To say that the feds have been busy would be an understatement. On the same day that the Department of Justice announced indictments against five Chinese officials for hacking into U.S. companies’ computers and stealing secrets, the FBI unsealed the arrests of around 100 other hackers for using the BlackShades malware to steal information from computers.
While these were separate, unrelated actions, the mood of the Obama administrations is clear. Foreign threats to U.S. cyber interests would be dealt with strongly—strongly enough in fact that the Chinese Foreign Ministry told The Wall Street Journal that the United States made up its allegations.
“This U.S. move, which is based on fabricated facts, grossly violates the basic norms governing international relations and jeopardizes China-U.S. cooperation and mutual trust,” spokesman Qin Gang said in The Journal article. “The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber-theft of trade secrets. The U.S. accusation against Chinese personnel is purely ungrounded and absurd.”
In its action against the Chinese military officials, the Justice Department took the unusual step of providing specifics and photos of the alleged offenders, and it produced a chart of who it says is guilty of what. The action against the global network of BlackShades malware was handled differently.
In its move against the BlackShades network, the FBI worked with its European counterparts to find and arrest about 100 people who are alleged to have installed software necessary to have distributed the malware to computers around the world. Those people are in FBI custody or in the custody of the intelligence services of their respective countries.
Together, these indictments and arrests signal a new, tougher stance on international cyber-crime. In the process, the United States is making the alleged perpetrators accountable for their activities.
The move against the Chinese officials is a little less direct, however. The chances of the Chinese government actually extraditing its officials to the United States to stand trial are nil. As long as those officials stay in China, they’re probably safe. But if they leave the country, they’ll be viewed as international fugitives and most countries through which they might travel could decide to arrest them and turn them over to the United States.
It’s also clear that the indictments and arrests have only just begun. “With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber-espionage from all sources,” said FBI Director James Comey in a prepared statement. Comey noted that there are many more victims and many more steps to be accomplished.
Indictments Against Chinese, Blackshades Ring a Bold Move by DOJ
The moves by the DOJ are likely to have repercussions, however. China is already complaining of spying by the United States, some of it in response to revelations by Edward Snowden and the Foreign Ministry has announced that it’s suspending participation in a cyber-security working group set up with the United States last year. It’s also likely that the Chinese government will level charges against some U.S. officials for spying on China.
One difference so far is that U.S. cyber-security experts say they already have conclusive evidence of China’s break-ins. Those experts, including some at victimized companies, have been able to trace the hackers back to their source, and identify the specific computers and the specific users involved. At one point, the Chinese hackers tried to eliminate evidence of their activities, but were caught in the act.
The action in Europe caught the hackers by surprise. Reportedly, the FBI had quietly penetrated the servers in Europe where the BlackShades malware was stored for download, then effectively took over the servers. Then, the investigators recorded the details of everyone who had purchased the malware to distribute it to victims’ computers. All that remained for the FBI and the European intelligence agencies it was working with to do was to wait until the software was used and then nab them.
A few of those arrested were able to get warnings out, but by the time that happened, the law-enforcement and intelligence agencies already had the evidence they needed and had tracked down the suspects, so the warnings were too late.
The BlackShades malware was distributed as commercial software. The developers employed a number of administrators, a director of marketing and even customer service staff. The result was a commercial packaged malware product designed to be used by anyone.
According to FBI Special Agent Leo Taddeo in the New York field office, “To borrow a phrase from a popular advertising campaign, BlackShades made taking over a computer so easy even a caveman could do it.” Taddeo made his comments at the press conference announcing the BlackShades arrests.
The problem with commercial quality malware such as BlackShades coupled with state-sponsored hacking from countries like China is that it raises the overall threat level significantly. There was a time when breaking into computers required at least some skill and a lot of effort. Now that’s not the case.
Pretty much anyone—or any country—can put together the tools necessary to break into commercial targets and steal information that can assist in crime or cyber-warfare. Now, sophisticated attacks can come from anywhere and will be harder to fight off than ever.