A first: U.S. indicts Chinese military officials for cyber-theft of U.S. companies’ industrial secrets
China’s massive campaign of cyber espionage has been known for years, but yesterday’s move was the first time the United States formally accused officials from China, or any other government, of involvement in cyber espionage.
The Justice Department national security chief, John Carlin, credited a years-long effort, and the willingness of companies to admit to data breaches, with “exposing the faces and the names behind the keyboards in Shanghai.”
Carlin said the men had “targeted the U.S. private sector for commercial advantage.”
“We allege that members of unit 61398 conspired to hack into computers of six U.S. victims to steal information that would provide an economic advantage to the victims’ competitors, including Chinese state-owned enterprises,” Carlin said.
The five Chinese officers accused are Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui. They were indicted by a federal grand jury in Pennsylvania on thirty-one counts of espionage. Carlin described the five men as members of a People’s Liberation Army entity known as Unit 61398. Last year, a report by the information security firm Mandiant concluded that Unit 61398 was behind data theft comprising hundreds of terabytes, a scale it found to be unlikely to have occurred without government sponsorship (see “Chinese government orchestrates cyberattacks on U.S.: experts,” HSNW, 19 February 2013).
Mandiant found that Unit 61398’s network infiltrations “periodically revisit the victim’s network over several months or years and steal broad categories of intellectual property, including technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists from victim organizations’ leadership.”
Among the American companies which fell victim to Chinese government’s data theft affected are aluminum giant Alcoa, US Steel, electricity and nuclear energy firm Westinghouse, Allegheny Technologies Inc., and SolarWorld. The Chinese government hackers also stole data from the US Steelworkers Union.
Robert Anderson, a senior FBI official, said he hoped that Monday’s announcement would lead other companies who suffered theft of proprietary information to “come forward and talk to us.”
The Guardian notes that China has engaged in cyber theft of U.S. military secrets for years – one particularly successful Chinese cyberattack allowed them to steal the design of the F-35 family of stealth jets.
Holder said that the Snowden revelations do not complicate the U.S. task in fighting Chinese industrial espionage campaign. The administration has insisted that whatever one thinks about the NSA surveillance programs, there is a distinction between spying for security purposes, which it considers legitimate, and surveillance intended to reap economic advantages, which it does not.
The administration admitted that the NSA did spy on one Chinese company – Huawei telecom – by penetrating the company’s servers, but U.S. officials, in both the executive and in Congress, view Huawei is not much more than a front for Chinese government surveillance and espionage campaign. Congressional committees came out with reports warning of the risks to the United States if Huawei were allowed to buy American critical infrastructure assets, and the administration notes that its concerns about Huawei are based on security threats from the Chinese company’s products. The worry is that these products and components would be sending customer data back to China, and that Huawei’s products offered Chinese intelligence the opportunity to insert backdoors into these products’ components, which would be used for espionage.
Holder reiterated the distinction between economic and security surveillance in his Monday press conference. “All nations are engaged in intelligence gathering,” Holder said, but the current indictment involves “a state sponsored entity, state sponsored individuals, using intelligence tools to gain commercial advantages, and that is what makes this case different.”
