The Rise of Cyber-Security Blackwaters

Recently, the Department of Justice launched its first criminal cyber espionage case against alleged Chinese hackers. The case depends on new cyber-security start-ups – the successors of Blackwater.

On Monday May 19, 2014, the Department of Justice (DoJ) filed criminal charges against five hackers in the Chinese military, accusing them of stealing American trade secrets through cyber-espionage.

“This represents the first-ever charges against a state actor for this type of hacking,” concluded US Attorney General Eric Holder.

“Enough is enough,” he said.

Weak facts, flawed approach

According to the DoJ, the suspects targeted companies such as Alcoa Inc., Allegheny Technologies Inc., United States Steel Corp., Toshiba Corp. unit, Westinghouse Electric Co., the U.S. subsidiaries of SolarWorld AG, and a steel workers’ union. Each suspect was hit with 31 criminal counts for an 8-year long conspiracy.

U.S. laws do prohibit economic espionage, but it is not banned by international laws. And while government officials argued that the estimated losses were “significant,” the targeted companies said that “no material information was compromised” during intrusions that “occurred several years ago.”

Historically, economic espionage has had its role in the U.S. economic development, from Alexander Hamilton, who valued profitable trade secrets, to CIA director Stansfield Turner, who in the early 1980s lauded the benefits of economic espionage, and to the National Security Agency (NSA), which has taken mass-spying to a global level.

Surprisingly, the government case focuses on somewhat marginal cases of cyber theft. For instance, through its joint venture, Westinghouse had agreed to transfer the relevant technology of its advanced nuclear reactors in 2010.

The alleged hackers are unlikely to be brought to justice in America, which may be for the better. After all, given the extraordinary magnitude of the NSA operations, any adversarial government or ambitious prosecutor could allow for the indictment of U.S. security officials under the same doctrine.

In view of the empirical facts of the case, the administration’s promise to go after all perpetrators of economic espionage, unless it is mainly rhetorical, could be a strategic boomerang. U.S. intelligence agencies claim that some 12-16 countries routinely steal American technology, including allies such as Israel and France. If the White House were loyal to its stated goal, it would further antagonize its enemies, alienate its allies, and leave U.S. officials vulnerable to dozens of courts worldwide.

The common denominator                                      

The DoJ’s case goes back to fall 2012 when the New York Times found itself attacked by “hackers in China,” as it reported on January 30, 2013. The threats were detected by a cyber security firm called Mandiant, which the Times had hired.

Barely two weeks later, the Times released another cover story in which the PLA Unit 61398 was “tied to hacking against U.S.” The exclusive piece relied on an “unusually detailed 60-page study” by Mandiant. Other U.S. security firms that had tracked the PLA unit believed it was state-sponsored, which was the conclusion of the classified National Intelligence Estimate, a consensus document for all US intelligence agencies.

In July 2014, only weeks after the DoJ press conference, U.S. media reported a second PLA unit implicated in cyber-spying. According to CrowdStrike, a U.S. cyber security company, the targets comprised networks of European, American and Japanese government entities, military contractors, and research companies in the space and satellite industry. The NSA and its partners identified the hackers as Unit 61486.

These allegations share a common denominator. In each case, the attacks were said to have begun some seven to eight years ago with U.S. cyber security startups playing a vital role in investigations. Executives who used to work for or with the nation’s major law enforcement, defense, security, or counterintelligence organizations head these enterprises. The latter also serve as sources of data against which there is the ability to validate the attacks and their origins.

In a way, it is reminiscent of the controversial private security organization Blackwater, which received more than $1 billion worth of contracts with the federal government in the Bush era and was re-hired for more than $250 million in State Department and CIA contracts during the Obama administration.

Today, the old-style Blackwater organizations occasionally play a strategic role, but the future belongs to the agile, cyber Blackwaters of today.

Digital contractors                                                    

In July 2011, Michael Hayden, head of the NSA and CIA under President George W. Bush, stated that, in the near future, the Department of Defense may have to allow the creation of a “digital Blackwater” to deal with growing cyber threats. “These are the kinds of things that are going to be put into play here very, very soon,” he said.

A year or so later, just as Hayden predicted, Mandiant, Crowdstrike, a slate of other cyber security companies, the NSA, and its other partners were in play.

A decade ago in Iraq, Blackwater was one of over 60 private security firms employed by the U.S. government. Its founder was a former CIA officer; its Vice Chairman served as director of the CIA’s Counterterrorist Center; and its Vice President of Intelligence used to head the CIA’s Near East Division. Today, the affiliations of Mandiant, CrowdStrike and other cyber security firms are not that different.

Kevin Mandia is the founder of Mandiant. He has served as an officer in the United States Air force, a computer security officer at the Pentagon, and the Air Force’s Office of Special Investigations (OSI). Subsequently, he worked briefly for security firms that were acquired by Lockheed Martin and McAfee, respectively.

Before Mandiant rose to prominence with the report implicating Chinese hackers, its 2012 revenues were over $100 million, up 76% from 2011. After its report on Chinese cyber espionage, revenues soared. It was then acquired in December 2013 for $1 billion by FireEye, a relatively large global cyber security firm.

In turn, Shawn Henry, the former head of the FBI’s cyber crimes division, leads CrowdStrike. It was founded by George Kurtz, a former Chief Technology Officer at McAfee, in February 2012, with fellow alum Dmitri Alperovitch, who disclosed the state-sponsored cyber penetrations of more than 70 government agencies, companies, and institutions; retired Air Force colonel Mike Convertino, former commanding officer of a top U.S. information-warfare unit; and former FBI legal specialist Steven Chabinsky.

CrowdStrike seeks to disrupt criminal groups and state-sponsored hackers by misleading them or by publicly identifying the offending individuals and the companies that provide them with hosting and other services. With its more aggressive approach, it has stumbled into the debate of how far companies should go down the road of cyber vigilantism.

Moral hazards                      

Historically, even the U.S.-Chinese cyber friction is only the latest part in the post-9/11 federal and corporate spending boom, which resulted in a $67 billion global computer security market in 2013.  Research firm Gartner expects the spending to soar to $86 billion by 2016.

Like any Silicon Valley startup, the contemporary cyber Blackwaters are “born global.” Unlike their precursors, they thrive in emerging complexity. However, they remain subject to the same moral hazards as their old-style security contractor counterparts, which were more likely to take excessive risks because the ensuing costs would be borne by the government rather than the mercenaries.

The old Blackwaters mainly had an impact on their targeted location. In contrast, the cyber Blackwaters potentially have a global scope.

This makes them highly valuable to U.S. government agencies and corporations – and to those major nations that are already spurring their own cyber clones that Washington may have to face tomorrow.

Our worsening cybersecurity challenges will not be resolved by unilaterally charging criminals. They require truly global multipolar cooperation.

The original version was published by China-US Focus on June 17, 2014