This week saw the United States Government issue a charge against five Chinese Government agents, who it claimed were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA), aka the APT1 group.
The indictment alleges that three of the men hacked, or attempted to hack, into US entities, while two others managed the infrastructure. It was also alleged that the stolen information would benefit the Chinese Government and state-owned enterprises, or supply details about the American entities.
So I asked some industry key figures whether this was a positive thing, and could this lead to retribution.
Greg Day, VP & CTO EMEA at FireEye
This is not first time that the issue of cyber espionage has been discussed between nation states, and many openly talk about their offensive and defensive capabilities. Cyber space has changed greatly over the past few years, with supply chain dependencies blurring the lines between true government entities and commercial businesses. As such, it is little surprise that targeted attacks span the same boundaries.
With the APT1 report (from Mandiant, who FireEye acquired in January 2014), the goal was to enlighten those that either were, or could be an unknowing victim to the threat so they could take the correct response actions. However, whilst we saw short term value, we have since seen APT1 returning. Such publicity helps increase awareness of the problem, and whilst no country ever likes to be caught, we have seen enough instances of spying being caught in both the virtual and physical world to know that whilst it creates friction it has not yet stopped nations communicating.
Simon Saunders, managing consultant, Portcullis Computer Security:
The issue of international cyber espionage has been a hot topic in the West for a number of years, with the finger commonly pointed at the Far East. However, many compromised corporates are unwilling to publicly discuss their previous incidents, for fea
r of impacting revenues, which means that this type of issue is seen by many as a persistent rumour rather than fact. This is despite the best efforts of government agencies and security professionals alike to educate to the contrary.
The recent indictment of five Chinese nationals by the US Justice Department for hacking US businesses provides further evidence that this is a genuine threat to business. Following the Mandiant report identifying a specific building in China as the source for much hacking activity, the identification of specific individuals is a significant progression in this narrative.
Behind some strong words coming out of the U.S. Justice Department, it is important to note that these Chinese individuals are not on US soil and were operating from their home country. Therefore, unless the indicted individuals were to arrive on US soil (now unlikely) then these hackers will not face court, nor punishment if found guilty. Quite the contrary; they’ll be able to continue their efforts with impunity. If the might of the US Government cannot hold overseas attackers responsible, then the rest of us have little hope, regardless of the evidence.
Tom Cross, director of security research at Lancope
This important move by the US Department of Justice is a step forward on the long road toward establishing a set of international norms regarding cyber espionage. A clear international legal framework exists for acts of warfare between nation states, even if those acts occur in cyber space, but that framework only applies to attacks that damage physical infrastructure or that have the potential to harm people. There are fewer rules that apply to spying activity.
The internet has proven to be a bonanza for spies, who can now directly connect to the computers and communications devices that are being used by their targets, without having to leave the comfort of their home countries. Spying activity in cyber space has become rampant and impacts organizations of all sizes and in all lines of work, from multi-national corporations to individual political activists.
Part of addressing the problem of international spying on the internet involves setting standards for what is and is not an acceptable target. While I doubt that foreign military commanders who are prosecuted by the Department of Justice will be successfully apprehended and brought to justice, these prosecutions do send a clear message regarding what sort of behaviour the United States views as unacceptable. That message will prompt a dialog about international norms in this area, and having that dialog is a vital part of coming to grips with the impact that internet security issues are having on our societies.
Bob West, Chief Trust Officer at CipherCloud
The US government is toughening up its language against nation-state and industrial cyber-espionage. We’re calling out the Chinese government for its role fostering theft of American intellectual property and doing it by naming specific hackers with military ties. The US government isn’t trying to provide the private sector with competitive advantage, which is clearly the case with China’s spying activities.
Steve Hultquist, CIO/VP Customer Success at RedSeal Networks
Cyber espionage has moved from black ops to career path and regardless of the outcome of the current US/China situation, the message to US companies is loud and clear: somewhere, experts are being paid to break into your network, and efforts to protect it are critically important.
Most companies today remain f
ocused on reacting to attacks that are in-progress, and it’s not enough. They need to get a handle on their real vulnerabilities and make sure their security investments are properly deployed and configured to isolate and protect key assets against modern attacks.
We virtually never encounter a network that doesn’t have major vulnerabilities – from misconfigured firewalls to slipshod connectivity. Until they remedy these situations, it’s open season for US companies, whether they’re targeted by other Governments, coordinated hacker groups or a lone wolf with a grudge.