Chinese military unit charged with cyber-espionage against U.S. firms
Chinese military unit charged with cyber-espionage against U.S. firms
(about 9 hours later)
The Justice Department on Monday accused five members of the Chinese military of conducting economic cyber-espionage against American companies, marking the first time that the United States has leveled such criminal charges against a foreign country.
The Justice Department has indicted five members of the Chinese military on charges of hacking into computers and stealing valuable trade secrets
Industries targeted by the alleged cyberspying ranged from nuclear to steel to solar energy, officials said. The hacking by a military unit in Shanghai, they said, was conducted for no other reason than to give a competitive advantage to Chinese companies, including state-owned enterprises.
from leading steel, nuclear plant and solar power firms, marking the first time that the United States has leveled such criminal charges against a foreign country.
In a statement he read at a news conference, Attorney General Eric H. Holder Jr. said: “The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response. . . . Success in the international marketplace should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets.”
The landmark case paves the way for more indictments and demonstrates that the United States is serious about holding foreign governments accountable for crimes committed in cyberspace, officials said at a news conference Monday.
[Read: Here are the five members of Chinese military charged with cyber-espionage.]
The Obama administration “will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market,” Attorney General Eric H. Holder Jr. said.
Holder said the Obama administration “will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market.”
The decision to confront China grew out of a White House strategy formulated two years ago to impose increasing costs on Beijing if it didn’t respond to requests to stop its widespread hacking for commercial advantage. The indictment is intended to address what President Obama and senior intelligence officials have called one of the top threats to national and economic security, with an estimated annual cost to the U.S. economy that ranges from the tens of billions of dollars to more than $100 billion.
In response, China’s Foreign Ministry charged Monday that the U.S. government “fabricated facts” in the indictment, which it said “seriously violates basic norms of international relations and damages Sino-U.S. cooperation and mutual trust.” It said China lodged a “protest” with the United States, urging it to “correct the error immediately and withdraw its so-called prosecution.”
The criminal charges provoked a response from Beijing, which announced Monday that it was suspending high-level cyber talks with the United States that began in June.
Foreign Ministry Spokesman Qin Gang denied in a statement that Chinese government, military and “associated personnel” have ever engaged in “the theft of trade secrets through cyber means.” Qin called the U.S. accusations “purely fictitious, extremely absurd.”
“Given the lack of sincerity by the United States for cooperation to solve cyber security problems through dialogue, China has decided to suspend the activities of the Sino-US Cyber Working Group,” Foreign Ministry Spokesman Qin Gang said in a statement.
Contrary to U.S. claims, “China is the victim of U.S. theft and cyber-surveillance,” Qin said.
The charges are “purely ungrounded and absurd,” Qin said. He added that the United States had “fabricated facts” in the indictment, which he said “seriously violates basic norms of international relations and damages Sino-U.S. cooperation and mutual trust.”
In retaliation, the statement said, “China has decided to suspend the activities of Sino-U.S. Cyber Working Group.” It left open the prospect of “further reaction” in the case.
The leaks from former National Security Agency contractor Edward Snowden already had complicated the talks. Beijing has pointed to disclosures by Snowden of vast NSA surveillance activities — including spying on Chinese companies — to assert that the United States is the greater aggressor in the area.
The indictment against members of the People’s Liberation Army follows vows by senior administration officials to hold other nations to account for computer theft of intellectual property from American industry.
State Department spokeswoman Jen Psaki said, “We regret China’s decisions.” But she added that she does not think the development will affect strategic and economic dialogue meetings with China, scheduled for early July.
China is widely seen as the nation that has been most aggressive in waging cyber-espionage against the United States.
The indictment, which was filed May 1, charges five officials in the People’s Liberation Army (PLA) — hackers with handles such as UglyGorilla and KandyGoo — with computer fraud, conspiracy to commit computer fraud, damaging a computer, aggravated identity theft and economic espionage.
Holder said a federal grand jury in Pittsburgh returned an indictment against five members of a Chinese military unit in a Shanghai building, accusing them of conspiring together and with others to hack into the computers of six US. entities. Named in the case as defendants were Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui, all officers of Unit 61398 of the 3rd Department of the People’s Liberation Army. Wang is also known as UglyGorilla, his hacker handle. Gu used the alias KandyGoo and Sun was also known as Jack Sun, prosecutors said.
China has no extradition treaty with the United States and none of the suspects is likely to see an American courtroom. Nonetheless, Holder said he hopes Beijing will “respect our criminal justice system and let justice take its course.”
Victimized by the cyberspying were Westinghouse Electric Co., Alcoa, Allegheny Technologies Inc., United States Steel, the United Steel Workers Union and SolarWorld, officials said. Alcoa is the largest aluminum company in the United States, and U.S. Steel is the nation’s largest steel company.
The indictment is the result of years of work, officials said, in which investigators followed a complex trail of computer bits to one building in one Chinese city.
The indictment alleges that in some cases the hackers stole trade secrets that would have been particularly beneficial to Chinese companies. For example, it alleges that an Oregon producer of solar panel technology, SolarWorld, was rapidly losing market share to Chinese competitors who were systematically pricing exports well below production costs. At the same time, defendant Wen stole thousands of files containing cost and pricing information from the company, the indictment says.
That nondescript 12-story building in the Pudong New Area of Shanghai is home to Unit 61398 — part of the PLA and identified by researchers as one of the most prolific hacking crews targeting Western companies’ trade secrets and intellectual property.
It also alleges that while Westinghouse Electric, a Pennsylvania nuclear power plant manufacturer, was negotiating with a Chinese company over the construction of four power plants in China, defendant Sun stole confidential design specifications for pipes, pipe supports and pipe routing for those plants — information that would enable any competitor looking to build a similar plant to save on research and development costs.
The 56-page indictment describes the hacking of five companies and a trade union. All but one are located in the Western District of Pennsylvania, where the charges were brought.
Each of the defendants was charged with 31 counts for alleged offenses between 2006 and 2014. If convicted, they would face decades in prison. However, they are at large in China, U.S. officials acknowledged, and there is virtually no chance that the Chinese government would turn them over to U.S. authorities.
The companies — which include U.S. Steel, the country’s largest steel maker, and Alcoa, the largest aluminum manufacturer — agreed to come forward, bucking what for years had been a reluctance by many firms to acknowledge that they had been hacked for fear of shareholder lawsuits and damage to reputation.
The five were indicted on May 1, and the indictment was unsealed Sunday and docketed Monday morning, officials said.
“There has come a point at which enough is enough,” said David Hickton, U.S. attorney for the Western District of Pennsylvania. “The companies are tired of being raided.”
In addition to Holder, officials participating in a news conference to announce the charges included John Carlin, assistant attorney general for national security; David Hickton, the U.S. attorney for the Western District of Pennsylvania, based in Pittsburgh; and Robert Anderson, executive associate director of the FBI.
The other companies are Westinghouse Electric, which builds nuclear power plants; Allegheny Technologies, a metals manufacturer; and SolarWorld, which makes solar products in Hillsboro, Ore. Also hit was the United Steelworkers union, which opposes Chinese trade practices.
The charges are being brought in western Pennsylvania, where several companies that were allegedly victimized are located.
The indictment alleges that the hackers stole trade secrets that would have been particularly beneficial to Chinese companies. PLA member Wen Xinyu — also known as “WinXYHappy” — hacked SolarWorld’s computers and stole thousands of files containing cost and pricing information, prosecutors allege. Hackers took detailed production information that could help a competitor shorten its research and development timeline.
“This case should serve as a wakeup call” on the seriousness of the ongoing cyber threat, Holder said.
The American company rapidly lost market share to Chinese competitors that were accused of systematically pricing exports well below production costs.
Carlin said that in the past, Chinese government officials have challenged the United States to produce charges that could stand up in a court of law.
After a complaint from SolarWorld, the Commerce Department and the U.S. International Trade Commission found that China had “dumped” solar products in the U.S. market.
“Well, today we are,” he said.
In another case, defendant Wang Dong — or UglyGorilla — gained access to a U.S. Steel computer, which allowed him to steal descriptions for more than 1,700 other company computers and worm his way into vulnerable machines. He gained access after fellow PLA hacker Sun Kailiang, also known as Jack Sun, sent spear-phishing e-mails to employees, including one purporting to be from the firm’s chief executive. The e-mails contained malware that, when clicked on, surreptitiously loaded onto employees’ computers and allowed back-door access.
“To be clear, this conduct is criminal,” Carlin said.
John Carlin, the assistant attorney general for national security, said the Chinese have long challenged U.S. officials to provide hard evidence of their data theft that could stand up in court. “Well today, we are,” he said. “For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses.”
“This 21st century burglary has to stop,” Hickton said. “Hacking, spying and cyberthreats for commercial advantage can and will be prosecuted criminally even when the defendants are state actors.”
Although the indictment does not name the state-owned enterprises that may have benefited from the espionage, according to open source literature, they are State Nuclear Power Technology, the Baosteel Group and the Aluminum Corporation of China, which is commonly known as Chinalco.
In response to a question, Hickton said, “This cyber hacking leads directly to the loss of jobs here in the United States.”
James Lewis, a cyber policy expert with the Center for Strategic and International Studies, said China’s withdrawal from the talks was “childish” and a mistake. “If you want to get the United States to do something different, you don’t say, ‘I’m not going to talk to you,’ ” he said.
In 2012, the Justice Department’s National Security Division began training hundreds of prosecutors to combat and prosecute cyber-espionage that poses a threat to national security. Later that year, Carlin, then principal deputy assistant attorney general, told Defense News that “you’ll see a case brought.”
Lewis said he thinks that China will find ways to retaliate, but that it cannot go too far. “Their economy is weaker than ours now,” he said. “Now is not the time for the Chinese to go full-bore in retaliation.”
Even if a prosecution never materializes, the indictment will send a powerful message that such acts will not be tolerated, officials said.
Dmitri Alperovitch, co-founder of CrowdStrike cybersecurity firm, said the indictments will send a signal to U.S. companies that have thought that the government could not do anything to hold state-sponsored hackers accountable. “Now they can look at these indictments and say, ‘Hey, if I want these people to be punished, the U.S. government is willing to step up and do it,’ ” he said. “That’s a very important message.”
Estimates of the economic costs to the United States of commercial cyber-espionage range from $24 billion to $120 billion annually. China is by far the country that engages in the most such activity against the United States, according to a U.S. national intelligence estimate.
Wan reported from Beijing. William Branigin and Karen DeYoung in Washington contributed to this report.
Senior U.S. officials have repeatedly warned China that its continued pilfering of intellectual property to benefit its industries will harm the two countries’ bilateral relationship.
In February 2013, the U.S. security firm Mandiant reported that it had linked a specific unit of the People’s Liberation Army to cyber-intrusions of more than 140 U.S. and foreign companies and entities.
The United States and China agreed last year to begin holding regular, high-level talks on cybersecurity and commercial espionage. But whenever U.S. officials raise the issue of economic spying, the Chinese are not receptive, administration officials said. Though Washington takes pains to distinguish between foreign intelligence gathering and spying to help a country’s own industries gain an economic advantage, officials say that is a distinction without a difference to the Chinese.
The leaks from former National Security Agency contractor Edward Snowden beginning last June have only complicated the talks. Beijing has pointed to disclosures by Snowden of vast NSA surveillance activities — including spying on Chinese companies — to assert that the United States is the greater aggressor in the area.
The U.S. charges are likely to be seen in China as a major action, said Jin Canrong, vice director of international studies at Beijing’s Renmin University. “In the past, the U.S. talked about it but never took any real actions. If the U.S. freezes some Chinese military assets as a result of this, China will respond with counteractions accordingly.”
How negatively it affects U.S.-China relations depends on what further actions the White House takes beyond the criminal charges, Jin said. But in China, he noted, there is a feeling of hypocrisy whenever the United States brings up such charges, especially in light of the recent NSA leaks. “The U.S. has been doing the same thing,” he said.
“This case has been under preparation for a year,” said Bonnie S. Glaser, a senior Asia expert at the Washington-based Center for Strategic and International Studies who meets frequently with military-related and state-sponsored academics in China. The United States is now resorting to such charges because nothing else has worked diplomatically, she said. President Obama has raised the issue repeatedly with Chinese President Xi Jinping in meetings.
“The Chinese have ignored U.S. requests to stop stealing U.S. companies’ intellectual property. The U.S. believes it is necessary to impose consequences for China’s actions,” she said.
“Since Snowden’s revelations, the Chinese have ridiculed U.S. charges that it is stealing [intellectual property]. I expect they will call this U.S. action hypocritical and dismiss it out of hand,” she added.
“The difference between stealing intelligence and company secrets is lost on the Chinese,” she said. “Both are considered fair game and an essential means to accelerate China’s reemergence as a great power.”
At the same time, China has used recent disclosures on NSA surveillance for maximum diplomatic effect to push back against U.S. accusations of cyberattacks. Among the most damaging revelations was a report in March that the NSA infiltrated Chinese telecommunications giant Huawei Technologies to see whether it was spying for Beijing and to turn its equipment against other countries, such as Iran.
In recent years, U.S. officials have made the distinction between cyberspying for national security and cyber-intrusions into private companies for economic theft, which the United States says it does not do but which it accuses China of doing all the time. The Huawei case, while not a theft for economic advantage, showed the U.S. government infiltrating a private Chinese company.
In response, China seized the opportunity for role reversal, demanding an explanation from the United States
“China has lodged complaints to the United States about this many times. We urge the U.S. side to make a clear explanation and stop this kind of acts,” Chinese Foreign Ministry spokesman Hong Lei said in March.
Since last year’s NSA revelations, China has also shown increasing concerns about its own cybersecurity.
Demonstrating how seriously its leaders take the threat, Xi personally took charge of a new government body earlier this year overseeing China’s cybersecurity and vowed to turn China into a “cyber-power,” according to state-run media.
In the most recent example of such growing worries, a high-ranking Chinese Internet official said Sunday that China must intensify its security efforts, warning that “hostile forces abroad” are using cyberspace as a major channel to “infiltrate China.”
Douglas Paal, a former National Security Council official now at Carnegie Endowment for International Peace, said he expects that many Chinese will view the prosecution “as one of Washington’s ways to get back at China for recent pushes against Japan, the Philippines, and Vietnam.”
Paal added: “It will take some time to get people to accept that this is about commercial theft, and not something else. . . . The Chinese are still enjoying their luck at having the Snowden revelations to distract public attention from the U.S. argument against commercial espionage. That is not likely to change soon.”