Charges Against Chinese Hackers Are Now Common. Why Don't They Deter Cyberattacks?

Feb 5, 2019
Originally published on February 5, 2019 9:16 pm

In May 2014, then-Attorney General Eric Holder announced charges against five members of the Chinese military.

They'd allegedly hacked the computer networks of American companies and stolen everything from intellectual property and trade secrets to the firms' litigation strategies.

The indictment was the first brought by the United States publicly against state-sponsored hackers for cybercrimes targeting U.S. firms. In the nearly five years since then, the Justice Department has unveiled one China-related hacking indictment after another, including cases against at least a dozen individuals and companies last year alone.

But China's rampant cybertheft has not stopped, officials say.

Most of the defendants, meanwhile, remain in China and are unlikely to ever see the inside of a U.S. courtroom. That's fueling questions about whether the strategy of indicting suspected Chinese hackers is a failure.

"It does not seem to have stopped the Chinese and it certainly doesn't seem to have imposed any cost on them to get them to the point where they think it's not worth the attacks," said Adam Segal, the director of the digital and cyberspace policy program at the Council on Foreign Relations.

American officials say China's relentless effort to steal American business secrets is part of what they describe as Beijing's drive to leapfrog the United States as the world's preeminent economic and military power.

U.S. officials say China's targets include the fields of aerospace, biotechnology, telecommunications, medical equipment and oil and gas exploration. Those match the business sectors tabbed for strategic development in China's official government policy called "Made in China 2025."

Why hasn't America dissuaded more cybertheft? One reason, experts say, is that the value of the intellectual property China has been accused of stealing dwarfs the costs that indictments impose on Beijing.

"They embarrass the people that they name and they show that the United States has the ability to find people who are hacking into our country," said Jack Goldsmith, a Harvard law professor and former DOJ official in the George W. Bush administration.

"But by themselves, that's a very, very small cost compared to the billions of dollars in secrets that our government says the Chinese are stealing."

Goldsmith says the indictments not only have failed to deter China from further hacking, they may even send a signal of weakness because so few of those who have been charged actually are prosecuted.

Charges make a difference, supporters say

China's President Xi Jinping may have dialed down cyberattacks because of a deal with the U.S., or as part of his own moves inside China, or both. Later, though, they crept back up again.
Fred Dufour / AP

Supporters of the public charging strategy acknowledge that China has not stopped hacking, but they say the indictments yield a positive effect for the United States.

They point to the 2015 deal that China reached with the Obama administration under which Beijing agreed not to conduct cyber economic espionage. China's president, Xi Jinping, signed that deal a year after the Justice Department charged the five Chinese military hackers.

"The Chinese hate the indictments," said James Lewis of the Center for Strategic and International Studies. "So it's a pain point for the Chinese."

Officials and cybersecurity experts say the pace and scale of Chinese hacking for commercial gain dropped off after the agreement.

It is unclear whether that alone was the cause, or because of moves Xi took at home to crack down on corruption and reorganize China's state-backed hacking efforts by bringing them under the control of the Ministry of State Security.

If Chinese cyber-specialists were launching cyberattacks on behalf of the government and also freelancing for private clients during their time off, for example, Xi's reforms may have brought that to a close.

The reduction in cyber-activity also may have been a combination of the 2015 deal with the United States and Xi's new policies.

Cyberattacks have ramped back up since the post-deal dip, according to U.S. officials, although some of the current hacking may fall into a gray zone that the Chinese government may not consider to be covered by the 2015 agreement.

Naming and shaming

Even though the Justice Department's indictments haven't brought an end to China's alleged cyberattacks, they have made public information that previously had been kept under lock and key by the U.S. government.

That, in turn, has helped raise public awareness — particularly among American companies — about China's pervasive hacking, backers say.

"What the indictments do is they put all of this information about this in the hands of the people who are now being targeted," said John Hultquist, the director of intelligence analysis at the cybersecurity firm FireEye.

"It's really important to get this into their hands and, in some cases, even prove to them that it's happening."

That information has prompted some American and other Western companies to reconsider doing business in China or partnering with Chinese firms on joint ventures.

And if that hesitation leads to economic consequences for China over the coming years, it could prompt the Chinese government to reconsider how it does business, argue supporters of overt actions like the Justice Department charges.

"When you lay out in meticulous detail the type of actions they're taking to steal from the partners who are supposed to be doing joint ventures with their company and investing inside the United States, it has a reputational cost and it allows businesses to make more rational cost benefit calculations," said John Carlin, who led the Justice Department's National Security Division.

Carlin helped bring the first case against Chinese hackers and he said that simply breaking the silence about the cyberattacks has been positive.

"It's quite useful, I think, for getting facts out there in a way that's credible to foreign partners and to our businesses."

But indictments are not on their own a solution, says Carlin, who wrote a book, "Dawn Of The Code War," that details efforts to combat China's hacking.

Instead, Carlin says, the indictments send a public signal while at the same time laying the groundwork for the United States to use other tools to pressure China to stop.

"If we're going to change this behavior, it has to be part of a larger strategy of raising the cost and includes all of the instruments of U.S. power, including the power to sanction under the Treasury Department," he said.

To date, however, the Treasury has not used that power against China over its industrial cyber-espionage.

Copyright 2019 NPR. To see more, visit https://www.npr.org.

STEVE INSKEEP, HOST:

All right. The Justice Department has brought many cases against suspected Chinese hackers by now. They're accused of stealing American companies' intellectual property and trade secrets. But cyber theft, by all accounts, continues at a rapid pace. So is the Justice Department's strategy working? Here's NPR justice reporter Ryan Lucas.

RYAN LUCAS, BYLINE: May of 2014 and front-page news out of the Justice Department.

(SOUNDBITE OF ARCHIVED RECORDING)

UNIDENTIFIED REPORTER: The United States has charged China's military with cyber espionage. Five Chinese officers are accused of hacking into big American companies for their trade secrets.

LUCAS: It was a big deal because it was the first time the U.S. had charged state-sponsored actors for hacking American companies. Now, fast-forward to this past December. Here's President Trump's deputy attorney general, Rod Rosenstein, announcing new charges against two more suspected Chinese hackers.

(SOUNDBITE OF ARCHIVED RECORDING)

ROD ROSENSTEIN: America and its many allies know what China is doing. We know why they're doing it. And in some cases, we even know exactly who is sitting at the keyboard perpetrating these crimes.

LUCAS: It is a scene that has played out repeatedly over the past five years. The Justice Department has announced charges against suspected hackers allegedly working at the behest of the Chinese government to steal American intellectual property. Despite the slew of indictments, officials say China has not stopped targeting American companies. And in nearly all of the hacking cases, the accused are in China and unlikely to ever see the inside of a U.S. courtroom. That has led some observers to question just how effective this indictment strategy is.

ADAM SEGAL: It does not seem to have stopped the Chinese, and it certainly doesn't seem to have imposed any cost on them to get them to the point where they think it's not worth the attacks.

LUCAS: That's Adam Segal. He directs the Digital and Cyberspace Policy Program at the Council on Foreign Relations. Segal is not alone in his criticism. Jack Goldsmith is a Harvard law professor and former DOJ official in the George W. Bush administration. Goldsmith argues that because indictments do not pose much of a cost, they have failed to deter China from further hacking. The charges may embarrass the defendants and show that the U.S. can pinpoint who's behind the hacking, Goldsmith says. But those costs are paltry compared to the billions of dollars' worth of secrets the Chinese are allegedly stealing.

JACK LANDMAN GOLDSMITH: I would say that, to date, the United States has not found a strategy - over many, many years after much discussion and much thought and much effort, it has not found a strategy to get the Chinese to tamp this down.

LUCAS: Supporters acknowledge that China has not stopped hacking, but they say indictments have had a positive effect. They note that a year after the DOJ first brought charges, China reached an agreement with the Obama administration to not conduct cyber economic espionage. Officials and cybersecurity experts say the pace and scale of Chinese cyberattacks dropped off after the agreement.

The hacking has ramped back up since then, according to U.S. officials. Although some of the current hacking may fall into a gray zone that is arguably not covered by the 2015 deal. The indictments also have been critical in publicizing information that previously had been kept under lock and key by the U.S. government. That has helped raise public awareness, particularly among American companies, about China's pervasive hacking.

JOHN HULTQUIST: What the indictments do is they put all this information about this in the hands of the people who are now being targeted.

LUCAS: That's John Hultquist. He's the director of intelligence analysis at the cybersecurity firm FireEye.

HULTQUIST: So it's really important to get this into their hands and in some cases even prove to them that it's happening.

LUCAS: That information has prompted some American and other Western companies to reconsider doing business in China or with Chinese partners. Hultquist says the indictments also have had a disruptive effect.

HULTQUIST: The adversary seems to have, at least for a short term, changed up operations, burned their infrastructure, had to change their tooling, go back to square one.

LUCAS: John Carlin led the Justice Department's National Security Division in the Obama administration. His new book, "Dawn Of The Code War," details how the DOJ built its first case against Chinese hackers back in 2014. He says indictments should not be viewed as a solution on their own. Instead, he says, they send a public signal while at the same time laying the groundwork for the U.S. to use other tools to get China to stop.

JOHN CARLIN: But if we're going to change this behavior, it has to be part of a larger strategy of raising the cost and includes all the instruments of U.S. power, including the power to sanction under the Treasury Department.

LUCAS: To date, the U.S. Treasury has not used that power against China over its cyber industrial espionage. Ryan Lucas, NPR News, Washington.

(SOUNDBITE OF PLAID'S "SLAM") Transcript provided by NPR, Copyright NPR.