yesAdam JanofskyNone
×

Get access to Protocol

Will be used in accordance with our Privacy Policy

I’m already a subscriber
Politics

Chinese hackers might not shrug off US indictments after all

Conventional wisdom holds that nation-state hackers are unaffected by indictments, but a prominent expert thinks it's working against China.

Attorney General William Barr

Conventional wisdom holds that indicting nation-state hackers, as Attorney General William Barr did earlier this month, isn't effective.

Photo: Sarah Silbiger/Getty Images

When Attorney General William Barr announced indictments of four members of the Chinese military for hacking Equifax, you could have dismissed it as toothless hand-waving — or worse, as counterproductive to U.S. cybersecurity.

But several Chinese hacking units have ceased operations following a series of U.S. indictments over the years, Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, said Wednesday at the RSA security conference in San Francisco.

That runs counter to conventional wisdom on the topic, which says doing so is ineffective as a deterrent, invites retribution against U.S. intelligence officials, and can tip off attackers to what the government knows.

Get what matters in tech, in your inbox every morning. Sign up for Source Code.

"Indicting nation-state hackers is like pissing your pants," said Christopher Ahlberg, chief executive of the threat intelligence company Recorded Future. "At first it feels great, but then you realize it's cold and yucky."

Ahlberg says he opposes the tactic because the indictments go after the wrong people — the individuals behind the keyboards instead of Chinese government officials who are making the orders — and paints a target on U.S. counterparts. "Should we indict Chinese government employees? I don't think so. Eventually, the same thing will happen to us: Every NSA employee would need to worry about traveling around the world, I don't know how brilliant that is," he said.

But Alperovitch, who helped investigate some of the most high-profile nation-state cyberattacks, including the 2016 Democratic National Committee cyberattacks and the 2014 Sony Pictures attack, said the tactic seems to be working with China.

In 2014, for example, the U.S. indicted five Chinese military hackers for attacking and stealing information from six U.S. companies, including Westinghouse Electric, U.S. Steel and Alcoa. "Ever since that indictment, that [People's Liberation Army] unit has basically backed off. That's been really, really remarkable," said Alperovitch, who recently announced he was stepping down from his role as CrowdStrike's chief technology officer to launch a policy-focused nonprofit.

In 2017 and 2018, the U.S. issued two more indictments against individuals from two Chinese hacking groups that were accused of attacking Moody's Analytics, Siemens and dozens of other U.S. technology companies. The groups were not explicitly part of the Chinese military, but prosecutors and security researchers say they had indirect ties to the Chinese government, and in some cases passed sensitive information along to China's intelligence service.

"Both of these groups, from what I've seen, have pretty much disappeared shortly after those indictments," Alperovitch said.

His comments will likely surprise many in the security industry; Alperovitch acknowledged that he was dropping a controversial bomb on the audience and that he "encouraged folks to come find me afterwards and try to convince me this is not the case."

One shortcoming of the government's so-called "name and shame" strategy is that it doesn't actually stop the attackers, Ahlberg said. Nation-state hackers shrug their shoulders at the indictments, and the charges don't do anything to stop future attacks. An even more cynical take is that the indictments actually benefit nation-state hackers. The detailed charges can tip countries off to what exactly the U.S. knows about their operations, allowing them to change their playbook and avoid detection in the future.

Even if indictments might not stop nation-state hackers, security researchers say they're a good way for the industry to learn about attackers and the techniques they use. "Indictments can be helpful in publishing data about techniques that were employed. It's all details on how these adversaries operate, which is typically left under the covers and no one can learn from it," said Ryan Olson, vice president of threat intelligence at Palo Alto Networks.

Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.

The indictment of the Equifax hackers, for example, revealed how the operatives concealed their location by routing traffic through servers in 20 countries and wiped server logs on a daily basis to hide their activity, among other details.

U.S. prosecutors have also argued that the strategy helps highlight emerging cyberthreats for businesses, and could have a chilling effect on nation-state attacks. When the government charged nine Iranians in 2018 for conducting a cyber theft campaign on behalf of the Islamic Revolutionary Guard Corps, FBI Director Christopher Wray said it would send a message, even if law enforcement was not able to arrest the attackers. "Today, not only are we publicly identifying the foreign hackers who committed these malicious cyber intrusions, but we are also sending a powerful message to their backers, the Government of the Islamic Republic of Iran: Your acts do not go unnoticed," he said in a statement at the time.

Alperovitch said it's possible that the Chinese hacking units formed other organizations or retooled after being disbanded, but said this could be seen as a victory because it disrupts operations and makes their lives harder.

While the indictments might have a chilling effect on the groups that are caught, China as a whole has not ceased its hacking operations — as evidenced by the indictment of the Equifax hackers.

"The Justice Department has pointed a finger at the [People's Liberation Army] and its operatives for being responsible for the Equifax breach, and it will be really interesting to see what happens" with the group and the named attackers, Alperovitch said.

People

Google’s trying to build a more inclusive, less chaotic future of work

Javier Soltero, the VP of Workspace at Google, said time management is everything.

With everyone working in new places, Google believes time management is everything.

Image: Google

Javier Soltero was still pretty new to the G Suite team when the pandemic hit. Pretty quickly, everything about Google's hugely popular suite of work tools seemed to change. (It's not even called G Suite anymore, but rather Workspace.) And Soltero had to both guide his team through a new way of working and help them build the tools to guide billions of Workspace users.

This week, Soltero and his team announced a number of new Workspace features designed to help people manage their time, collaborate and get stuff done more effectively. It offered new tools for frontline workers to communicate better, more hardware for hybrid meetings, lots of Assistant and Calendar features to make planning easier and a picture-in-picture mode so people could be on Meet calls without really having to pay attention.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

Sponsored Content

The future of computing at the edge: an interview with Intel’s Tom Lantzsch

An interview with Tom Lantzsch, SVP and GM, Internet of Things Group at Intel

An interview with Tom Lantzsch

Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corporation

Edge computing had been on the rise in the last 18 months – and accelerated amid the need for new applications to solve challenges created by the Covid-19 pandemic. Tom Lantzsch, Senior Vice President and General Manager of the Internet of Things Group (IoT) at Intel Corp., thinks there are more innovations to come – and wants technology leaders to think equally about data and the algorithms as critical differentiators.

In his role at Intel, Lantzsch leads the worldwide group of solutions architects across IoT market segments, including retail, banking, hospitality, education, industrial, transportation, smart cities and healthcare. And he's seen first-hand how artificial intelligence run at the edge can have a big impact on customers' success.

Protocol sat down with Lantzsch to talk about the challenges faced by companies seeking to move from the cloud to the edge; some of the surprising ways that Intel has found to help customers and the next big breakthrough in this space.

What are the biggest trends you are seeing with edge computing and IoT?

A few years ago, there was a notion that the edge was going to be a simplistic model, where we were going to have everything connected up into the cloud and all the compute was going to happen in the cloud. At Intel, we had a bit of a contrarian view. We thought much of the interesting compute was going to happen closer to where data was created. And we believed, at that time, that camera technology was going to be the driving force – that just the sheer amount of content that was created would be overwhelming to ship to the cloud – so we'd have to do compute at the edge. A few years later – that hypothesis is in action and we're seeing edge compute happen in a big way.

Keep Reading Show less
Saul Hudson
Saul Hudson has a deep knowledge of creating brand voice identity, especially in understanding and targeting messages in cutting-edge technologies. He enjoys commissioning, editing, writing, and business development, in helping companies to build passionate audiences and accelerate their growth. Hudson has reported from more than 30 countries, from war zones to boardrooms to presidential palaces. He has led multinational, multi-lingual teams and managed operations for hundreds of journalists. Hudson is a Managing Partner at Angle42, a strategic communications consultancy.
Protocol | China

Everything you need to know about the Jingdong Logistics IPO

JDL wants to ride China's ecommerce wave and become the integrated logistics firm to rule them all.

BEIJING, CHINA - NOVEMBER 11, 2020: A view of the Jingdong logistics centre in southern Beijing, one of the largest in Asia, with its automated sorting equipment capable of processing up to 800,000 packages per day, and customers waiting no longer than a day for their orders to arrive. Jingdong is the leading Chinese e-commerce platform.

Photo: Artyom Ivanov\TASS via Getty Images

If Chinese ecommerce is a gold rush, Jingdong Logistics wants to sell everyone a pick and shovel.

That's the basic pitch behind an anticipated $5 billion IPO in Hong Kong that could value ecommerce giant JD.com's logistics arm at $40 billion, according to Bloomberg, making it the second most valuable third-party shipping company in China behind SF Express.

Keep Reading Show less
David Wertime

David Wertime is Protocol's executive director. David is a widely cited China expert with twenty years' experience who has served as a Peace Corps Volunteer in China, founded and sold a media company, and worked in senior positions within multiple newsrooms. He also hosts POLITICO's China Watcher newsletter. After four years working on international deals for top law firms in New York and Hong Kong, David co-founded Tea Leaf Nation, a website that tracked Chinese social media, later selling it to the Washington Post Company. David then served as Senior Editor for China at Foreign Policy magazine, where he launched the first Chinese-language articles in the publication's history. Thereafter, he was Entrepreneur in Residence at the Lenfest Institute for Journalism, which owns the Philadelphia Inquirer. In 2019, David joined Protocol's parent company and in 2020, launched POLITICO's widely-read China Watcher. David is a Senior Fellow at the Foreign Policy Research Institute, a Research Associate at the University of Pennsylvania's Center for the Study of Contemporary China, a Member of the National Committee on U.S.-China Relations, and a Truman National Security fellow. He lives in San Francisco with his wife Diane and his puppy, Luna.

Transforming 2021

Blockchain, QR codes and your phone: the race to build vaccine passports

Digital verification systems could give people the freedom to work and travel. Here's how they could actually happen.

One day, you might not need to carry that physical passport around, either.

Photo: CommonPass

There will come a time, hopefully in the near future, when you'll feel comfortable getting on a plane again. You might even stop at the lounge at the airport, head to the regional office when you land and maybe even see a concert that evening. This seemingly distant reality will depend upon vaccine rollouts continuing on schedule, an open-sourced digital verification system and, amazingly, the blockchain.

Several countries around the world have begun to prepare for what comes after vaccinations. Swaths of the population will be vaccinated before others, but that hasn't stopped industries decimated by the pandemic from pioneering ways to get some people back to work and play. One of the most promising efforts is the idea of a "vaccine passport," which would allow individuals to show proof that they've been vaccinated against COVID-19 in a way that could be verified by businesses to allow them to travel, work or relax in public without a great fear of spreading the virus.

Keep Reading Show less
Mike Murphy

Mike Murphy ( @mcwm) is the director of special projects at Protocol, focusing on the industries being rapidly upended by technology and the companies disrupting incumbents. Previously, Mike was the technology editor at Quartz, where he frequently wrote on robotics, artificial intelligence, and consumer electronics.

Protocol | China

Hou Jianbin wants to educate China. But at what cost?

Zuoyebang is a titan in China's world-leading ed tech industry, and a force for equality in an unfair system. Will the chase for users and data turn it into something else?

Buoyed by the pandemic, China's ed tech industry is enjoying explosive growth.

Photo: Getty Images

Hou Jianbin, the founder and CEO of one of the world's largest education technology unicorns, knows what it takes for a kid from the Chinese backwaters to make it. He grew up in a rural town in northern China in the 1990s. Hou's life changed when — against daunting odds that make Harvard admission look like a cakewalk — he was accepted into the mega-selective Peking University in 2001, where he majored in computer science and management. Now helming Zuoyebang, a $10 billion ed tech company, Hou positions himself as a champion for education equality in China, attempting to rebalance China's highly unequal education system.

"Knowledge can change someone's life, and I am the beneficiary of it," Hou said in a 2018 interview with Xinhua News Agency. "With the power of technology, excellent teachers can bring quality education within reach through online education." Hou's right about the power of his firm's tech and the need to give every kid in China a fighting chance. But Zuoyebang also requires huge marketing expenditures and aggressive salesmanship to acquire the number of users needed to power its killer AI-driven apps. In sinking ever more VC capital toward that end, Zuoyebang has incurred the wrath of regulators. Hou has certainly profited from the anxiety of underserved families living outside China's showcase cities. But given the pressure to scale and win his industry, can Hou stick to his stated mission of changing their lives?

Keep Reading Show less
Shen Lu

Shen Lu is a Reporter with Protocol | China. She has spent six years covering China from inside and outside its borders. Previously, she was a fellow at Asia Society's ChinaFile and a Beijing-based producer for CNN. Her writing has appeared in Foreign Policy, The New York Times and POLITICO, among other publications. Shen Lu is a founding member of Chinese Storytellers, a community serving and elevating Chinese professionals in the global media industry.

Latest Stories