A ten-year retrospective on the monumental cyberespionage indictment.
In this special edition of the CAVEAT Newsletter, we will be conducting a deep dive on a monumental indictment that had long-reaching impacts from ten years ago. With this indictment reaching its tenth anniversary, CyberWire recently sat down with Dave Hickton, the former United States (US) Attorney who issued the first indictment against foreign hackers. Dave Hickton, once a former US Attorney and now the Founding Director of the Institute for Cyber Law, Policy, and Security at the University of Pittsburgh, discusses this landmark indictment and its impacts on the world.
The Indictment.
Filed ten years ago, Hickton’s indictment marked the first time that criminal charges were filed against known state actors for hacking activities. At the time, Hickton was a US Attorney working for the Western District of Pennsylvania (WDPA), and he and his team were instrumental in their efforts to file these charges. For context, the indictment alleged that five Chinese military actors conspired to target and hack American entities to steal intellectual property and conduct economic espionage among other offenses. Their hostile actions were directed at six US entities involved in the nuclear power, metals, and solar industries. In total, there were thirty-one charges filed against these five actors. When first released, this indictment created significant political turmoil as Chinese officials responded by stating that the indictment was based on “fabricated facts” and “grossly [violated] the basic norms governing international relations and [jeopardized] China-US cooperation.” The Federal Bureau of Investigation director at the time, James Comey, responded to these statements by saying that if China believed the charges were fabricated then they should “come over to Pittsburgh and embarrass us by forcing us to put up or shut up and we’ll put up.”
One of the most impactful arguments presented throughout this indictment was that while countries routinely conduct espionage activities for security purposes, conducting these same activities for commercial advantage should be universally discouraged. During the interview, Hickton further elaborates on this argument, highlighting how he believes conducting espionage activities for security purposes provides a sense of security for nations as they can more easily predict world events and be less likely to overreact. However, Hickton drew a hard line between security-related espionage and these same activities being used for commercial theft or advantage.
Another key aspect of this indictment revolved around this indictment being the first time that the US government targeted hackers who specifically exploited private industries. Dmitri Alperovitch, the co-founder of CrowdStrike, mentioned at the time that this action signaled to private firms that the US government was willing to target hostile actors if private firms were willing to cooperate with the government. Hickton echoed these sentiments signaling how these indictments launched years of cooperation between US law enforcement agencies and private firms when looking to target and hold malicious actors more accountable.
The Impact.
While these five Chinese hackers were never tried and judged in the US, as they were never extradited, this indictment had significant impacts. As previously mentioned, one of the key impacts we discussed was the involved separating cyberespionage efforts related to national security and commercial advantage. With the indictment making a clear distinction between these two types of cyberespionage, Hickton discussed how this distinction had tangible political impacts. Most notably, Hickton highlighted how the indictment eventually led to President Xi Jinping coming to meet with the Obama administration in 2015 after initial tensions calmed. This meeting resulted in the two sides signing the US-China Cyber Agreement, which explicitly stated that both nations would not engage in any use of cyber-enabled intellectual property theft and that both would work together to establish the appropriate norms for engaging in cyberspace. Hickton discussed how this agreement made direct callbacks to his indictment as a starting point for the conversation and how not only did it bring the two nations together but also fulfilled President Obama’s promise of protecting intellectual property within the US.
Another key impact that Hickton discussed was the importance of the US government filing this indictment through an office outside of Washington. During the interview and as previously mentioned, before this indictment, there was a notable amount of distrust between private businesses and law enforcement agencies residing in Washington, D.C. Due to this unsolvable paradigm, Hickton emphasized how critical it was for local US attorney offices to drive this cooperation rather than leading the effort from Washington. Throughout this interview, Hickton discussed how he went to great lengths to work with these private firms to convince them that cooperating with his team would not make them a target for re-victimization or put their company or people at risk. If this effort was driven from D.C., none of these private firms would likely have cooperated with the government to file this indictment. By working from local offices, Hickton was able to engage with and better understand each victim, their situations, and their concerns as he discussed how he spent well over 1,000 hours talking with them before the indictment was filed. This initial level of cooperation was instrumental for future cases as it not only set the standard for how these matters needed to be handled but also changed how private firms approached and worked with government officials when handling cyber incidents.
After this initial indictment, the way that the federal government approached handling hostile cyber threat actors changed dramatically. While these impacts seem sensible by modern standards, it is worth noting that, at the time, this indictment was a critical development that has greatly impacted how the US engages with cyber threat actors and protects intellectual property. Hickton himself highlighted how at the start of this process, a small amount of support was devoted to these efforts. However, while these efforts started small, after the indictment, this support snowballed as more FBI teams were added to handle different areas of the world and more lawyers and resources could be devoted to handling these complex and sensitive cases. Through this effort, Hickton and his team were able to redefine how international law enforcement approached cyber activities and hostile actions.