Dmitri Alperovitch is a computer security industry executive, and a co-founder and CTO of cybersecurity company CrowdStrike, a provider of endpoint protection and threat intelligence. He spoke with CJFE about Chinese cyber espionage and the dangers of mass surveillance.
This statement was originally published on cjfe.org on 11 February 2016.
By Rignam Wangkhang
Dmitri Alperovitch is a computer security industry executive, and a co-founder and CTO of cybersecurity company CrowdStrike, a provider of endpoint protection and threat intelligence. He was named one of MIT Technology Review’s “Young Innovators under 35” and Foreign Policy Magazine’s Leading Global Thinkers for 2013. In 2011 he named and reported on Operation Shady RAT, one of the most important cyber-espionage campaigns, attacking at least 72 governments, organizations and corporations worldwide and suspected to be orchestrated by the People’s Republic of China. Alperovitch spoke with CJFE about Chinese cyber espionage and the dangers of mass surveillance.
What does CrowdStrike do?
CrowdStrike helps protect countries against [digital] intrusions, but also on a pro-bono basis works very closely with activist and dissident groups around the world to help them with their [digital] security, because oftentimes they’re on the frontlines facing nation-state attacks. Nation-states are intruding into their email systems and computers, and these countries are using that information to selectively target them. We work a lot with these groups in Iran, North Korea, China and other areas.
Why does cybersecurity matter for activists?
Regimes are aggressively prosecuting anyone they believe is threatening the governing structure of the country. These [activist] groups will certainly be a target of espionage and surveillance campaigns. They need to be aware that [these campaigns] open the door to all of your electronic communications. If your phone is compromised, they can track your location, who you’re talking to, retrieve your text messages and your contacts. On your computer they can read your emails, what you’re planning to do, where you plan to travel. That information is being used to infiltrate dissident movements and to try to derail their activities.
What is the situation in China regarding surveillance and cyber hacking?
China is one of the most aggressive countries engaging in cyber espionage and mass surveillance. They target almost anyone that has a tangential connection to China. Dissident groups, Tibetans, Falun Gong activists, protesters in Hong Kong and student democratic movements are all routinely targeted – whether they are in or outside of the country.
Beyond that, the Chinese are very aggressively targeting regions. Vietnam, Malaysia, Philippines, Korea or Japan – all of these countries are getting blanketed by intrusion activities from Chinese spies, often military intelligence agencies. And, of course, the West in particular has a big bullseye on its back from China, and they are doing a variety of things: stealing national security secrets, stealing intellectual property, targeting anyone making connections to dissidents and activists inside mainland China or Hong Kong.
What are the most common forms of attacks used by the Chinese?
The most typical one is spear phishing campaigns. Essentially you get an email that seems to come from a friend of yours, something that you’re very likely to open and looks very legitimate – it may refer to recent events or a meeting you recently had. That email may contain a link to a website or an attachment that it is trying to get you to open. If you click on that link or attachment your computer will be compromised, surreptitiously and completely unbeknownst to you; spies will connect into your computer and will be able to fully take it over. They can activate the web camera to look at you and activate the microphone to listen in on the conversations that you’re having. In your computer they can take any file, read any of your communications and log into all of your accounts.
Another common way is what’s known as strategic web compromise. A popular website, blog or news service will get compromised and malicious code will be injected, which enables it to affect anyone that visits that site. For example, you may visit the site of the Dalai Lama and the Chinese are able to compromise that site and infect it. They can use that as a jump-off point to infect any visitors to that site and cast a huge net that captures quite a few victims in an area that they would be interested in.
What insights can you share regarding Chinese cyber-espionage operations like Aurora and Shady RAT?
One of the things that struck me early on, particularly in the Operation Aurora investigation – which was the intrusion into Google – was the absolute gall of the Chinese to go after an American company, to infiltrate their networks and do so in order to target dissidents and activists who may be using their services to communicate with people in China. That to me seemed an outrageous violation of US sovereignty, and certainly a violation of human rights.
Looking deeper at the problem, I started to realize the full scope of the activity. I was one of the first people in the West to understand [that] what the Chinese were doing was not a one-off surveillance operation; it was really a campaign against Western companies, government agencies and individuals to further the national and economic security interests of the Chinese government. This resulted in the Shady RAT and Night Dragon investigations, which highlighted the full scope of these activities. There has been an unbelievable amount of organizations that have been targeted by the Chinese.
How can we bring this issue to the forefront for those at risk?
It’s becoming a national conversation, in the sense that companies are becoming more aware. We do need more education with individuals, particularly activists, because so many of them are not technically proficient. They are thinking just of their cause or their movement, and those individuals need to be aware that they will be targeted. National intelligence services of these countries go after [companies and individuals], and we need to highlight real cases where it’s happened, such as Operation Aurora and the Dalai Lama intrusions prior to that. It’s happening on a daily basis in countries around the world. We’ve seen it in Africa, Russia and many other places, so if you’re working in one of those regimes, or trying to promote democracy in those countries, you are at great risk.
What are your thoughts on the recent U.S.-China agreement to not support or conduct cyber-theft of the other country’s intellectual property?
It is a positive step that was taken by both countries. [However], CrowdStrike put forth our report in October that shows despite the agreement we have continued to see ongoing intrusions from China into corporate America. It’s a positive step but we need to verify attitudes with China, and so far it doesn’t seem to have impacted their actions. Therefore we need to be strong in confronting them with evidence of their activities and holding them to account.
What effects on surveillance might we see from China’s new anti-terrorism legislation?
It remains to be seen. We have seen the Chinese be very aggressive, certainly in Tibet, and [they] have taken a very broad definition of terrorism. It’s very disturbing that individuals who are engaging in peaceful actions trying to lobby for their autonomy, democratic and human rights may get labeled as terrorists by the Chinese government. While the Chinese do have a real case to make with terrorist acts, and they should engage in various actions to identify individuals who are trying to harm the public, it needs to be done judiciously.
How do we balance fighting terrorism while keeping our digital privacy rights?
It’s a very challenging problem. We will always have to evaluate the pros and cons of each individual decision, and as a country and community decide where that appropriate balance is.
We do want to be safe; we do not want to be dying on the streets like in the terrible events in Paris and in other countries. But at the same time we do need a way to ensure the privacy and security of communications from authoritarian regimes, from cyber criminals. We need to work hard to find that balance.
What should the public know about this issue?
This is a global issue. Everyone can be a target. I still see a lot of complacency when I talk to people and companies that think that it won’t affect them. That’s only true until it’s not. If you’re engaged in any type of activity with undemocratic regimes that they may take offense to, you’re at risk. Not just of surveillance and espionage, but also at risk of destructive actions, such as [when] Sony was hacked by North Korea, [releasing confidential data including employees’ personal information].
Rignam Wangkhang is CJFE’s Campaigns and Advocacy Officer. Follow Rignam on Twitter.