This is the web version of Data Sheet, a daily newsletter on the business of tech. Sign up to get it delivered free to your inbox.
The U.S. Justice Department dropped an indictment Tuesday on two Chinese nationals, charging them with hacking hundreds of companies, governments, non-profits, political dissidents and human rights activists around the world.
The two defendants, 34-year-old Li Xiaoyu and 33-year-old Dong Jiazhi, are alleged to have stolen terabytes of data, including trade secrets and intellectual property, from individuals and organizations across the U.S., Europe, and Asia. In recent months, the pair allegedly targeted firms engaged in COVID-19 vaccine-related research as well as pro-democracy demonstrators in Hong Kong.
In addition to spying on behalf of the Chinese government, Li and Dong are accused of having conducted cybercriminal schemes for their own personal gain. In one instance, the two allegedly extorted a company by threatening to release its software unless it paid a cryptocurrency ransom.
The indictment draws a troubling trend into sharp relief: Many governments will turn a blind eye to cybercrime as long as the perpetrators target foreigners and agree, otherwise, to do the government’s bidding. “China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state,” said Assistant Attorney General for National Security John C. Demers in a statement accompanying the indictment.
Ben Read, senior manager of threat intelligence analysis at Mandiant, the forensic investigations division of cybersecurity firm FireEye, said the cybercriminal-as-spy contractor relationship has multiple benefits for countries that engage in it. The setup allows spy agencies to “access a wider array of talent, while also providing some deniability” about their activities, he said.
The practice is widespread in various, mostly authoritarian, parts of the world. Russia is known to employ the services of its criminal underground when it suits the Kremlin, despite officials’ protestations to the contrary. The hackers who breached Yahoo some years ago moonlighted for Russia’s Federal Security Service, successor to the KGB. North Korea has long blended the roles of its cybercriminal-spies.
The actions of crooks and of secret agents are getting harder to separate. As John Carlin, former U.S. Assistant Attorney General for National Security during the Obama administration, put it in an interview with 60 Minutes, covered by Axios, last year: “Increasingly, you cannot tell which is which when it comes to the criminal and the intelligence agency. So one day, the same crook may be doing something purely to make a buck. But that same crook may be directed by a trained intelligence operative using the same tools and techniques to steal information from them for the goals of the state.”
Loose affiliations with rogues help regimes achieve their ends. This is, increasingly, the realpolitik of the Internet.
Robert Hackett
Twitter: @rhhackett
Email: robert.hackett@fortune.com
THREATS
See you anon. Twitter is stepping up its crackdown on disinformation and harassment campaigns by banning thousands of accounts connected to QAnon, an absurd conspiracy theory involving President Trump, a satanic cabal of pedophiles, and the so-called Deep State. The company suspended 7,000 affiliated accounts in recent weeks, and has taken actions—eliminating follow, search, and trending recommendations—affecting another 150,000 accounts, per an NBC News report.
Must be something in the water. At least two cyberattacks targeted since-repaired Israeli water treatment plants in June, officials with the country's Water Authority said. The intrusions followed a similar, initial incident in April, which foreign intelligence officials interviewed by the Washington Post attributed to Israel's arch-adversary Iran. Meanwhile, Iran reportedly executed an alleged spy it believes helped the U.S. kill Revolutionary Guard Gen. Qassem Soleimani in a drone strike earlier this year, according to state TV.
Contact highs. Ireland and Germany are celebrating early adoption successes of their contract-tracing apps; however, it remains to be seen whether the hi-tech solutions will be effective in curbing the coronavirus pandemic's spread. Google, on the other hand, is coming under fire for requiring people to grant its Android-based contact tracing software access to people's location. A spokesperson assured critics that the technology relies on Bluetooth, not GPS data.
The Deportment of Homeland Scrutiny. The U.S. government is sticking by its decision to install tactical forces in Portland to protect federal property, despite calls to leave from the city's mayor. Employees in the Department of Homeland Security are worried the decision to deploy will destroy the agency's reputation, BuzzFeed reports. Meanwhile, the Washington Post reports that the agency's power has expanded as it authorizes personnel to collect information on protestors who threaten to damage or destroy public memorials and statues, even if those monuments are not on federal land.
From the Department of Corrections: Yesterday's Data Sheet newsletter contained an error in its comparison of Toyota and Tesla's annual sales. Toyota's global sales were 10.74 million, not 2.4 million (U.S. only). We regret the error.
Grandaddy, what did you do during the Cold War?
ACCESS GRANTED
Pervasive data collection by the global marketing industry has other uses besides advertising. A team of researchers from the Mississippi State University tracked the movement of cellphones around Russian military sites and foreign embassies using commercial GPS location data sourced from apps, like games, weather, and other services, reports the Wall Street Journal. The experiment demonstrates the potency of "open source" intelligence while raising thorny questions about privacy and national security.
In 2019, a group of Americans was observing the cellphone signals coming from military sites across Eastern Europe.
At one of the locations, the Nyonoksa Missile Test Site in northern Russia, the group identified 48 mobile devices present on Aug. 9, one day after a mysterious radiation spike there generated international headlines and widespread speculation that a Russian missile test had gone wrong.
FORTUNE RECON
Extra $600 unemployment benefit likely to expire before the next stimulus bill passes By Lance Lambert
We don’t have enough of the air filters capable of stopping the coronavirus By David Z. Morris
Slack board member and former Goldman Sachs executive launches a career development startup with her daughter By Emma Hinchliffe
What ‘Lights Out’ gets wrong about GE By Gary Sheffer
LinkedIn is the latest in a long line of companies to lay off workers during the coronavirus pandemic By Jonathan Vanian
There are now just 4 Black CEOs in the Fortune 500 as Tapestry boss resigns By Phil Wahba
ONE MORE THING
A grenade-wielding gunman held 13 people hostage on a bus in the city of Lutsk, Ukraine, for more than 12 hours on Tuesday. The man agreed to surrender only after Ukrainian President Volodymyr Zelenskiy met a bizarre demand: Post a video on Facebook that endorsed a 2005 film, Earthlings, starring Joaquin Phoenix. Afterward, Ukraine's interior minister Arsen Avakov said the movie "is good" and "you don't have to be so fucked up" to like it, according to Russia's Pravda newspaper.
You cannot make this stuff up.
