20 May 2014

Why US state spying is good – and Chinese state spying is bad

China has, predictably enough, come out fighting following news that five of its army officers have been charged by the FBI, which alleges they hacked into US companies to steal commercially sensitive information.

China has always responded to accusations of state-sponsored hacking by arguing that it is as much a victim as any other country, and insisting that the allegations against its service personnel are groundless. Whatever the rhetoric, it’s hard to see a scenario in which any of the accused is going to be boarding a plane to face a US court any time soon.


Perhaps the US thinks it can catch them as they travel through a jurisdiction with which America has an extradition treaty. Even if the suspects are dumb enough to do so, an arrest would spark a situation for which the phrase “diplomatic incident” would be woefully inadequate.

So, with no real chance of arrest, why did the FBI go public with allegations against specific individuals?

Privately I’ve been shown several reports from tech security companies which have contained names and photographs of Chinese state-sponsored hackers believed to be responsible for breaking into western companies’ computer networks to steal information.

Yet when the reports are released, the names and photos are left out. Why?

It’s partly because in cyberspace, attribution is a killer: the technology throws up so many opportunities to hide and obfuscate identity that finger-pointing with 100 per cent certainty is a risky business. Security firm Mandiant went further than anyone when they identified a group of hackers they claimed were behind hacks on the New York Times – and even there they stopped short of naming names.

FBI on the offensive

So it’s not that the FBI have more info than the tech security companies – it’s just that the FBI felt solid enough to go public with the names.

There could be any number of reasons behind this sudden shift to the offensive approach by the FBI. But it must be seen in the wider political context post-Snowden. From early on, the response by US spy agencies to Snowden’s revelations included an assertion that they do not spy for commercial gain.

Spying for state security is OK, they argued (in fact, that’s what American taxpayers pay us for), but spying to help US firms make a buck? No sir.

Seen from that angle, these allegations from the FBI fulfil a neat purpose: highlighting that there are different types of spying, and encouraging the public to make a qualitative distinction between US state spying (national security = good) and Chinese state spying (commercial espionage = bad).

Whether it’s a distinction that will take root remains to be seen.

Follow @geoffwhite247 on Twitter