Politics

Chinese hackers might not shrug off US indictments after all

Conventional wisdom holds that nation-state hackers are unaffected by indictments, but a prominent expert thinks it's working against China.

Attorney General William Barr

Conventional wisdom holds that indicting nation-state hackers, as Attorney General William Barr did earlier this month, isn't effective.

Photo: Sarah Silbiger/Getty Images

When Attorney General William Barr announced indictments of four members of the Chinese military for hacking Equifax, you could have dismissed it as toothless hand-waving — or worse, as counterproductive to U.S. cybersecurity.

But several Chinese hacking units have ceased operations following a series of U.S. indictments over the years, Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, said Wednesday at the RSA security conference in San Francisco.

That runs counter to conventional wisdom on the topic, which says doing so is ineffective as a deterrent, invites retribution against U.S. intelligence officials, and can tip off attackers to what the government knows.

Get what matters in tech, in your inbox every morning. Sign up for Source Code.

"Indicting nation-state hackers is like pissing your pants," said Christopher Ahlberg, chief executive of the threat intelligence company Recorded Future. "At first it feels great, but then you realize it's cold and yucky."

Ahlberg says he opposes the tactic because the indictments go after the wrong people — the individuals behind the keyboards instead of Chinese government officials who are making the orders — and paints a target on U.S. counterparts. "Should we indict Chinese government employees? I don't think so. Eventually, the same thing will happen to us: Every NSA employee would need to worry about traveling around the world, I don't know how brilliant that is," he said.

But Alperovitch, who helped investigate some of the most high-profile nation-state cyberattacks, including the 2016 Democratic National Committee cyberattacks and the 2014 Sony Pictures attack, said the tactic seems to be working with China.

In 2014, for example, the U.S. indicted five Chinese military hackers for attacking and stealing information from six U.S. companies, including Westinghouse Electric, U.S. Steel and Alcoa. "Ever since that indictment, that [People's Liberation Army] unit has basically backed off. That's been really, really remarkable," said Alperovitch, who recently announced he was stepping down from his role as CrowdStrike's chief technology officer to launch a policy-focused nonprofit.

In 2017 and 2018, the U.S. issued two more indictments against individuals from two Chinese hacking groups that were accused of attacking Moody's Analytics, Siemens and dozens of other U.S. technology companies. The groups were not explicitly part of the Chinese military, but prosecutors and security researchers say they had indirect ties to the Chinese government, and in some cases passed sensitive information along to China's intelligence service.

"Both of these groups, from what I've seen, have pretty much disappeared shortly after those indictments," Alperovitch said.

His comments will likely surprise many in the security industry; Alperovitch acknowledged that he was dropping a controversial bomb on the audience and that he "encouraged folks to come find me afterwards and try to convince me this is not the case."

One shortcoming of the government's so-called "name and shame" strategy is that it doesn't actually stop the attackers, Ahlberg said. Nation-state hackers shrug their shoulders at the indictments, and the charges don't do anything to stop future attacks. An even more cynical take is that the indictments actually benefit nation-state hackers. The detailed charges can tip countries off to what exactly the U.S. knows about their operations, allowing them to change their playbook and avoid detection in the future.

Even if indictments might not stop nation-state hackers, security researchers say they're a good way for the industry to learn about attackers and the techniques they use. "Indictments can be helpful in publishing data about techniques that were employed. It's all details on how these adversaries operate, which is typically left under the covers and no one can learn from it," said Ryan Olson, vice president of threat intelligence at Palo Alto Networks.

Get in touch with us: Share information securely with Protocol via encrypted Signal or WhatsApp message, at 415-214-4715 or through our anonymous SecureDrop.

The indictment of the Equifax hackers, for example, revealed how the operatives concealed their location by routing traffic through servers in 20 countries and wiped server logs on a daily basis to hide their activity, among other details.

U.S. prosecutors have also argued that the strategy helps highlight emerging cyberthreats for businesses, and could have a chilling effect on nation-state attacks. When the government charged nine Iranians in 2018 for conducting a cyber theft campaign on behalf of the Islamic Revolutionary Guard Corps, FBI Director Christopher Wray said it would send a message, even if law enforcement was not able to arrest the attackers. "Today, not only are we publicly identifying the foreign hackers who committed these malicious cyber intrusions, but we are also sending a powerful message to their backers, the Government of the Islamic Republic of Iran: Your acts do not go unnoticed," he said in a statement at the time.

Alperovitch said it's possible that the Chinese hacking units formed other organizations or retooled after being disbanded, but said this could be seen as a victory because it disrupts operations and makes their lives harder.

While the indictments might have a chilling effect on the groups that are caught, China as a whole has not ceased its hacking operations — as evidenced by the indictment of the Equifax hackers.

"The Justice Department has pointed a finger at the [People's Liberation Army] and its operatives for being responsible for the Equifax breach, and it will be really interesting to see what happens" with the group and the named attackers, Alperovitch said.

 Adam Janofsky

Adam Janofsky (@adamjanofsky) is the former cybersecurity and privacy reporter at Protocol. Prior to that, he was a reporter at The Wall Street Journal, where he covered cybersecurity, AI and other emerging technology. Prior to that, he worked at Inc. magazine and edited The Wall Street Journal's blog about startups and entrepreneurship.

china hack equifax indictments
Protocol | Policy

5 things to know about FCC nominee Gigi Sohn

The veteran of some of the earliest tech policy fights is a longtime consumer champion and net-neutrality advocate.

Gigi Sohn, who President Joe Biden nominated to serve on the FCC, is a longtime net-neutrality advocate.

Photo: Alex Wong/Getty Images

President Joe Biden on Tuesday nominated Gigi Sohn to serve as a Federal Communications Commissioner, teeing up a Democratic majority at the agency that oversees broadband issues after months of delay.

Like Lina Khan, who Biden picked in June to head up the Federal Trade Commission, Sohn is a progressive favorite. And if confirmed, she'll take up a position in an agency trying to pull policy levers on net neutrality, privacy and broadband access even as Congress is stalled.

Keep Reading Show less
Ben Brody

Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.

fcc policy
sponsored content
Sponsored Content

Four processes to keep you innovating through change

If you've ever tried to pick up a new fitness routine like running, chances are you may have fallen into the "motivation vs. habit" trap once or twice. You go for a run when the sun is shining, only to quickly fall off the wagon when the weather turns sour.

Similarly, for many businesses, 2020 acted as the storm cloud that disrupted their plans for innovation. With leaders busy grappling with the pandemic, innovation frequently got pushed to the backburner. In fact, according to McKinsey, the majority of organizations shifted their focus mainly to maintaining business continuity throughout the pandemic.

Keep Reading Show less
Gaurav Kataria
Group Product Manager, Trello at Atlassian
sponsored content sponsored
Protocol | Workplace

Adobe wants a more authentic NFT world

Adobe's Content Credentials feature will allow Creative Cloud subscribers to attach edit-tracking information to Photoshop files. The goal is to create a more trustworthy NFT market and digital landscape.

Adobe's Content Credentials will allow users to attach their identities to an image

Image: Adobe

Remember the viral, fake photo of Kurt Cobain and Biggie Smalls that duped and delighted the internet in 2017? Doctored images manipulate people and erode trust and we're not great at spotting them. The entire point of the emerging NFT art market is to create valuable and scarce digital files and when there isn't an easy way to check for an image's origin and edits, there's a problem. What if someone steals an NFT creator's image and pawns it off as their own? As a hub for all kinds of multimedia, Adobe feels a responsibility to combat misinformation and provide a safe space for NFT creators. That's why it's rolling out Content Credentials, a record that can be attached to a Photoshop file of a creator's identity and includes any edits they made.

Users can connect their social media addresses and crypto wallet addresses to images in Photoshop. This further proves the image creator's identity, but it's also helpful in determining the creators of NFTs. Adobe has partnered with NFT marketplaces KnownOrigin, OpenSea, Rarible and SuperRare in this effort. "Today there's not a way to know that the NFT you're buying was actually created by a true creator," said Adobe General Counsel Dana Rao. "We're allowing the creator to show their identity and attach it to the image."

Keep Reading Show less
Lizzy Lawrence

Lizzy Lawrence ( @LizzyLaw_) is a reporter at Protocol, covering tools and productivity in the workplace. She's a recent graduate of the University of Michigan, where she studied sociology and international studies. She served as editor in chief of The Michigan Daily, her school's independent newspaper. She's based in D.C., and can be reached at llawrence@protocol.com.

productivity workplace
dating apps
Protocol | China

Why another Chinese lesbian dating app just shut down

With neither political support nor a profitable business model, lesbian dating apps are finding it hard to survive in China.

Operating a dating app for LGBTQ+ communities in China is like walking a tightrope.

Photo: Nicolas Asfouri/AFP via Getty Images

When Lesdo, a Chinese dating app designed for lesbian women, announced it was closing down, it didn't come as a surprise to the LGBTQ+ community.

It's unclear what directly caused this decision. 2021 hasn't been kind to China's queer communities; WeChat has deactivated queer groups' public accounts and Beijing has pressured charity organizations not to work with queer activists.

Keep Reading Show less
Zeyi Yang
Zeyi Yang is a reporter with Protocol | China. Previously, he worked as a reporting fellow for the digital magazine Rest of World, covering the intersection of technology and culture in China and neighboring countries. He has also contributed to the South China Morning Post, Nikkei Asia, Columbia Journalism Review, among other publications. In his spare time, Zeyi co-founded a Mandarin podcast that tells LGBTQ stories in China. He has been playing Pokemon for 14 years and has a weird favorite pick.
censorship dating app lgbtq social media dating apps
wearables

The Oura Ring was a sleep-tracking hit. Can the next one be even more?

Oura wants to be a media company, an activity tracker and even a way to know you're sick before you feel sick.

Over the last few years, the Oura Ring has become one of the most recognizable wearables this side of the Apple Watch.

Photo: Oura

Oura CEO Harpreet Rai swears he didn't know Kim Kardashian was a fan. He was as surprised as anyone when she started posting screenshots from the Oura app to her Instagram story, and got into a sleep battle with fellow Oura user Gwyneth Paltrow. Or when Jennifer Aniston revealed that Jimmy Kimmel got her hooked on Oura … and how her ring fell off in a salad. "I am addicted to it," Aniston said, "and it's ruining my life" by shaming her about her lack of sleep. "I think we're definitely seeing traction outside of tech," Rai said. "Which is cool."

Over the last couple of years, Oura's ring (imaginatively named the Oura Ring) has become one of the most recognizable wearables this side of the Apple Watch. The company started with a Kickstarter campaign in 2015, but really started to find traction with its second-generation model in 2018. It's not exactly a mainstream device — Oura said it has sold more than 500,000 rings, up from 150,000 in March 2020 but still not exactly Apple Watch levels — but it has reached some of the most successful, influential and probably sleep-deprived people in the industry. Jack Dorsey is a professed fan, as is Marc Benioff.

Keep Reading Show less
David Pierce

David Pierce ( @pierce) is Protocol's editorial director. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.

wearables oura ring health tech
Latest Stories