At a glance.
- US House version of 2021 NDAA includes amendment banning TikTok from US Government devices.
- US indicts two Chinese nationals on eleven cybercrime counts.
- US tells China to close Houston consulate.
House version of the 2021 NDAA bans TikTok from US Government devices.
POLITICO reports that the House version of the National Defense Authorization Act contains a provision introduced by Representative Ken Buck (Republican of Colorado’s 4th District) that would ban TikTok from US Federal Government systems: "no employee of the United States, officer of the United States, Member of Congress, congressional employee, or officer or employee of a government corporation may download or use TikTok or any successor application developed by ByteDance or any entity owned by ByteDance on any device issued by the United States or a government corporation."
The Next Web discusses rumors that ByteDance might sell the social platform to a group of US investors in a move to sidestep security concerns.
Naming individuals behind the keyboard and shaming their government.
The US Attorney for the Eastern District of Washington has secured an indictment against two Chinese nationals, Li Xiaoyu and Dong Jiazh, on eleven counts of hacking computer networks to obtain intellectual property. They are said to have cast a wide net, working against targets in eleven countries and at least twelve economic sectors. Each man faces one count of conspiracy to commit computer fraud, (maximum sentence of five years in prison), one count of conspiracy to commit theft of trade secrets (a maximum sentence of ten years in prison), one count of conspiracy to commit wire fraud (20 years’ max), one count of unauthorized access of a computer (a maximum sentence of five years), and seven counts of aggravated identity theft (a mandatory two non-consecutive years for each count). The investigation of the pair began when an intrusion into Department of Energy networks in Hanford, Washington, was detected, and it moved on from there. Since both men are in China and unlikely to ever fall into American law enforcement hands, the indictment's imposition of costs falls into the category of naming and shaming.
The FBI said the two “worked with the Guangdong State Security Department (GSSD) of the Ministry of State Security (MSS) while also targeting victims worldwide for personal profit.” Chinese nationals have been indicted by the US before in connection with espionage, but those were officers of the People's Liberation Army, whereas Messrs. Li and Dong are said to be criminals working under contract. The indictment is therefore interesting in that it appears to represent the first case in which Chinese hackers have been indicted for both state-directed espionage and ordinary self-interested cybercrime. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 research,” Assistant Attorney General for National Security John C. Demers said in the Department of Justice press release that announced the charges.
Observers see a difference in national styles between Russian and Chinese employment of cybercriminals. The Washington Post spoke with experts who tended to see the Russians as winking at cybercrime as long as the gangs keep their hands off the wrong targets, that is, the domestic and the connected ones, and as long as they’re willing to do the official security and intelligence organs favors when asked. The Chinese treat the criminals more like contractors, and are content to let them profit on the side. In this case, while they allegedly stole trade secrets, spied on dissidents abroad, and assisted with influence operations, they also had a nice side hustle raiding Bitcoin wallets.
The Justice Department thanked its international partners and the work the FBI’s Legal Attaches did to coordinate the investigation with them. There was some international applause for the indictment, Yahoo notes, with Australian agencies (including the Australian Signals Directorate) in particular welcoming efforts to hold bad actors to account. The theft of intellectual property has been going on for some time. FireEye's Mandiant unit told TechCrunch it had been tracking them since 2013.
US tells China to close its Houston consulate.
The Wall Street Journal says the US State Department also ordered China's Houston consulate closed for its connection to espionage and influence operations. Why the Houston consulate in particular was singled out the State Department hasn’t said. “The United States will not tolerate the PRC’s violations of our sovereignty and intimidation of our people, just as we have not tolerated the PRC’s unfair trade practices, theft of American jobs and other egregious behavior,” was the extent of the clarification State Department spokeswoman Morgan Ortagus offered.
The Chinese Foreign Ministry reacted in a foreseeably negative fashion. “This is a political provocation unilaterally launched by the U.S.,” spokesman Wang Wenbin said yesterday. “China urges the U.S. to immediately rescind its erroneous decision, otherwise China will undertake legitimate and necessary responses.” The Houston consulate burned its papers last night, Click2Houston reports.