The United States government on Monday made an unprecedented move in its efforts to combat cyberespionage operations against American companies, efforts that until now had mainly consisted of strongly worded statements and diplomacy. The Department of Justice indicted five officers of the Chinese People’s Liberation Army for allegedly hacking into networks run by companies such as U.S. Steel, Westinghouse and Alcoa and stealing proprietary information that allegedly then was passed on to Chinese-owned companies.
The indictments are the first concrete step in what had thus far been a war of words between American and Chinese politicians over the U.S. government’s beliefs that Chinese state-sponsored attackers have been infiltrating the networks of U.S. companies for years and helping themselves to trade secrets, intellectual property and internal communications. Chinese officials have denied that its army or other state-controlled actors are engaged in these kinds of operations, which has done little to assuage officials in the Obama administration. President Obama himself raised the issue with Chinese President Xi Jinping during talks last year.
Now, the administration is taking things up a couple of notches by leveling formal charges against the Chinese officers, asserting that they stole design and technical specifications, sensitive emails, financial information, manufacturing documents and a slew of other information from the victim companies. The Chinese PLA officers named in the indictment are Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, all of whom the Department of Justice says are officers in Unit 61398 of the PLA’s Third Department.
“This is a case alleging economic espionage by members of the Chinese military.The range of trade secrets and other sensitive business information stolen in this case is significant and demands and aggressive response. The indictment alleges that these PLA officers maintained unauthorized access to victim computers to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises. In some cases, they stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In others, they stole sensitive, internal communications that would provide a competitor, or adversary in litigation, with insight into the strategy and vulnerabilities of the American entity,” U.S. Attorney General Eric Holder said.
“In sum, the alleged hacking appears to have been conducted for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States. This is a tactic that the U.S. government categorically denounces. As President Obama has said on numerous occasions, we do not collect intelligence to provide a competitive advantage to U.S. companies, or U.S. commercial sectors.”
The U.S. government and intelligence officials have made no secret of the fact that the NSA and other intelligence agencies are about the business of stealing secrets. But they often make the point that U.S. agencies don’t hand those secrets over to American private sector companies, a distinction that the Chinese have disputed. Michael Hayden, former director of both the NSA and CIA, said in a speech at the Kaspersky Lab Government Cybersecurity Forum in Washington last year that it’s an important distinction.
“That stealing your stuff thing, we did a lot of that [at the NSA]. Actually, I’d like to think we’re number one. But we stole stuff to keep you safe. We didn’t steal stuff to make you rich, which is really the nub of the issue with the Chinese. These attacks aren’t new. This has been going on for a long time,” Hayden said at the time.
The details of the operations in the indictment allege that the PLA officers targeted U.S. companies involved in joint ventures or trade disputes with Chinese state-owned enterprises and stole a wide variety of information, including design documents, cash flow statements, privileged attorney-client communications and other data.
“In 2010, while Westinghouse was building four AP1000 power plants in China and negotiating other terms of the construction with a Chinese SOE (SOE-1), including technology transfers, Sun stole confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing within the AP1000 plant buildings,” the Justice press release on the indictment states.
“Additionally, in 2010 and 2011, while Westinghouse was exploring other business ventures with SOE-1, Sun stole sensitive, non-public, and deliberative e-mails belonging to senior decision-makers responsible for Westinghouse’s business relationship with SOE-1.”
The tactics the Chinese officers allegedly used appear to come from the first page of the attacker’s handbook. Spearphishing and credential theft were favorites.
“In 2010, U.S. Steel was participating in trade cases with Chinese steel companies, including one particular state-owned enterprise (SOE-2). Shortly before the scheduled release of a preliminary determination in one such litigation, Sun sent spearphishing e-mails to U.S. Steel employees, some of whom were in a division associated with the litigation,” the Justice release says. “Some of these e-mails resulted in the installation of malware on U.S. Steel computers. Three days later, Wang stole hostnames and descriptions of U.S. Steel computers (including those that controlled physical access to company facilities and mobile device access to company networks). Wang thereafter took steps to identify and exploit vulnerable servers on that list.”
Whether any of the Chinese officers named in the indictment will ever see the inside of a U.S. courtroom is a looming question. The Chinese government is unlikely to hand them over to face charges, but Holder said that the indictments are designed to have other effects, as well.
“This case should serve as a wake-up call to the seriousness of the ongoing cyberthreat. These criminal charges represent a groundbreaking step forward in addressing that threat,” Holder said.
“The indictment makes clear that state actors who engage in economic espionage, even over the Internet from faraway offices in Shanghai, will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.”