Using Intelligence Against Companies That Benefit From CyberspionageUsing Intelligence Against Companies That Benefit From Cyberspionage
'Naming and shaming' the ultimate beneficiaries of stolen trade secrets can work
March 8, 2013
SAN FRANCISCO -- RSA CONFERENCE 2013 -- Identifying the human or actor behind a targeted attack -- a.k.a. attribution -- has been hotly debated over its relevance. But knowing and confirming your attacker could be a key element of ultimately making cyberespionage more costly for nation-states like China, some security experts say.
Dmitri Alperovitch, co-founder and CTO of CrowdStrike, says it's "mindboggling" to him when people say attribution of the attacker doesn't matter. "It's fundamentally critical who your enemy is," Alperovitch said here in an interview last week. "Don't you want to know if it's a murderer that's inside your house or a guy who stole your TV? You have to know what to protect."
RSA Conference 2013
The industry has evolved over the past year or so from focusing only on blocking attackers from getting in to a more pragmatic acceptance that these determined and well-funded attackers can't really be stopped and are likely already inside your network. The focus now is on how to stop them from stealing and exfiltrating sensitive information. Alperovitch said that requires a good understanding of who the people and groups are behind the attacks, so you can make it more expensive and risky for them to attack.
And the ultimate solution would be to go after the actual beneficiaries of the stolen information, such as some Chinese businesses. "It's helpful to know exactly which building, unit, affiliation, and ... yes, their faces," Alperovitch said. "But it's also helpful to understand the trade craft of that group. The strategic level of attribution is useful ... [they are] passing it to local and state-owned companies. Understanding who these companies are is important."
Many Chinese businesses also are trying to branch out globally and do business outside China, he said. "If [Chinese companies] are using stolen information, you can bring that leverage ... for trade sanctions. It may not be against China or the PLA [Peoples Liberation Army], but you could take criminal action against [the companies'] executives," for instance, he said.
The Obama administration's newly announced strategy on fighting the theft of intellectual property could help here. "We're going in that direction with the strategy the administration is trying to lay out with trade sanctions that are not specific to cyber. We need to expand that to cyber," Alperovitch said.
[The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA. See China's Cyberespionage Will Continue Unabated, Say Experts.]
Alperovitch said raising the cost of doing business for Chinese firms capitalizing on stolen U.S. intellectual property is key. And "naming and shaming" firms under suspicion of spying or being agents of the Chinese government, as with the case of Chinese telecommunications company Huawei, can help, he said.
Take Huawei, which, along with Chinese company ZTE, was called out by Congress recently as risky to do business with here in the U.S. A congressional intelligence committee warned of potential security risks to U.S. infrastructure with the Chinese companies as suppliers. The fallout has made an impact on Huawei's business aspirations in the U.S., he said. "It has made an impact on their business," Alperovitch says. "There's no question that naming and shaming can be very effective."
But what about the U.S.'s own use of cyberespionage? James Lewis, director and senior fellow of the technology and public policy program at the Center for Strategic and International Studies, in a paper published today explains the differences in how the U.S. and China each employ cyberespionage.
"The US government does not engage in economic espionage and intellectual property laws are more strongly enforced in the United Sates than in many other countries, including China. Nor are American political 'hacktivists' encouraged by the US government. The US approach to cyber conflict treats cyber techniques as traditional tool of statecraft, providing advantage in military and political intelligence, and as a new weapon to strike opponents," Lewis wrote.
"The US uses cyber techniques to monitor and assess Chinese capabilities and intentions, and to gain battlefield advantage in the event of conflict. US cyber actions, unlike Chinese cyber actions, are focused on their competitor’s official government activities and not on economic espionage. US laws effectively preclude economic espionage by government agencies and punish private individuals who breach intellectual property laws," Lewis writes.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
How to Deploy Zero Trust for Remote Workforce Security
What Ransomware Groups Look for in Enterprise Victims
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment