From The Wall Street Journal:
When the Justice Department in October indicted in absentia 10 Chinese intelligence officers for hacking into the computer systems of aerospace contractors in America and elsewhere, it was easy to forget the novelty of the move. A few weeks earlier the department had charged, also in absentia, seven Russian intelligence officers for similar attacks on U.S. and international antidoping agencies, among other targets. And in July, special counsel Robert Mueller’s office had announced the indictment of 12 Russians in connection with the 2016 presidential-election hacks.
The past few years have seen a slew of high-profile indictments and public rebukes of nation-state hackers living overseas, where they are in little danger of being apprehended. But the tactic, known as naming and shaming, was first used a mere four years ago. John Carlin, the assistant attorney general and head of the Justice Department’s National Security Division at the time, pushed to adopt the approach, arguing that it could help bring errant governments to heel. In “Dawn of the Code War: America’s Battle Against Russia, China, and the Rising Global Cyber Threat,” which he co-authored with the journalist Garrett Graff, Mr. Carlin explains how the FBI came to splash the hackers’ mugs across its famed “Wanted” posters.
. . . .
As hacking evolved from a fringe pursuit of prankish teenagers to a weapon employed by nation-states, the Justice Department struggled to keep up. Preserving data after a breach, in those days, simply meant seizing the machines of victim companies, crippling their operations in the process. (Today, digital-forensics specialists create copies of the compromised drives and devices, leaving the originals intact.) In 1995, when Kevin Mitnick was arrested after three years on the run for hacking into the computer systems of several major companies, private-sector researchers, not the FBI, tracked him down.
. . . .
In Mr. Carlin’s account, the Justice Department’s efforts to name and shame started in 2012 with the creation of a special unit informally called the Threat Cell. Working at first out of a storage closet in the FBI’s office in Manassas, Va., the team amassed evidence on a group of People’s Liberation Army (PLA) hackers known as Unit 61398. Over the course of several months, the Threat Cell labored to match online actors with their actual names, establishing, for example, that the hacker who went by the moniker UglyGorilla was actually a pudgy-faced man named Wang Dong. The Threat Cell’s work culminated in the 2014 indictment of five officers from Unit 61398. Although none of the hackers were ever apprehended, Mr. Carlin maintains that the indictment was a success. “With its hacking made public,” he writes, “China cut back on its economic-focused espionage.” In September 2015, Chinese leader Xi Jinping met with President Obama and agreed in writing to refrain from commercial hacking.
. . . .
[S]ome have suggested that publishing the details of the hackers’ actions, even without revealing FBI sources and methods, can teach hackers how to better hide their tracks. Information in the indictments may also provide a playbook for others to disguise their own attacks by adopting the markers of past Chinese or Russian hacks.
Link to the rest at The Wall Street Journal
Because stealing national secrets and Russians buying Facebook ads to get Clinton elected are even remotely the same thing.
Just finished that book this week. It’s a good view from inside the FBI and Justice on this issue.