China’s military accused of hacking scheme; cyberattacks tracked to Shanghai intel unit

Late last year, the Justice Department quietly began training a nationwide network of national security prosecutors to focus on state-sponsored hacking.

The nearly 100-member National Security Cyber Specialists network will explore “investigations and prosecutions as viable options for deterrence and disruption as part of the government-wide response to these threats,” the Justice Department said in a statement.

The online intrusions identified by their sophistication, persistence and scale as state-sponsored generally target commercially vital or security-sensitive information — stealing military or trade secrets.

It is significant that the new cyber lawyers are in the National Security Division — the secretive part of the Justice Department that deals with espionage and terrorism cases, a former senior U.S. prosecutor told The Washington Times.

“Generally, [hacking] would be investigated as a national security case if we believed it was state-sponsored,” said Michael DuBose, former head of the department’s computer crime section that prosecutes criminal hackers.

The department has worked with foreign law enforcement to indict and prosecute Eastern European cybercrime gangs for fraud and other financial crimes. Even Chinese authorities have cooperated — in a recent joint investigation into a child-torture pornography ring based in China and New York.

But no indictments have been brought for state-sponsored hacking, a fact that Mr. DuBose said is not surprising. “The level of evidence required is quite high,” he said.

The cooperation of Chinese investigators and courts would be needed “to get the kind of evidence you need to prove who was actually at the keyboard” carrying out the attack, said Mr. DuBose, now an executive at the global security company Kroll Advisory Services. “The likelihood of a successful prosecution is small without the cooperation [in gathering evidence] of the Chinese government.”

However, Mr. Baker, now a partner at the Steptoe & Johnson law firm, said that evidence could be acquired in other ways.

“That’s a job for the intelligence community,” he told The Times, using the term of art for the government’s 16 spy agencies. “It’s well within their competence and jurisdiction. It’s simply a matter of priorities and their willingness to take a degree of risk.”

In the 1990s, federal prosecutors from the Southern District of New York worked with the CIA and other intelligence agencies to get evidence for cases against al Qaeda terrorists that eventually were made public.

“You’ve got to find ways to protect [intelligence] sources and methods, but that is simply a matter of applying sufficient energy and ingenuity to the problem,” Mr. Baker said.

He said U.S. agencies should be embarrassed that a private company had been able to do such an excellent job of tracking the hackers.

‘It’s a black box’

Mandiant’s Mr. McWhorter said security specialists were able to track the stolen data as the hackers copied it from the compromised computers and digitally shipped it to Shanghai. The Mandiant team even watched some of the hackers use their cyberattack infrastructure to log on to personal email or Facebook accounts — revealing their names and phone numbers.

Story Continues →

© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.