrent, invites retribution against U.S. intelligence officials, and can tip off attackers to what the government knows.

Get what matters in tech, in your inbox every morning. Sign up for Source Code.

"Indicting nation-state hackers is like pissing your pants," said Christopher Ahlberg, chief executive of the threat intelligence company Recorded Future. "At first it feels great, but then you realize it's cold and yucky."

Ahlberg says he opposes the tactic because the indictments go after the wrong people — the individuals behind the keyboards instead of Chinese government officials who are making the orders — and paints a target on U.S. counterparts. "Should we indict Chinese government employees? I don't think so. Eventually, the same thing will happen to us: Every NSA employee would need to worry about traveling around the world, I don't know how brilliant that is," he said.

But Alperovitch, who helped investigate some of the most high-profile nation-state cyberattacks, including the 2016 Democratic National Committee cyberattacks and the 2014 Sony Pictures attack, said the tactic seems to be working with China.

In 2014, for example, the U.S. indicted five Chinese military hackers for attacking and stealing information from six U.S. companies, including Westinghouse Electric, U.S. Steel and Alcoa. "Ever since that indictment, that [People's Liberation Army] unit has basically backed off. That's been really, really remarkable," said Alperovitch, who recently announced he was stepping down from his role as CrowdStrike's chief technology officer to launch a policy-focused nonprofit.

In 2017 and 2018, the U.S. issued two more indictments against individuals from two Chinese hacking groups that were accused of attacking Moody's Analytics, Siemens and dozens of other U.S. technology companies. The groups were not explicitly part of the Chinese military, but prosecutors and security researchers say they had indirect ties to the Chinese government, and in some cases passed sensitive information along to China's intelligence service.

"Both of these groups, from what I've seen, have pretty much disappeared shortly after those indictments," Alperovitch said.

His comments will likely surprise many in the security industry; Alperovitch acknowledged that he was dropping a controversial bomb on the audience and that he "encouraged folks to come find me afterwards and try to convince me this is not the case."

One shortcoming of the government's so-called "name and shame" strategy is that it doesn't actually stop the attackers, Ahlberg said. Nation-state hackers shrug their shoulders at the indictments, and the charges don't do anything to stop future attacks. An even more cynical take is that the indictments actually benefit nation-state hackers. The detailed charges can tip countries off to what exactly the U.S. knows about their operations, allowing them to change their playbook and avoid detection in the future.

Even if indictments might not stop nation-state hackers, security researchers say they're a good way for the industry to learn about attackers and the techniques they use. "Indictments can be helpful in publishing data about techniques that were employed. It's all details on how these adversaries operate, which is typically left under the covers and no one can learn from it," said Ryan Olson, vice president of threat intelligence at Palo Alto Networks.

Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.

The indictment of the Equifax hackers, for example, revealed how the operatives concealed their location by routing traffic through servers in 20 countries and wiped server logs on a daily basis to hide their activity, among other details.

U.S. prosecutors have also argued that the strategy helps highlight emerging cyberthreats for businesses, and could have a chilling effect on nation-state attacks. When the government charged nine Iranians in 2018 for conducting a cyber theft campaign on behalf of the Islamic Revolutionary Guard Corps, FBI Director Christopher Wray said it would send a message, even if law enforcement was not able to arrest the attackers. "Today, not only are we publicly identifying the foreign hackers who committed these malicious cyber intrusions, but we are also sending a powerful message to their backers, the Government of the Islamic Republic of Iran: Your acts do not go unnoticed," he said in a statement at the time.

Alperovitch said it's possible that the Chinese hacking units formed other organizations or retooled after being disbanded, but said this could be seen as a victory because it disrupts operations and makes their lives harder.

While the indictments might have a chilling effect on the groups that are caught, China as a whole has not ceased its hacking operations — as evidenced by the indictment of the Equifax hackers.

"The Justice Department has pointed a finger at the [People's Liberation Army] and its operatives for being responsible for the Equifax breach, and it will be really interesting to see what happens" with the group and the named attackers, Alperovitch said.

Policy

Musk’s texts reveal what tech’s most powerful people really want

From Jack Dorsey to Joe Rogan, Musk’s texts are chock-full of überpowerful people, bending a knee to Twitter’s once and (still maybe?) future king.

“Maybe Oprah would be interested in joining the Twitter board if my bid succeeds,” one text reads.

Photo illustration: Patrick Pleul/picture alliance via Getty Images; Protocol

Elon Musk’s text inbox is a rarefied space. It’s a place where tech’s wealthiest casually commit to spending billions of dollars with little more than a thumbs-up emoji and trade tips on how to rewrite the rules for how hundreds of millions of people around the world communicate.

Now, Musk’s ongoing legal battle with Twitter is giving the rest of us a fleeting glimpse into that world. The collection of Musk’s private texts that was made public this week is chock-full of tech power brokers. While the messages are meant to reveal something about Musk’s motivations — and they do — they also say a lot about how things get done and deals get made among some of the most powerful people in the world.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

Sponsored Content

Great products are built on strong patents

Experts say robust intellectual property protection is essential to ensure the long-term R&D required to innovate and maintain America's technology leadership.

Every great tech product that you rely on each day, from the smartphone in your pocket to your music streaming service and navigational system in the car, shares one important thing: part of its innovative design is protected by intellectual property (IP) laws.

From 5G to artificial intelligence, IP protection offers a powerful incentive for researchers to create ground-breaking products, and governmental leaders say its protection is an essential part of maintaining US technology leadership. To quote Secretary of Commerce Gina Raimondo: "intellectual property protection is vital for American innovation and entrepreneurship.”

Keep Reading Show less
James Daly
James Daly has a deep knowledge of creating brand voice identity, including understanding various audiences and targeting messaging accordingly. He enjoys commissioning, editing, writing, and business development, particularly in launching new ventures and building passionate audiences. Daly has led teams large and small to multiple awards and quantifiable success through a strategy built on teamwork, passion, fact-checking, intelligence, analytics, and audience growth while meeting budget goals and production deadlines in fast-paced environments. Daly is the Editorial Director of 2030 Media and a contributor at Wired.
Fintech

Circle’s CEO: This is not the time to ‘go crazy’

Jeremy Allaire is leading the stablecoin powerhouse in a time of heightened regulation.

“It’s a complex environment. So every CEO and every board has to be a little bit cautious, because there’s a lot of uncertainty,” Circle CEO Jeremy Allaire told Protocol at Converge22.

Photo: Circle

Sitting solo on a San Francisco stage, Circle CEO Jeremy Allaire asked tennis superstar Serena Williams what it’s like to face “unrelenting skepticism.”

“What do you do when someone says you can’t do this?” Allaire asked the athlete turned VC, who was beaming into Circle’s Converge22 convention by video.

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.

Enterprise

Is Salesforce still a growth company? Investors are skeptical

Salesforce is betting that customer data platform Genie and new Slack features can push the company to $50 billion in revenue by 2026. But investors are skeptical about the company’s ability to deliver.

Photo: Marlena Sloss/Bloomberg via Getty Images

Salesforce has long been enterprise tech’s golden child. The company said everything customers wanted to hear and did everything investors wanted to see: It produced robust, consistent growth from groundbreaking products combined with an aggressive M&A strategy and a cherished culture, all operating under the helm of a bombastic, but respected, CEO and team of well-coiffed executives.

Dreamforce is the embodiment of that success. Every year, alongside frustrating San Francisco residents, the over-the-top celebration serves as a battle cry to the enterprise software industry, reminding everyone that Marc Benioff’s mighty fiefdom is poised to expand even deeper into your corporate IT stack.

Keep Reading Show less
Joe Williams

Joe Williams is a writer-at-large at Protocol. He previously covered enterprise software for Protocol, Bloomberg and Business Insider. Joe can be reached at JoeWilliams@Protocol.com. To share information confidentially, he can also be contacted on a non-work device via Signal (+1-309-265-6120) or JPW53189@protonmail.com.

Policy

The US and EU are splitting on tech policy. That’s putting the web at risk.

A conversation with Cédric O, the former French minister of state for digital.

“With the difficulty of the U.S. in finding political agreement or political basis to legislate more, we are facing a risk of decoupling in the long term between the EU and the U.S.”

Photo: David Paul Morris/Bloomberg via Getty Images

Cédric O, France’s former minister of state for digital, has been an advocate of Europe’s approach to tech and at the forefront of the continent’s relations with U.S. giants. Protocol caught up with O last week at a conference in New York focusing on social media’s negative effects on society and the possibilities of blockchain-based protocols for alternative networks.

O said watching the U.S. lag in tech policy — even as some states pass their own measures and federal bills gain momentum — has made him worry about the EU and U.S. decoupling. While not as drastic as a disentangling of economic fortunes between the West and China, such a divergence, as O describes it, could still make it functionally impossible for companies to serve users on both sides of the Atlantic with the same product.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

Latest Stories
Bulletins