US considers denying visas to Chinese hackers to attend conferences

General Keith Alexander, director of the National Security Agency, speaks at the Black Hat USA 2013 hacker convention in Las Vegas. Photograph: Steve Marcus/Reuters

US officials are considering using visa restrictions to prevent Chinese hackers from attending popular summer hacker conferences in Las Vegas, as part of a broad effort to curb Chinese cyber espionage, a senior administration official said on Saturday.

The official said the US government could use such visa restrictions and other measures to keep Chinese nationals from attending the Def Con and Black Hat conferences in August, to help maintain pressure on China after the US this week charged five Chinese military officers with hacking into US nuclear, metal and solar companies to steal trade secrets.

China has denied the charges, saying the US grand jury indictment was 'made up' and would damage trust between the two nations.

Organisers of the two conferences said they knew nothing about the efforts under consideration by Washington, but that they believed limiting participation from China was a bad idea.

Jeff Moss, founder of both the Def Con and Black Hat conferences, posted his thoughts on Twitter late on Saturday morning: 'First I have heard of it, boarding flight to DC now. I don't think it helps build positive community. More later.'

Chris Wysopal, a member of the Black Hat board that reviews presentations, said restricting access to that conference would have little impact because all talks are videotaped and sold.

'It seems symbolic to me,' said Wysopal, who is chief technology officer of the software security firm Veracode.

Black Hat's website lists several speakers who may be Chinese nationals. An employee of the Chinese security software maker Qihoo 360 is due to present a technical talk on vulnerabilities in font scalers. Two researchers with the Chinese University of Hong Kong are scheduled to talk about a new approach for hacking social networks.

Def Con does not have any Chinese nationals on its speaker roster this year. It would be tough to prevent them from attending because the privacy-conscious organisers only accept cash, do not ask for IDs, and badges have no names on them.

US agencies are weighing a range of options if China does not acknowledge and curb its corporate cyber espionage, said the official, who was not authorised to speak publicly.

'We've tried to have a constructive dialogue. The State Department and the Defence Department have travelled to China to share evidence of hacking by the [People's Liberation Army], but those types of interchanges have not sparked a lot of progress or reciprocity,' said the official.

Monday's indictment was the first criminal hacking charge that the US has filed against specific foreign officials, and follows a steady increase in public criticism and private confrontation, including at a summit last year between President Barack Obama and Chinese President Xi Jinping.

Dmitri Alperovitch, chief technology officer of Crowdstrike, a cybersecurity firm, welcomed the tougher stance, and said the next step was to go after the Chinese companies that received the stolen corporate data.

The US indictments did not name the firms involved, but Crowdstrike had identified them as the State Nuclear Power Technology, Baosteel and Aluminum Corp of China, he said.

He said banning Chinese nationals from the conferences could be counterproductive because it would eliminate the possibility of arresting known hackers, or recruiting them for US work.

Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc, United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the US subsidiary of SolarWorld AG, and a steel workers' union.

The Wall Street Journal reported late on Friday that US options could include releasing additional evidence about how the hackers conducted their alleged operations, and imposing other business and financial restrictions on those indicted or people or organisations associated with them.

Some FBI officials also advocated working with companies facing cyber attacks to feed bad data to hackers, which could complicate and slow Chinese espionage efforts, the Journal said.

The Def Con hacking convention, which every year draws more than 15,000 hackers, researchers, corporate security experts and others to Las Vegas, last year asked US officials to stay away after the former contractor Edward Snowden revealed details of extensive surveillance by the National Security Agency.

Black Hat runs from 6 to 7 August and Def Con from 7 to 10 August.

Ten to 12 Chinese citizens were unexpectedly denied visas last week to attend a space and cyber conference hosted by the Space Foundation in Colorado this week, the organisers said.

Speakers at the conference included James Clapper, the director of US national intelligence, and other high-ranking intelligence agencies and military officials.

The State Department spokeswoman, Jen Psaki, said visa applications were confidential, but cautioned against drawing a connection between the visa denials and the indictments.