Just days after Washington issued indictments against military officials in China on hacking charges, news has emerged that the US government is considering restricting visas for Chinese nationals wishing to attend a set of hacker conferences this summer.
A senior official in the Obama administration reportedly said on Saturday that Washington was considering implementing the visa restrictions to keep the Chinese hackers out of the Black Hat and Def Con meetings in Las Vegas this August, Reuters reported.
The official said this move would keep pressure on China in the way of cybersecurity.
The State Department did not immediately respond to a request for comment.
The move comes on the heels of a renewed effort by the US government to crackdown on Chinese cyber espionage.
On May 19, the Department of Justice issued criminal indictments for five Chinese military officials suspected of hacking into US corporations for information. More indictments are expected in the coming weeks.
The visa restriction information came as a surprise to Jeff Moss, the founder of both Black Hat and Def Con.
In response to the news on Saturday morning, Moss tweeted: “First I have heard of it, boarding flight to D.C. now. I don't think it helps build positive community. More later.”
On Tuesday, he added “Most years Chinese & Russians have very hard time getting visas for BH / DC. This would pretty much stop submissions,” — referring to pre-selected presentations made by attendees at the conference each year.
“It could have a larger kind of chilling effect if you’re a Chinese hacker worried about being arrested in the US when you wouldn’t be in China,” Adam Segal, a Chinese cybersecurity expert at the Council on Foreign Relations, told VICE News.
According to an official statement from Black Hat, the conference has not been contacted by the State Department or any other government agency.
“Black Hat strongly believes in engaging with and fostering collaboration among the international information security community. With the constantly changing security landscape, it is imperative that we bring together the best minds in the industry from all over the world to help identify and mitigate today's threats,” the organization said in the statement.
Robert Hansen, a Black Hat board member and the Vice President of WhiteHat Labs, told VICE News that having Chinese nationals at the event is important for the industry and their research.
“Without them, it would be catastrophic for our industry, if we don’t have cross pollination of information and expertise,” he said. “It's important for our community and research to have their ideas in the gene pool.”
Hansen sees the move as another form of sanctions, but he says it won't work in the way the government wants it too because research will still continue on back channels. The conference is broadcast on the web and they sell DVDs of the presentations — something which the Chinese government could easily purchase.
Instead, researchers and conference attendees will miss out on important ‘hallway conversations’ that give cultural insight into hacking communities around the world.
“It’s very important geopolitically, it's important psychologically to understand who your adversary is,” Hansen said. “If we don’t talk to the guy on the other side of the keyboard, then it’s all speculative.”
Black Hat conferences bring together people from more than 40 countries including Taiwan, India and the Netherlands.
By interacting in person with hackers from other countries, Hansen says he learns about tactical differences — especially valuable when it comes to cyber criminals. He highlights past conversations at conferences where he has learned about Chinese technology and government policies directly from the attendees.
While the visa restrictions may have an impact on Black Hat and the cybersecurity community, experts agree they likely won’t have an effect on China.
“It’s symbolic more than it is effective,” Mark Rasch, a former cybersecurity prosecutor, told VICE News. “Is it going to stop China from participating in economic espionage? No. Is it going to isolate some of their researchers? A little bit.”
According to Rasch this move is pretty typical of US foreign policy, taking a "tit-for-tat" type of approach to push China on the cyber security issue — falling in line with this month's cyber espionage crackdown. He said that the government is now in a period where they will wait to see how China reacts.
But it seems like China is already reacting to the crackdown. In the wake of the government indictments, China has pushed for local banks to remove IBM servers. The government has also ordered state owned companies to stop working with US consultancy companies.
With these larger issues at play in the cyber security battle between the US and China, Hansen said targeting Black Hat seems like a pretty small target in the grand scheme of things.
“It's not going to change whether or not [the Chinese] get the information” he said. “They're spending energy in the wrong place, is what it comes down to. It seems like a huge waste of time.”
Photo via Flickr