Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Hacker indictments against China's military unlikely to change anything

Jaikumar Vijayan | May 20, 2014
The move makes for good publicity, but will do little to deter hackers

The data theft at SolarWind happened in 2012 about the same time Chinese solar product manufacturers were dumping products in the U.S market at below market prices, the indictment alleged. A group led by Wen and other unnamed conspirators allegedly broke into computers at SolarWind and stole thousands of documents pertaining to the company's manufacturing costs, production lines, cash flow and other proprietary information.

Monday's indictment similarly accused members of the group of stealing network credentials belonging to thousands of employees at U.S. Steel and Allegheny and of stealing thousands of emails from Alcoa.

This marks the first time that the U.S. has filed criminal charges against officials of another government. It highlights the level of concern that exists at the highest levels over the extent of the espionage that many believe China's military and government-sponsored hacking groups are systematically carrying out.

But few expect anything to come out of it.

"I would be surprised if anything happens materially," said Dov Yoran, CEO and co-founder of security vendor ThreatGRID. "There's no way these guys are going to be sent here" to face trial. "This is more a political recognition of what has been happening under the radar" for a long time, he said.

The pushback by the U.S. government is a good thing, he said. And while the U.S. action may spark retaliatory charges, little will change on the ground, Yoran said. China's penetration of U.S. critical infrastructure assets is already so comprehensive that a few indictments will make no difference. "I don't see how that is going to be possible,," he said,

John Pescatore, director of emerging security threats at SANS, said the U.S. move is not without risks.

"Everything I've seen so far seems like it is a trial balloon being floated by someone in the administration to gauge response," said Pescatore, a former analyst at the National Security Agency. "My response is that [this is] a pure political public relations stunt. People who live in glass houses and throw stones usually cause as much damage to their own house as they do at whomever they were throwing stones."

Richard Stiennon, principal at security consultancy IT-Harvest, called the indictments overdue, though somewhat inconsequential. "Certainly a good idea, although more than a day late and a billion dollars short," Stiennon said.

The evidence pieced together by the DOJ in its indictments is fascinating, he said. "From tracking domain registrations, changes to DNS pointers and email account creation, the prosecutors were able to piece together a good case.

"It is easy to predict that China will react with statements of outrage and denial," he said. "[But] I do not expect anything to come of the indictment, unless one of the accused is foolish enough to travel to the US. But the fallout from this public indictment will have at least as great an impact on awareness within the C suite as did the Target hack."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.