Diane talks with James Hohmann, national political correspondent for the Washington Post and author of the "Daily 202" newsletter.
Guest Host: Tom Gjelten
The U.S. files criminal charges accusing Chinese military officials of stealing American trade secrets. Guest host Tom Gjelten and a panel of experts discuss new efforts to fight international cyber espionage, an issue that costs US companies billions of dollars a year and threatens national security.
- Michael Leiter Senior counselor, Palantir Technologies; former director of the National Counterterrorism Center; National Security and Counterterrorism Analyst for NBC News
- David Sanger Chief Washington correspondent, The New York Times; author of "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power."
- Laura Galante Manager, threat intelligence, Mandiant
- Steven Chabinsky Senior vice president and chief risk officer, CrowdStrike, a cybersecurity detection and prevention firm; former deputy assistant director, FBI Cyber Division
- Adam Segal Greenberg Senior Fellow for China Studies at the Council on Foreign Relations; author of “Advantage: How American Innovation Can Overcome the Asian Challenge” (2011) and “Digital Dragon: High-technology Enterprises in China” (2003)
MR. TOM GJELTENThanks for joining us. I'm Tom Gjelten of NPR sitting in for Diane Rehm. She's now recovering from a bad cold, and she'll be back soon. Yesterday, the Justice Department announced a grand jury indictment of five members of the Chinese military. They face criminal charges for hacking into the computers of U.S. companies in order to steal their commercial secrets.
MR. TOM GJELTENA U.S. attorney calls it 21st century burglary. It's the first time the U.S. has filed cyberespionage charges against officials of a foreign state. Joining me in the studio to discuss yesterday's announcement, how much Chinese cyberhacking costs U.S. companies, and what can be done about it: Michael Leiter of Palantir Technologies, and David Sanger of The New York Times, and Steven Chabinsky of CrowdStrike. Also, from a studio in New York City, we have Adam Segal of the Council on Foreign Relations. Hello to all of you.
MR. MICHAEL LEITERMorning.
MR. DAVID SANGERHi, Tom.
MR. STEVEN CHABINSKYGood morning.
MR. ADAM SEGALHi, Tom.
GJELTENThis will be an important conversation. And you can get in on it. Our phone number is 800-433-8850. Our email is email@example.com. You can also message us via Facebook or Twitter. David Sanger, let's start with you. You know, one of the things that's interesting to me here is the administration's handling of this problem has evolved over the years. You remember the times when they talked about some countries engaging in cyberespionage. Then they named China as the number one culprit. And now, we have five individuals identified as cyberhackers.
SANGERNot only identified as cyberhackers, Tom, but identified as members of the People's Liberation Army. So it's interesting that they chose what is called Unit 61398, which is the cyberunit of the PLA that's in that big 12-story building out near the Shanghai Airport. And it's interesting because, in some ways, the case against this unit is the best established public case against Chinese hacking groups, even though there are probably roughly 20 others that the U.S. has identified as government-related hackers that work out of China. This is one that Mandiant, which is now part of FireEye, wrote about in a report earlier last year.
GJELTENAnd we're going to hear from Mandiant later in the hour.
SANGERRight. And the times coincident with the Mandiant report did a lot of its own reporting in Shanghai on this. And this is the unit that has gone most into commercial work on behalf of the PLA. But others, other Chinese units, go after a lot of government-related agencies, defense contractors. And it's also interesting that the U.S. chose not to pursue those right away.
GJELTENWell, give us a little bit more -- a description of what it is that was actually alleged in this indictment and which companies were involved, which targeted.
SANGERWell, in this indictment, they named companies like U.S. Steel, Alcoa, interestingly, the United Steelworkers Union, which frequently lobbies on behalf of tighter regulations or trade actions to protect U.S. workers. It named a small solar panel maker and solar energy company, and that -- those companies have frequently charged that the Chinese were giving subsidies which they said were illegal under the World Trade Organization. So it was a range of corporate entities, most of whom had been invaded either for their trade secrets or for some sense of their negotiating plans.
GJELTENMichael Leiter, how big a deal is this, do you think? How did you react to it?
LEITERWell, Tom, I think this is an enormous deal. It's a huge escalation in what has really been an ongoing set of intelligence and diplomatic discussions and negotiations between the U.S. and China, and many other countries as well. So the indictment goes back to activity in 2006. Really since at least 2006 or '07, the U.S. intelligence community has been extremely concerned with the problem. After 2010, the private sector started to recognize that problem even more. And last year, in 2013, the president brought this up with the president of China, saying, this is now unacceptable.
LEITERThis step, though, now many years into it, is really quite a bombshell. It's the first time that the U.S. has every charged military officers of another nation in committing economic espionage. The Chinese reaction has been swift and significant. And this is, although a huge escalation, I think will be the first of many follow-on escalations.
GJELTENSteve Chabinsky, you used to be in charge of cyberintelligence at the FBI. Can you give us -- without going into classified stuff, can you give us some idea of why now this indictment has taken place? Michael says that it's going back to the 2006, the investigation, when you were there. What were the considerations, do you think, in deciding to do this now, as opposed to previously?
LEITERI think this really indicates a failure in diplomatic policy, right? And it's not really on the U.S.'s side that that failure has occurred. The United States, in many, many different ways, both on the private sector side and the government side, have approached China, as have other countries, publicly have said, this has to stop. And what China's response has been repeatedly is that these allegations are false. China believes that hacking is unlawful. It's criminal. They would go against it if it were coming from China.
LEITERBut there's no proof. China says there's no proof of this. And finally, after year after year of corporations throughout the world suffering vast intellectual property theft, finally now has come, I think, the time, after diplomacy has failed, to say, OK, you're looking for proof. Here's proof that's unclassified that we are willing to establish in front of a court of law -- and you don't get more public than that.
GJELTENBut could you have done this previously if, in fact, you did not have that faith in diplomacy that the administration, the U.S. government had previously?
LEITERCertainly. This is information that has been compounding year after year. It has existed for years. The same exact charges could have been brought years earlier had diplomacy not been the logical first effort.
GJELTENRight. Adam Segal, here's the statement from the Chinese foreign ministry spokesman yesterday: "The Chinese government, the Chinese military, and their relevant personnel have never engaged or participated in cybertheft of trade secrets." What do you make of that statement?
SEGALWell, as Steve said, the traditional response from the Chinese from U.S. claims has been, we don't do it, we never hacked, and, in fact, we're the biggest victim. So this week, the Chinese had rolled out a series of IP addresses and other data points that they said prove that the U.S. was consistently hacking Chinese websites.
GJELTENWell, in fact, their position was certainly strengthened by some of the revelations from Edward Snowden over the past year where it came out that the United States, 'course, does engage in some of this type of activity, albeit for different purposes.
SEGALRight. So the U.S. has consistently tried to distinguish between the type of hacking that it conducts for national security reasons and the type of espionage we've seen from the Chinese targeted at U.S. private sector and designed to help the competitiveness of Chinese firms and the Chinese economy. That argument has really not gained a lot of traction in the rest of the world, and in China in particular. And the Snowden revelations clearly made the diplomatic efforts that we've been referring to much more difficult.
GJELTENMichael Leiter, how valid is this distinction between espionage for national security purposes which undoubtedly, on the part of the United States and other countries, includes a cyber-element and espionage for commercial advantage?
LEITERI think there is a difference in this distinction although it probably is not as great as many U.S. government officials would make of it. And it's also more than the Chinese would. People have to think about U.S. spying. And when we spy on a country like China, we are doing it for national security reasons. What does that translate to? That means, how are they building their next tank, their next fighter plane? What are they planning to do at the leadership levels in terms of their political decision making? And in some instances, we're also spying on China to understand how they view trade negotiations.
GJELTENWhat the Chinese are doing here is using their military to steal secrets from U.S. companies and then turning that information over to Chinese companies to help them economically. That's different from what we do. The perfect example would be us stealing information from Airbus and giving it to Boeing so Boeing could build more and sell more airplanes. And that's something that we don't do. That's the distinction.
GJELTENOK. That's a good example. But, David Sanger, if you were the Chinese and you were going to make -- you were going to counter this U.S. argument that there was this big distinction that's being honored here, what would be your argument? How would you disprove that?
SANGERFirst of all, I think Mike had exactly right what the distinction is and that fact that, I think, Americans seem more convinced of this than the rest of the world does. I mean, let's remember the French have been -- long have been very expert at doing state-sponsored commercial espionage. So it's not just China. If the Chinese have to go make a counterargument, they basically have two cases to make.
SANGERFirst, when the U.S. spies on behalf of trade negotiations, it's frequently benefiting a narrow group of companies, maybe the big three if it's an auto case. Or maybe it's Boeing and a trade negotiation that has to do with Airbus. But, secondly, the Snowden documents indicated that the U.S. had a major operation focused on Huawei, the Chinese networking firm. And that operation had two goals in mind. The first was to figure out whether Huawei was a front for the People's Liberation Army.
SANGERAnd it's stated quite clearly in the NSA documents that we've since received. And they had suspicions that Huawei might in fact be putting equipment in the United States that had implants in it that would enable it to funnel off any kind of Internet data that runs through their equipment. So that was a counterespionage investigation. But the second thing the NSA was doing was really fascinating.
SANGERIt wanted to learn how the Huawei equipment operates so that when Huawei sales to Cuba or Venezuela or a country that might not buy U.S. equipment, they would then have a way to get in and use that to basically monitor that country. And the Chinese would say, yeah, that's not giving the Huawei equipment and handing it off to Cisco. But it's doing something just as pernicious.
GJELTENAnd, in fact, if the United States had that information, that would have been very valuable to Cisco and to other competitors of Huawei. And we have to assume that it was not shared. But the information was very valuable.
SANGERThat's right. The U.S. says very much that it has not been shared. And I've never had anybody come out of the intelligence world, tell me any differently.
GJELTENDavid Sanger's chief Washington correspondent at The New York Times. My other guests here in the studio are Michael Leiter, senior counselor at Palantir Technologies, and former director of the National Counterterrorism Center. He's also a national security and counterterrorism analyst for NBC News. Also, Steve Chabinsky, senior vice president and chief risk officer at Crowd Strike, and Adam Segal in New York. We're going to take a short break. Stay tuned.
GJELTENAnd welcome back. I'm Tom Gjelten, and I'm sitting in for Diane Rehm today. And we're discussing this really stunning announcement down at the Justice Department yesterday that five soldiers, cyberwarriors from the People's Liberation Army in China, have been criminally charged with cyberhacking.
GJELTENMy guests here in the studio are: Michael Leiter, senior counselor at Palantir Technologies, David Sanger, chief Washington correspondent at The New York Times where he's written a lot about these issues, Steven Chabinsky, senior vice president and chief risk officer at CrowdStrike and a veteran of the cyberwars within the FBI.
GJELTENAnd joining us from a studio at the Council on Foreign Relations in New York City is Adam Segal. He is a Greenberg senior fellow for China studies at the Council on Foreign Relations. But right now I want to go to Laura Galante. She's manager of threat intelligence at FireEye, which has merged with Mandiant. And Mandiant, of course, is the firm that first identified this Chinese army unit 61398 in a report last year as being the source of cyberattacks on American companies. Welcome to "The Diane Rehm Show," Laura.
MS. LAURA GALANTEThanks for having me, Tom.
GJELTENSo we have now five members of the People's Liberation Army indicted. To what extent -- and I'm sure you're familiar with the indictment. To what extent are we seeing exactly what your company reported a year ago, or is it more detailed?
GALANTEWe're seeing exactly what we were profiling last year in APT1. And in fact the type of data theft that's in the indictment very much tracks with what we've seen probably six or seven years now. And what that is is data theft that parallels the strategic emerging industries that China lays out in its economic doctrine.
GJELTENNow one of the things that's interesting, as I say, we've got five individuals named here out of presumably thousands of cyberwarriors in China. Two questions. Do you have any idea why these five individuals would be isolated, would be selected for indictment? And, two, how is U.S. intelligence and cybersecurity firms, law enforcement agencies able to identify the individuals who are most responsible, in this case criminally responsible, for cyberhacking?
GALANTERight. When we read these first five names and looked a bit at the descriptions based on the indictment, what we noticed first here was that these are operator-level type of individuals. These are not the kind of kingpins who's ordering different operations to go down. These are people behind the keyboard doing these operations. And what -- that speaks to your second question here, which is, how do we track and understand the personas -- that's sort of the cyberterm for the people behind the operations that we're seeing.
GALANTEAnd in this case, what it takes is a long sort of tracking of the persona and what they've done online in a very diligent sort of all-source approach to understanding who might be doing that activity. And it requires research that includes what we had put forth into the report last year, everything from location records, where they've spoken at conferences, where we're able to find other tidbits of forensic detail about who might be doing that activity.
GJELTENNow, Laura, what was the purpose of Mandiant's report? I mean, you are not an agency of the U.S. government. You cannot really, you know, do any law enforcement on your own. What would be the purpose of the information that you publish? Why is it advantageous for U.S. companies to know exactly who is targeting them?
GALANTEWhat we had initially thought in the APT1 report was that the reaction that we would get from laying out what we had seen discussed against our clients for years would be an overwhelming kind of sense that this is a problem that had to be taken seriously and one of the most pressing problems to the competitiveness of U.S. firms. And our firm had, you know, a bit of a patriotic (word?) and to do something about this problem that we saw afflicting so many of our clients.
GALANTEAnd they weren't just U.S. clients, too. I mean, these were just companies where their R&D gains had been wiped out based on the data theft that they had seen from their networks. So putting this forward was an attempt to lay this problem out at a higher level. It's sort of a (unintelligible) executive level and then at a policymaker and decision level on the government side.
GJELTENOK. Laura, The Wall Street Journal is reporting this morning citing U.S. officials as saying hackers in Russia are likely to be charged soon and that the U.S. is also investigating Iran and Syrian connections. Has your firm broadened its inquiry into this hacking to look at what's going on in other countries besides China?
GALANTEWe're on the front lines network defense. And what that means -- we're agnostic about what threat we're tracking. We're just looking at what's coming in at a client environment. And in some cases, we have seen Iran-based activity in a client's network. We profiled that a bit in a report last month. And in that, we saw energy companies and also some state agencies targeted by Iran-based groups. We've also followed the Syrian electronic army and profiled some of the events that we've seen on our clients' networks perpetrated by that group.
GJELTENOK. One final question, Laura. What is your advice -- your company's advice for how companies can protect themselves against, as you say, these advanced and persistent threats?
GALANTEHaving the right network defense posture, the right resource is key. The second piece is understanding what your company's information assets are. It's easy to think of the proprietary information, the blue prints for a plane, the research behind the drug that you're putting out, but what people don't think of is the larger data about negotiations that you might have, executive emails, organizational charts, boardroom meeting minutes. These are the type of assets that, as we see in these indictments, are key for the adversary to acquire in order to enhance the competitiveness of these companies.
GJELTENOK. Laura Galante is manager of threat intelligence at FireEye, which was formerly the Mandiant firm. It's a cybersecurity consulting firm. And thank you, Laura, for joining this conversation.
GJELTENI want to go back now to Adam Segal in New York. Adam, what do you make so far of the Chinese reaction to this indictment? And I think we can all assume that we're -- given that there's no extradition treaty between the United States and China, we're never going to see these five guys in a U.S. court, correct?
SEGALNo. And that will never happen. I think we're waiting to see if the other shoe's going to drop. So far the Chinese reaction has been limited to calling in U.S. ambassadors to China, Max Baucus, and expressing their displeasure and cancelling the U.S. China cybersecurity working group that was supposed to meet in July.
SEGALThe speculation about what China will do as they move ahead is, will they consider indicting U.S. officials who might be linked to NSA hacking if China -- or will they take it out on U.S. firms? I think that it's more likely that the pressure on U.S. technology firms in China is going to increase. And it's unlikely that the Chinese will escalate to the level of, you know, indicting Gen. Alexander or someone else.
GJELTENYou know, Adam, I saw a new report this morning that China has banned government purchases of Windows 8. Now, this is actually an announcement that preceded the indictment. And since everybody says that they were stunned and surprised by this indictment, well, we don't know, maybe China saw it coming. But as of last weekend apparently, China has barred Windows 8 devices from at least some government IT purchases. Could we see sort of a cyberindustry trade war developing here between the United States and China?
SEGALI think the Microsoft 8 decision is a fallout more broadly of the Snowden revelations. What we've seen since those revelations is a constant drumbeat in the Chinese press about U.S. technology companies and their role in the China market and the fear of China of its dependence on the West. In particular, the Chinese press has gone after Cisco and IBM, Oracle, Microsoft, and these other companies. So I would just suspect that that pressure's going to increase. And we've already kind of seen how the Chinese are shifting government procurement away from U.S. companies and trying to create Chinese competitors.
GJELTENSteve Chabinsky, you mentioned before some of the reasons that the United States did not make this move previously. Is there any -- was there -- on the one hand, you said that faith was in diplomacy, but is there any risk in taking this prosecutorial action?
CHABINSKYI think there is a risk. There's -- obviously you're starting out with the risk that our economy and other nation's economies certainly are facing the harm from China. So that's a certainty, and it's getting worse and worse. And people are talking about this in terms of existential terms that we've got companies that are going out of business.
CHABINSKYSo we know that doing nothing seems unacceptable. And the idea of going to China and them asking for proof, it reminds me of the old phrase which, as a lawyer, I've always appreciated this. You know, you say -- admit nothing, deny everything, and make counter allegations. And I heard this with respect to making analogy to a dog. You say, I don't have a dog, and then you say, my dog doesn't bite. And then you say, you provoked him.
CHABINSKYAnd so, you know, China here, right, what's happening is you have -- the United States has this ability to publicly self-criticize, right. We just talk about it in the press, and we allow everyone else to say, United States shouldn't be doing all of this spying and the like. But what you're seeing on the China side is not this notion of -- this is more reason to have the cybersecurity working group, right, this -- let's get this out on the table.
CHABINSKYThey continue this notion of denying it. So I think there is a risk through any prosecutorial effort. But, at the same hand, the cost of doing nothing has increased so much that it's just not really appropriate to continue.
SANGERYou know, I think Steve raises a really interesting question. On the one hand, the U.S. has tried this diplomatically to the point that before Secretary Hagel, Chuck Hagel, went to China last month, the U.S. sat down and gave a presentation to the Chinese about U.S. cyberstrategy, both cyberoffense and cyberdefense. It was obviously at a pretty general level. But the effort was to try to get the Chinese to do exactly what Steve mentioned -- they haven't done yet -- which is come out and say, OK, so here's our presentation of how we use cyberweapons, how we use cyberespionage, how we don't.
SANGERI think that part of the difficulty here is that both countries have no-go areas. So the Chinese won't admit that the PLA has these units that steal on behalf of Chinese companies, many of those companies owned partially or in whole by the PLA itself and enriching the Chinese military leadership. The U.S. has got its own neurologic element here, which is that it does not want to discuss its offensive cybercapabilities.
SANGERSo obviously, as we've reported and others have, the U.S. was a major player in the big cyberattack on Iran called Stuxnet or Olympic Games. But the U.S. has never really come out, until recently, to even admit that they have offensive cyberweapons or what the rules are under which they would be used. So I think one thing that might come out of this that would be helpful is if both countries began to talk far more openly about what they have, what they don't have, and what their rules of the road are.
GJELTENMichael Leiter, in order for this to lead to a positive outcome, how important is international collaboration and, let's say, support from U.S. allies for this effort on the part of the United States?
LEITERI think building a broader coalition and sort of catalyzing the international response is critical here because certainly charging five people is not going to stop the Chinese. And I think, as Steve and others have said, we'll probably see some economic retaliation in terms of business opportunities for U.S. companies in China.
LEITERI think that, in fact, this isn't U.S. versus China. It's really most of the world. And even other countries that do economic espionage do nothing remotely like the scale and scope of China. So this is the first step in catalyzing a broader international trade conversation about what is and is not acceptable.
GJELTENMichael Leiter is senior counselor at Palantir Technologies. I'm Tom Gjelten. You're listening to "The Diane Rehm Show." Well, Steve Chabinsky, what is the -- OK, you were talking before about the risk here. What are sort of the -- what's the upside here? What can be gained -- given that these guys are not going to be brought to a U.S. court, what can be gained from this?
CHABINSKYI think there are probably three things that are gained here. One is really just the publication itself as an education tool for the world saying, this is what we're seeing. Despite, you know, denial after denial, we are going to lay out all the facts so people can understand it from the U.S. government despite the fact that private companies have repeatedly discussed these things publicly. The government has not laid out its case. And it did so in this indictment in a very understandable way.
CHABINSKYI think the second thing is it really is saying to China, we're not forgetting about this, right. There have been the Snowden revelations. We've been back against -- you know, on our heels but that doesn't mean that the world is open to China for theft, right. At least that we can at least have a sophisticated conversation about all of these issues at once, I think that that's something that needs to be gained, that it shows that the United States is not putting aside year and year and year of discussion about this issue.
CHABINSKYAnd I think that the third thing, it might sound unlikely but when young people are looking for their places of employment and what they're going to do for a living, the idea that if you're engaged in economic espionage at least, that you might end up being named in a complaint, these people really can never travel again. I don't know that they were the traveling kind before this happened, but they're certainly not the traveling kind now. They would be arrested in any -- in multiple areas. And anyone who comes after them might really have to think that same way.
GJELTENDavid Sanger, do you have any idea why these five individuals were named? Are these, as Steve alludes, you know, are they possibly the ones that would be most likely to travel and most personally hurt by an indictment like this?
SANGERWell, as Laura Galante pointed out, most of them are at the operator level. And it's interesting because it'd be good to know whether U.S. intelligence had a sense of how high up the PLA hierarchy or up the political hierarchy in China these operations are ordered, who knows about them, who doesn't know about them.
SANGERWhat little we know about the five who have been named, one of them, the first one named in the indictment goes by the wonderful moniker online of Ugly Gorilla. You can't make this stuff up, right. And he has been around for a long time and has a fairly long online history that was tracked first in the report that came out by Mandiant but also in some subsequent reporting. It doesn't seem like he's left China a whole lot, but you don't know a whole lot about his travel habits.
SANGERWhat is remarkable is the discipline of these guys. They come in in the morning. It's sort of a 9:00 to 5:00 job. They sit down. They identify their target companies. They go after them. They take a lunch break, they play video games, they email their friends, and they get back to work.
GJELTENAnd by analyzing keystrokes, we can record every movement that they make as you did.
GJELTENAdam Segal, we've talked before about the temptation that U.S. companies have to continue doing business in China. Have you seen any difference in the eagerness with which U.S. companies pursue the Chinese market as a result of what they're now facing, what they apparently have been facing for years?
SEGALReally, the American companies seem as schizophrenic as ever. When you do surveys of them, they continually to mark intellectual property theft, and cyber in particular, as a growing concern. In the most recent survey, they say that the attacks are going up. But in the next set of questions about, will this affect your investment decisions, they almost always say no. They still see China as essential to their future, and they see it as an important global platform. And they're going to continue to invest there, from what we can tell.
GJELTENAdam Segal is Greenberg senior fellow for China studies at the Council on Foreign Relations. He's also the author of "Advantage: How American Innovation Can Overcome the Asian Challenge," also "Digital Dragon: High-technology Enterprises in China." We're going to take a short break right now. Stay tuned. We'll be right back.
GJELTENAnd welcome back. I'm Tom Gjelten sitting in today for Diane Rehm. And we're talking about the announcement at the Justice Department yesterday of five criminal indictments of Chinese cyberwarriors for engaging in cyberespionage against five U.S. companies. We were talking before the break about why those individuals were chosen for these indictments.
GJELTENLet's consider for a moment, Michael Leiter, why these five companies, among all the -- Mandiant says, what, 140 companies were actually targeted in their report. But we have identified five companies here. What do you think might be the rationale for choosing these particular companies?
LEITERTom, a lot of companies, as Adam noted, are really schizophrenic about this. They see the threat from China, but China is also an enormous market for them. These companies in particular, though, are ones that try to do joint ventures in China, largely saw those, I think, torpedoed in part by this intellectual property theft and now are largely competitors with China, not trying to do as much business as some other sectors are in China, so they're more willing to go public about these. But we shouldn't think that the Chinese theft is just limited to these sectors.
LEITERThis goes on in aerospace, other manufacturing, professional services, technology, so it really is a broad threat. But this group probably saw their prospects in China as being sufficiently minimal, that they were willing to be the public face of this Chinese threat.
GJELTENAnd so it's a clear of example of damage, the damage to these companies that has been done as a result of this.
LEITERThat's absolutely true, especially in the world of solar technology. Lots of accusations are already in the trade negotiations about dumping, and clearly that could have been supported by some of these Chinese actions.
GJELTENI want to bring some of our listeners in on this conversation now. Stan writes an email here. And I'm going to give this to you, Steven. "Why is no one in the legal commentariat" -- and that's where you are nowadays -- "calling the DOJ indictment for what it is, a legal stunt with no chance of coming to trial, to say nothing of turning international law on its head.
GJELTEN"How would the U.S. regard such suits against American citizens for, for example, collecting their phone records against their domestic laws? This erodes DOJ's legitimate law enforcement efforts in other areas and makes the department look like it's subject to manipulation for diplomatic purposes."
CHABINSKYI think it's a good question. Certainly the department has to consider whether or not it's looking as though it's politicized. The charges that are made have, you know, a long history in the department of being raised. We've brought any number of economic espionage cases against Chinese nationalists who have been on the ground here or brought information back to China.
CHABINSKYSo to me it appears that this is a natural extension of what the department typically would do. But the underlying real question of that is, is it hypocrisy, right? Is this something that we would accept from other nation states doing? And I think that that's a really important question. We have seen, in the past, other nations bringing charges against spies, including U.S. spies. We saw Italy doing just that.
CHABINSKYAnd so I think that what I'm concerned about in this dialogue is not those types of questions because I think that those are the right questions. What I'm concerned about is that those questions end up serving as smoke and mirrors, right? So that it almost says, because we don't want to talk about, you know, this one area, we should ignore the China problem, right?
CHABINSKYLet's talk about all of it. I think that that's really what we could gain from this dialogue, which is let's not use it, you know, the counter allegations, to defeat the discussion about what's happening in surveillance. Let's use it to energize it and talk across the entirety.
GJELTENAdam Segal, I wanted to get you to address this issue of the distinction the U.S. makes between commercial espionage and security espionage. How is that distinction seen in China, where the economic interest of the state is a security interest, and where most of the enterprises are, in fact, state-owned? What happens to that distinction in the context of China?
SEGALWell, I think that what you've seen is that the Chinese really don't hold that distinction. They have a conception of comprehensive national power that involves military power, economic power, private actors, and all of that is fed into one view of how a country is doing on the international scene. And so the Chinese really don't see any distinction between spying on Google or Alcoa or a U.S. company and what the U.S. is doing to Huawei or the Chinese military.
GJELTENAnd if China doesn't see that distinction, David Sanger, they're not going to be impressed by this U.S. argument. I mean, it won't even make sense to them.
SANGERThat's right. And, you know, to some degree there is sort of some willful denial here. And they hear what President Obama, they hear what Eric Holder says, and they don't want to believe it. But I think that Adam makes a good point because to them, I think, it is very hard to understand that American companies might not be acting on behalf of the American state. And here, again, the Snowden revelations sort of step in because you had cases in which the telecom companies were participating with the U.S., sometimes under court order, sometimes not.
SANGERThere's a belief among the Chinese that Google operates on behalf of the U.S. And, of course, all countries have used the Snowden revelations for their trade advantage. So it's not just the Chinese who are saying, don't buy Windows 8. It was the Germans talking about building a German-only cloud for computer data, so that -- they thought that they would somehow be safer from the NSA.
GJELTENLet's go now to Kelly who's on the line from Durham, N.C. Hello, Kelly. Thanks for calling "The Diane Rehm Show."
KELLYHi. Thank you.
KELLYMy question relates to kind of the culture that is specific in China and a lot of Asia as well. Is this espionage thing more related to the idea that China readily echoes the consumer level and the enterprise level? Doesn't the patent for intellectual property the same as the U.S. or other countries around the world? You know, the majority of the manufacturing is in China. And we know that…
KELLYYou know, we know that they know how to make the things that we have intellectual property for. So how does that relate to this? Is it a cultural thing?
GJELTENWell, Michael Leiter, commercial secrets, I think, have to be considered intellectual property. So Kelly makes a good point that this is fitting into a larger issue that China just doesn't have the respect for intellectual property -- be it trade secrets, be it patents -- that you see in other countries.
LEITERThat's absolutely right. There's an enormous cultural chasm here. As David already said, there is no real distinction from the Chinese perspective between their state-owned entities or doing economic activity and their government organizations which are protecting military secrets. They simply don't see that. And they don't see intellectual property in the same vein we do.
LEITERWhat this will require is that the U.S. government and the private sector cooperate more deeply because it is not going to be solved by any side here. We're not going to stop the Chinese from doing this entirely. We have to deter it. And companies are going to have to realize that the government itself isn't going to stop this or solve this problem for them.
GJELTENMichael, speaking of cooperation between the government and the private sector, you were mentioning during the break that the FBI actually gets some collaboration with Carnegie Mellon University in this field. I mean, this is an area where the government has to reach out to partners, find partners to pursue these inquiries.
LEITERAbsolutely. I don't think it's any secret that the government doesn't always have the best technological minds in the United States. Many of those are in academia and the private sector. So the FBI has very wisely, I think, partnered with great institutions like Carnegie Mellow, to increase their understanding of the technological landscape. And that happens to be in Pittsburgh. And I think it has provided the FBI with a really needed technological boost in their personnel and their capability to look at this sort of 21st century espionage.
GJELTENDavid happened to be in Pittsburgh -- well, five of the -- several of the companies that were mentioned in this indictment happen to be in Pittsburgh.
SANGERThat's right. And they're brought by a U.S. attorney for that region. I think what's interesting is, as we were noting before, one of the companies was actually owned by a German parent, which I think was probably -- if that was a deliberate choice, was a smart one to begin to build the kind of networks that Mike talked about before.
SANGERI think the interesting question is what does the U.S. have in its back pocket, in case the Chinese escalate? So let's assume, you know, in the nuclear world, you always tried to think out, you know, past the first strike and the second strike. So let's assume that the Chinese do something to make life more miserable for American companies in China. If there are 20 other groups, does the U.S. have the evidence in hand to go up the food chain in the People's Liberation Army, begin to get its senior officers and begin to get at those who are launching on other targets that may not be merely trade-secret theft?
GJELTENAdam Segal, do you have any thoughts on that?
SEGALI think David's right. I think we'll probably be relatively hesitant to reveal that information, since I suspect it'll involve more intelligence assets on our side. I think the larger question that we don't have the answer to is what does the top know and when did it know it? We know that this year that Xi Jinping formed a leadership group, a kind of a small working group on cybersecurity issues. I don't think there's any doubt that the top leadership knows that the cyberhacking happens.
SEGALI doubt they have any idea of what the targets are and how extensive it is. So, you know, we have this real question about how the -- what's happening at the local level is transferred to the central level and why they know and how much they can control.
GJELTENSteve Chabinsky, we've been focusing here on -- and this is what the FBI emphasizes as well -- the commercial stakes here for U.S. companies. But some of these companies were involved in the nuclear industry. Does that connection raise any special concerns?
CHABINSKYIt does because, when people think about computers, you know, the public tends to think about data, right? People keep stealing information. We've been talking about the theft of information during this entire show. But when you break into a computer, you also have the ability to alter the integrity of the computer, to shut down its availability. And some of these computers run industrial control systems of critical infrastructure, like nuclear power.
CHABINSKYAnd when David brought up before the instance of Stuxnet, which involved nuclear enrichment and getting into the computers in order to shut down the enrichment of uranium, it shows the capacity of remote hacking. And if you have the blueprints for another country's critical infrastructure, you can get in in advance of war, prep the battle space, and then, in time of conflict, whether it's a regional conflict or an international conflict, quite effectively ruin, you know, eliminate your opponent's capacity before the war even starts.
GJELTENThat's another scenario here, David. That's pretty worrisome.
SANGERIt is. And Steve raised a really interesting point with this because doing cyberespionage is a little bit unlike doing traditional espionage where you might put a satellite up or a plane up to go look. In these cases, you need to put an implant in a foreign computer system. The U.S. does this. We've reported there are probably 80,000 to 100,000 U.S. installed implants around the world. And the Chinese do it.
SANGERAnd we worry about it because the same implant that can be used for surveillance, can be used under different circumstances with the right kind of system set up, to take over a computer system, as happened in Stuxnet. And in the Chinese case, it was a really interesting example we wrote about last year where the Canadian division of a gas pipeline company was completely cleaned out by a Chinese set of hackers.
SANGERAnd the question was, were the Chinese after how you design the gas pipeline or were they trying to be able to take over this pipeline, which controlled 60 or 70 percent of the gas that flows through the U.S.? And the valves are all automated, so you could sit at a keyboard somewhere and turn on and off valves.
GJELTENDavid Sanger is chief Washington correspondent at The New York Times. He's also the author of "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power," a book in which he talks about these very specific cyberwar scenarios. I'm Tom Gjelten. You're listening to "The Diane Rehm Show." And I want to go now to Roy, who's on the line from Indiana. Hello, Roy. Thanks for calling "The Diane Rehm Show."
ROYThank you. I'm a long-time listener. Appreciate the format in which do your discussions. This is scaring me to death. OK. The discussion -- you're all way above my head, naturally. But I think I'd like to hear your comments on a way to resolve this. Number one, I don't think there is a way to resolve this. And I think it's all a smoke screen. Why don't we bring our American jobs and American companies or international companies back over here, OK, where we can control them? We can't dictate to China what to do with them.
ROYAnd the fact is we probably gave them all this technology. They're in American-owned companies in China or China-run companies over there that are American financed. They have all this data on their computers anyway. There's Chinese people running our databases over there. We gave them this technology. I think this is wrong for us to strike out at them when we gave it to them. It's all part of a propaganda type of thing. I'd like your comments.
GJELTENOK, Roy. Yeah, well, Adam Segal, the truth is, as you said before, a lot of these U.S. companies are there on their own decision. And they are somewhat schizophrenic about it. It's really not up to the U.S. government whether those U.S. companies -- or I suppose you could talk about sanctions or something like that, but really these companies have to make their own decisions based on their calculation of risks and benefits, right?
SEGALI mean, I think if you look back at the last 20 or 30 years of globalization, it's clear that both the United States and China benefited immensely from it. The United States, you know, benefited from incredibly low prices for everything that we consume that's made in China. And the Chinese, as the caller pointed out, absorbed a huge amount of technology from the West and from Japan. Most of it legally through joint ventures and technology transfers. And a lot of it illegally through theft and other types of espionage.
SEGALSo I think the question is as we move forward, we have an international trade system that's been based on the assumption that the United States can continue to move up the value chain by innovating. And so these threats, these attacks on U.S. R&D capabilities is a real challenge to the United States and to the larger international system.
GJELTENSteve Chabinsky, you know, Attorney General Holder said these are the first ever charges against known state actors for infiltrating U.S. commercial targets by cyber means. But it's not the first time Chinese nationals have been criminally charged with cyberespionage. What's the new thing here in particular and what's happened in those prior cases?
CHABINSKYWell, in diplomatic circles you try to handle things at the lowest level possible. The highest escalatory action a state can take is to make it nation state versus nation state. So to the extent possible, what you prefer, as between nations, is that private-sector companies go against private-sector companies in civil hearings, whether it's through litigation, the World Trade Organization or any number of those.
CHABINSKYThe next thing is that you'd have the government go against a private-sector individual who's accused of spying. Here's it's as high as you can get. Right? Because you have the U.S. government going after people who are employed by the Chinese government. And that is escalatory.
GJELTENSteven Chabinsky is senior vice president and chief risk officer at CrowdStrike, a cybersecurity firm, and he's former deputy assistant director at the FBI's Cyber Division and chief of the Bureau's Cyber Intelligence Section. My other guests in this crowded hour were Michael Leiter, senior counselor at Palantir Technologies, and formerly the director of the National Counterterrorism Center. He's now a national security and counterterrorism analyst for NBC News.
GJELTENAlso, David Sanger, chief Washington correspondent at The New York Times. In New York, Adam Segal, he is Greenberg senior fellow for China studies at the Council on Foreign Relations. We were joined early in the hour by Laura Galante, manager of threat intelligence at FireEye, a cybersecurity consulting firm. Thanks to all my guests. Thanks for listening. I'm Tom Gjelten.
Most Recent Shows
Diane talks with Adrienne LaFrance, executive editor of The Atlantic. She wrote a story in July called "The Prophecies of Q."
Diane talks with Mary Ziegler, professor at Florida State University College of Law and author of "Abortion in America: A Legal History, Roe v. Wade to the Present."
Diane talks with election law professor Edward Foley about what we're seeing and what to watch for as we approach the November 3rd general election.