Hacker indictments against China's military unlikely to change anything

The U.S. government's decision Monday to formally indict five members of the Chinese military on criminal hacking charges marks a significant escalation of what until now has been largely a war of words between officials of both countries.

Many see the indictments as long overdue. U.S. government officials and security experts have long pointed to China as the single largest source of state-sponsored attacks against U.S. government, military and corporate networks. Over the past several years, China-based hackers are believed to have stolen huge troves of military and industrial data from the U.S.

The big question is whether today's indictments will accomplish anything.

It's a near certainty that China will not hand over the five individuals to the U.S. or hold them accountable in that country. And it's unlikely that the indictments alone will significantly slow the alleged Chinese attacks against U.S. assets -- if that is, indeed, the goal.

Instead, all the move is likely to do is provoke China to retaliate in similar fashion. Already, the Chinese government has said it would suspend its participation in the activities of the China-US Cyber Working Group.

In a < a href=" http://www.china-embassy.org/eng/fyrth/t1157487.htm">statement, Monday, the Chinese government promised further action. "It is a fact known to all that relevant U.S. institutions have long been involved in large-scale and organized cyber theft as well as wiretapping and surveillance activities against foreign political leaders, companies and individuals," the statement read, with an obvious reference to the National Security Agency.

"China is a victim of severe U.S. cyber theft, wiretapping and surveillance activities," the Chinese government said. The statement went on to say that the indictments are based on "fabricated facts."

The U.S. Department of Justice (DOJ) earlier today handed down indictments against Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui, all officers in Unit 61398 of the Third Department of the Chinese People's Liberation Army (PLA).

A report by security firm Mandiant last year had identified Unit 61398 as a Shanghai-based Chinese military operation responsible for hacking attacks against nearly 150 companies around the world.

In its complaint, the DOJ charged the individuals with hacking, or conspiring to hack, into several major U.S. companies, including Westinghouse Electric Co, United States Steel Corp., Allegheny Technologies Inc., United Steel and the U.S. subsidiary of SolarWind AG. The incidents allegedly occured between 2006 and 2014.

The intrusion at Westinghouse took place in 2010 when the company was building four power plants in China and was negotiating terms of the construction with a Chinese state-owned entity. Sun allegedly stole proprietary technical information and design specifications for pipes, pipe supports and other equipment from the company.

The data theft at SolarWind happened in 2012 about the same time Chinese solar product manufacturers were dumping products in the U.S market at below market prices, the indictment alleged. A group led by Wen and other unnamed conspirators allegedly broke into computers at SolarWind and stole thousands of documents pertaining to the company's manufacturing costs, production lines, cash flow and other proprietary information.

Monday's indictment similarly accused members of the group of stealing network credentials belonging to thousands of employees at U.S. Steel and Allegheny and of stealing thousands of emails from Alcoa.

This marks the first time that the U.S. has filed criminal charges against officials of another government. It highlights the level of concern that exists at the highest levels over the extent of the espionage that many believe China's military and government-sponsored hacking groups are systematically carrying out.

But few expect anything to come out of it.

"I would be surprised if anything happens materially," said Dov Yoran, CEO and co-founder of security vendor ThreatGRID. "There's no way these guys are going to be sent here" to face trial. "This is more a political recognition of what has been happening under the radar" for a long time, he said.

The pushback by the U.S. government is a good thing, he said. And while the U.S. action may spark retaliatory charges, little will change on the ground, Yoran said. China's penetration of U.S. critical infrastructure assets is already so comprehensive that a few indictments will make no difference. "I don't see how that is going to be possible,," he said,

John Pescatore, director of emerging security threats at SANS, said the U.S. move is not without risks.

"Everything I've seen so far seems like it is a trial balloon being floated by someone in the administration to gauge response," said Pescatore, a former analyst at the National Security Agency. "My response is that [this is] a pure political public relations stunt. People who live in glass houses and throw stones usually cause as much damage to their own house as they do at whomever they were throwing stones."

Richard Stiennon, principal at security consultancy IT-Harvest, called the indictments overdue, though somewhat inconsequential. "Certainly a good idea, although more than a day late and a billion dollars short," Stiennon said.

The evidence pieced together by the DOJ in its indictments is fascinating, he said. "From tracking domain registrations, changes to DNS pointers and email account creation, the prosecutors were able to piece together a good case.

"It is easy to predict that China will react with statements of outrage and denial," he said. "[But] I do not expect anything to come of the indictment, unless one of the accused is foolish enough to travel to the US. But the fallout from this public indictment will have at least as great an impact on awareness within the C suite as did the Target hack."

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is jvijayan@computerworld.com.

See more by Jaikumar Vijayan on Computerworld.com.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.