By Siobhan Gorman, Devlin Barrett and James T. Areddy
The U.S. plans to "keep up the pressure" on China as it gauges
that nation's response to this week's indictment of five Chinese
military officials for allegedly hacking into American corporate
computers, a senior administration official said Friday.
If China doesn't begin to acknowledge and curb its corporate
cyberespionage, the U.S. plans to start selecting from a range of
retaliatory options, other officials said.
They include releasing additional evidence about how the hackers
allegedly conducted their operations, and imposing visa, business
and financial restrictions on those indicted or people or
organizations associated with them.
Beyond that, some officials are advocating more stealthy moves.
These could include the government working with a U.S. company that
has been breached to feed hackers bad data, said one person
familiar with the discussions.
U.S. Attorney General Eric Holder announced the charges Monday,
alleging the five men hacked into five U.S. companies, including
Alcoa Inc. and U.S. Steel Corp., as well as the United Steelworkers
union, to take sensitive information. U.S. officials said they
expected the Chinese would strike back.
But so far, China's response has been fairly restrained: denying
the accusations, canceling the nation's participation in
cybersecurity talks and signaling that U.S. technology companies
may face greater scrutiny in trying to do business in China.
A senior administration official said the Chinese response is as
expected, and the U.S. will tie any retaliation to Beijing's
longer-term reaction.
"It has to be calibrated some to what the Chinese government
chooses to do," the senior administration official said. "This is a
long-term process."
U.S. officials expect it will take a few more weeks to discern
the true Chinese response.
"If the Chinese don't re-engage, they [U.S. officials] have more
things in their bag of tricks," said James Lewis, a cybersecurity
specialist at the Center for Strategic and International Studies
who frequently consults with the Obama administration.
Chinese officials in Washington didn't immediately respond to a
request for comment.
The indictment in federal court in Pittsburgh is part of a much
broader strategy to counter a growing cyber assault against the
U.S. government and companies, which intelligence officials have
said tops their list of national security threats.
The indictment seems to be in direct response to a challenge
Chinese officials issued more than a year ago, when U.S. officials
launched a public shaming campaign to try to press China to stop
hacking U.S. companies. Chinese officials called on the Americans
to put forward the kind of evidence that would hold up in
court.
Monday's indictment, in effect, is aimed at providing a
foundation on which the U.S. government could build an array of
punishments. It sets out evidence in detail--naming alleged actors
and affected U.S. companies and organizations--that could be used
to support additional penalties.
"Criminal charges can justify economic sanctions from our
colleagues in the Treasury Department, sanctions that prevent
criminals from engaging in financial transactions with U.S.
entities and deny access to the U.S. financial system," said John
Carlin, the head of the Justice Department's national security
division, in a speech Wednesday at the Brookings Institution think
tank. "They can facilitate diplomacy by the State Department."
On the prosecutorial side, follow-on steps may include releasing
more evidence about the hacking cases, or filing new charges in
other hacking cases in which investigators have collected a
critical mass of evidence, officials say.
Officials were mum on the nature of the additional evidence. But
a person familiar with U.S. probes into Chinese hacking said
investigators often collect video evidence of hackers.
"Some of these actors are not real good about turning off the
Skype camera on their machines while they are working," this person
said.
A more controversial response advocated by some Federal Bureau
of Investigation officials is to work with companies under cyber
siege to feed bad information to hackers, said a person familiar
with the discussions. The goal would be to cast doubt on the
quality of the data being stolen, and in addition raise questions
about information taken from other companies.
If executed as a counter-spying campaign, advocates of the
approach say it would force Chinese officials to spend much time
trying to separate bad information from good and lead them to
centralize their diffuse operations, which could slow the pace of
their cyberspying.
The idea is "getting a lot of traction, both on the commercial
and government sides," said the person familiar with the
discussions. "The dilemma has always been finding companies willing
to cooperate."
Another option government officials are considering is putting
individuals or organizations linked to hacking, such as Chinese
universities or government contractors, on Department of Commerce
lists of "parties of concern." People or entities on the lists are
essentially red-flagged by the U.S. government and can't trade with
Americans or conduct financial transactions in the U.S. The move
also could bar faculty or graduate students at listed universities
from fellowships or conferences in the U.S.
In the past, it has been difficult to use the lists in hacking
cases, because evidence pointing to specific responsible entities
was limited. Monday's cases now provide that kind of evidence.
Government officials are also weighing actions at the Treasury
Department, such freezing assets or imposing individual sanctions,
according to two people familiar with the discussions.
Those penalties could take a form similar to those levied
against Russian business people in the wake of Russia's annexation
of Crimea.
Officials in additional are assessing whether and how they might
impose visa restrictions to prevent Chinese hackers from attending
popular hacker conferences in the U.S., such as the annual Defcon
conference in Las Vegas.
Another option under consideration is whether to take action at
the World Trade Organization.
Monday's indictment focuses on trade-secret theft, and some U.S.
officials believe they can make the case that Chinese hacking
represents intellectual-property theft in violation of the WTO's
trade-related aspects of intellectual-property rights.
U.S. officials also are looking to allies to both endorse the
U.S. cases outlined Monday and take action of their own.
Investigations "can lead other governments to take action, even
when the United States doesn't end up doing so," Mr. Carlin
noted.
Write to Siobhan Gorman at siobhan.gorman@wsj.com, Devlin
Barrett at devlin.barrett@wsj.com and James T. Areddy at
james.areddy@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires