It’s no longer secret with respect to Chinese military’s behavior, which represents a real threat to online security here in the U.S. Over the last several years. State-sponsored Chinese hackers have broken into hundreds of American targets-both inside the U.S. government and across the private sector. However, when the Department of Justice announced criminal charges against five hackers working for China’s military this morning, it came at an awkward time. After a year of revelations from ex-NSA contractor Edward Snowden, it’s clearer than ever before that American’s own government hackers have been running rampant through the world’s networks.
On Monday, the Justice Department indicted five hackers associated with China’s People’s Liberation Army, accusing them of stealing information from six American companies which expertise on energy, metals, and manufacturing industries.
The charges represent a new elevation of America’s cyber-spy versus cyber-spy conflicts with China, transforming a diplomatic situation into a criminal issue.
However, cyber-security policy-watchers say that the arrival of the indictments in the wake of Snowden’s serial revelations could both lessen the charges’ impact and leave American officials open to parallel criminal allegations from Chinese authorities.
The US intelligence officials should think twice before planning any summer vacation in the People’s Republic. “It’s an unprecedented move, and we’ll have to see if other countries reciprocate with the same kind of actions,” says Sean Lawson, a professor who focuses on public policy, cybersecurity and the military at the University of Utah. “This could potentially open U.S. officials to similar charges, not just in China but other countries as well. Brazil could turn around and say: ‘If you start charging foreign officials for cyber-espionage against companies, maybe we’ll do the same to officials at the NSA.’”
Last September, a story based on information from Snowden said that the NSA recently hacked the Brazilian oil firm Petrobras. About two months ago, another leak from Snowden that revealed the NSA hacked the Chinese networking company Huawei, to steal source code.
And those are just two of a batch of reports over the last year that the NSA and its allies have hacked foreign governments and occasionally private sector targets to gather intelligence. The attacks may have happened as many as 231 times in 2011.
In fact, NSA’s British counterpart GCHQ last week was hit by a legal complaint from Privacy International, which accused the UK agency of illegally using malware to spy on its targets, including British citizens.
“Hacking a computer is a crime,” says Privacy International director and London School of Economics law Professor Eric King. “There are real questions about whether these agencies’ employees are independently criminally liable. If China wants to start prosecuting those who hack their infrastructure, NSA employees could be arrested on the exact same legal justifications as the Chinese, who have been put on the FBI’s most-wanted list.”
Chinese officials didn’t miss the opportunity to fight-back on a similar note. “For a long time, the U.S. has clearly conducted large-scale, organized theft, network monitoring and control activities against foreign dignitaries, corporations, and individuals,” reads a statement in Chinese from the country’s ministry of foreign affairs. “Once again, we strongly urge the U.S. to offer a clear explanation and immediately stop such activities.”
The fact that the Chinese government has the ammunition to rebuttal their contention how the NSA’s spying has weakened America’s position, and also makes the Justice Department criminal charges less likely to stop future attacks, says the University of Utah’s Lawson. “They’ve muddied the water,” he says. “This doesn’t mean Chinese should get a pass, but it shows how the NSA has been doing real harm to American companies.” Bruce Schneier, a cryptography expert who has reviewed some of Snowden’s leaked documents for the Guardian, puts it more simply: “We’ve lost any moral high ground to complain about this stuff. That’s bad.”
To be fair, the five Chinese hackers named on Monday’s indictments are accused specifically of stealing trade secrets in order to give Chinese companies an edge on negotiations and more competitive. That’s a kind of spying that US officials has repeatedly denied the NSA engages in. However, it’s not clear how much that point helps to legally or diplomatically distinguishes Chinese's hacking activities from cyber-espionage by America and its allies. And Snowden has also alluded to forthcoming revelations that may show the NSA isn’t above industrial espionage, either.
At this time, the FBI posters showing Chinese hackers’ faces should also send a message to staffers of American intelligence agencies carrying out similar intrusion operations, says Privacy International’s King. “I’d be looking long and hard at what the justifications for those actions are,” he says. “And if they’re found wanting, raise hell.”