The U.S. Justice Department dropped an indictment Tuesday on two Chinese nationals, charging them with hacking hundreds of companies, governments, non-profits, political dissidents and human rights activists around the world.
The two defendants, 34-year-old Li Xiaoyu and 33-year-old Dong Jiazhi, are alleged to have stolen terabytes of data, including trade secrets and intellectual property, from individuals and organizations across the U.S., Europe, and Asia. In recent months, the pair allegedly targeted firms engaged in COVID-19 vaccine-related research as well as pro-democracy demonstrators in Hong Kong.
In addition to spying on behalf of the Chinese government, Li and Dong are accused of having conducted cybercriminal schemes for their own personal gain. In one instance, the two allegedly extorted a company by threatening to release its software unless it paid a cryptocurrency ransom.
The indictment draws a troubling trend into sharp relief: Many governments will turn a blind eye to cybercrime as long as the perpetrators target foreigners and agree, otherwise, to do the government’s bidding. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state,” said Assistant Attorney General for National Security John C. Demers in a statement accompanying the indictment.
Ben Read, senior manager of threat intelligence analysis at Mandiant, the forensic investigations division of cybersecurity firm FireEye, said the cybercriminal-as-spy contractor relationship has multiple benefits for countries that engage in it. The setup allows spy agencies to “access a wider array of talent, while also providing some deniability” about their activities, he said.
The practice is widespread in various, mostly authoritarian, parts of the world. Russia is known to employ the services of its criminal underground when it suits the Kremlin, despite officials’ protestations to the contrary. The hackers who breached Yahoo some years ago moonlighted for Russia’s Federal Security Service, successor to the KGB. North Korea has long blended the roles of its cybercriminal-spies.
The actions of crooks and of secret agents are getting harder to separate. As John Carlin, former U.S. Assistant Attorney General for National Security during the Obama administration, put it in an interview with 60 Minutes, covered by Axios, last year: “Increasingly, you cannot tell which is which when it comes to the criminal and the intelligence agency. So one day, the same crook may be doing something purely to make a buck. But that same crook may be directed by a trained intelligence operative using the same tools and techniques to steal information from them for the goals of the state.”
Loose affiliations with rogues help regimes achieve their ends. This is, increasingly, the realpolitik of the Internet.