Thursday, May 29, 2014

International Investigation Conducted Jointly By FBI And China's MPS Results In Multiple Arrests

One well-known definition of insanity is to repeat the same action and expect a different result. The Administration's repeated attempts to force China to slow or stop its cyber espionage activities have all failed. And yet for some reason the President and his advisers thought that they just needed to find a different hammer - like a criminal indictment that only served to make matters worse for U.S. companies who need to do business there. 

If only there were some examples of how collaboration with China could be successful. Oh wait - there are! 

July 23, 2007 FBI Los Angeles CA.
International Investigation Conducted Jointly By FBI And Law Enforcement Authorities In People’s Republic Of China Results In Multiple Arrests In China And Seizures Of Counterfeit Microsoft And Symantec Software

"A joint investigation conducted by the FBI and authorities with the People’s Republic of China’s (PRC) Ministry of Public Security (MPS) has resulted in multiple arrests and the seizure of more than a half billion dollars worth of counterfeit software, announced J. Stephen Tidwell, Assistant Director in Charge of the FBI in Los Angeles, and Steven Hendershot, the FBI’s Legal Attache in Beijing, China."

"The operation, codenamed “Summer Solstice,” began in 2005 and since then, law enforcement in both countries have worked closely by sharing information to jointly investigate multinational conspiracies by groups who manufacture and distribute counterfeit software products around the world. This unprecedented cooperative effort led to the arrest of twenty five individuals, the search of multiple businesses and residential locations, asset seizures by the Chinese government worth over $7 million, and the seizure of over 290,000 counterfeit software CDs and COAs (certificates of authenticity) in China. The counterfeit software has an estimated retail value of $500 million. In addition, Agents with the FBI’s Los Angeles Field Office executed 24 searches and asset seizure warrants, yielding approximately $2 million in counterfeit software products, in addition to assets seized by the U.S. government worth over $700,000. Operation Summer Solstice encompasses multiple investigations currently being conducted by the FBI in Los Angeles and the MPS, Economic Crime Investigation Department (ECID), in which criminal organizations responsible for manufacturing and distributing counterfeit software have been identified in both Shanghai and Shenzhen; as were distributors located in the United States." Read more.

January 27, 2014
FBI Teams With China to Nab Alleged Hackers By Dune Lawrence
     "The U.S. last week brought charges against two Arkansas men for operating an e-mail hacking website,, which offered to obtain passwords to any e-mail account for a fee. The scheme, operated by Mark Anthony Townsend of Cedarville, Ark., and Joshua Alan Tabor of Prairie Grove, affected some 6,000 accounts, according to a Jan. 24 press release from the Federal Bureau of Investigations. Cedarville and Prairie Grove have a combined population of less than 6,000 people. Yet the investigation into the website stretched around the globe.""Three customers, scattered across California, Michigan, and the Bronx, have been charged with hiring the hackers. One of them, John Ross Jesensky of Northridge, Calif., allegedly paid $21,675 to a Chinese website to get e-mail account passwords, according to the release. The FBI coordinated its investigation with law enforcement agencies in Romania, India, and China, resulting in arrests in all three countries. China’s Ministry of Public Security arrested Ying Liu, also known as Brent Liu, for operating the website—an arrest noted in the FBI press release and also in a separate announcement on the ministry’s website, dated Jan. 27." Read more.

Doesn't it make more sense to model national policy in cyberspace after successes, like the above, instead of after failures like "naming and shaming", or issuing a criminal indictment that's too weak to ever see the inside of a courtroom?

And let's not try to formulate a policy around an impossibility. Anyone who thinks that China can be persuaded to stop conducting cyber espionage is naive at best. The only time that will happen is when China has achieved a sufficient level of technological advancement where it can rely upon its own domestic R&D to deliver its long-term goals. The downside is that when that day comes, foreign companies (especially U.S. companies) who have been granted access to the Chinese market in exchange for bringing their R&D labs to China will find that things have changed for the worse for them.

Our current ineffective and counter-productive "Asia pivot" stems from early flawed early assumptions on the part of cyber security professionals that all acts of cyber espionage were done by China and all acts of financial crime were done by Russians and Eastern Europeans; that only a nation state could create a Zero-day; that the Chinese government exercised complete control over its own hacker population - all assumptions by the way which have been proven to be false. And the fact that those bad assumptions were ever formulated and accepted as doctrine to begin with is a testament to what happens when intelligence is driven by SIGINT alone without the benefit of HUMINT to confirm the analysis or vet the sources.

Read Peter Mattis' excellent "China's Amateur Spying Problem" if you're interested in learning how little control the Chinese government has over it's own hacker population. Read the Financial Times article "Chinese Cyber Crime: More Crooks Than Patriots" and learn about the growth of China's mercenary hacker groups. 

The best opportunity that the U.S. government has to manage cyber espionage activities in China is to build on the successes that the FBI has had with the Ministry of Public Security and go after independent hacker groups who are attacking Chinese government websites and Chinese corporations from inside China's IP space. This type of collaboration would yield hard intelligence on the actual identities of hackers who steal for profit. Once some successes are achieved and trust is regained, it might even provide the White House with reliable cyber intelligence estimates based upon in-country sources; i.e. HUMINT.

On the other hand, to quote Paul Pillar, "no amount of intelligence with integrity can overcome policy without integrity."


"Hacking is Deep and Diverse, Experts Say" - Wall Street Journal 29 May 2014

No comments:

Post a Comment