To discourage state-sponsored hacking, the US has resorted to publicly indicting the suspected culprits, and making them wanted fugitives the FBI is out to arrest. But is the deterrent actually working?
At RSA, US officials say they’re finding promise in the naming-and-shaming approach, even as the suspected hackers themselves are often based in China, Iran, North Korea and Russia. At the very least, the strategy is taking away something hackers have long prized: their anonymity.
“Nations and the individuals working on their behalf can no longer assume that they can operate with anonymity. We have the ability to pierce that,” Steven Kelly, the FBI’s chief of cyber policy, said during an RSA panel.
Indeed, earlier this month federal officials blamed four Chinese military officers for the 2017 Equifax hack, and placed their names and photos on a wanted posted. The FBI did the same to the alleged North Korean hacker behind the WannaCry ransomware outbreak, Park Jin Hyok. In some cases, the indictments have also been followed-up with economic sanctions from the US Treasury Department to further punish the suspects.
Whether the naming-and-shaming is actually deterring foreign governments from engaging in computer hacking remains to be seen. However, Kelly suspects the US’s strategy is forcing the hackers themselves to reconsider their careers as state-sponsored spies.
“Where do I want to work? Do I want to work for an organization where I’ll get caught and named, and the next thing I know I can’t travel to Europe on vacation because I might get arrested?” Kelly said. “Maybe they don’t want to be working for an organization that’s going to be causing them personal reputational harm.”
US deputy assistant attorney general Adam Hickey, who was also on the panel, agreed. “The short is answer is yes, it has an impact,” he told PCMag after the panel. “They (the hackers) are influenced when they see their colleagues are indicted, and will wonder ‘Is the US going to go after me?’”
The indictments also build a public record, which can be shared with other US allies and foreign governments so that the international community can collectively take action as well, he added.
The US has been adopting the naming-and-shaming approach as the country has struggled for years to stop and deter state-sponsored hacking. The big dilemma has been figuring out the right punishment when it can be challenging to identify who is exactly behind the cyber attack. It’s why the FBI has made accurately attributing hacking crimes a priority. “We need to be better and faster at identifying who did it,” Kelly said. “And we need to be in a better position to impose consequences more rapidly.”
The naming-and-shaming is just a first step. The larger goal is to recruit US allies to join in on the condemnation, which could put more pressure on the affected foreign governments to stop with the state-sponsored hacking activities.
“Whether we’ve actually changed their calculus yet, right now, I don’t know,” Kelly said. “But the activities that we’re doing, I think if we keep on this path, we will have an effect.”
The indictment approach appears to have deterred at least one group, which was behind the SamSam ransomware strain, from conducting more attacks. In Nov. 2018, the US publicly charged two Iranians with developing the ransomware.
"The SamSam activity from Iran came almost immediately at halt once these charges were unsealed," said Justice Department senior counsel William Hall during an RSA talk earlier this week. However, the two suspects remain at large.
Further Reading
- Is AI-Enabled Voice Cloning the Next Big Security Scam?
- Feds to US Firms: Watch Out for Employees Trying to Steal Trade Secrets for China
- Nest Cameras Stopped Working for 16 Hours
- How Google Is Stopping Malicious Office Docs From Targeting Gmail Users
- More in Security
Security Reviews
- NordLocker
- Private Internet Access VPN (for macOS)
- NordPass Premium
- Qustodio
- Virtru Email Protection for Gmail