The Justice Department today announced criminal charges against Chinese military officials in an unprecedented international cyber-espionage case.
Attorney General Eric Holder revealed the indictments during a press conference, accusing five officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army with hacking into the networks of six U.S. companies and stealing trade secrets. It is the first time the U.S. has officially charged active members of the PLA with cyber-crimes stemming from economic espionage activities.
According to the indictment, the Chinese military hackers conspired between 2006 and 2014 to break into the networks of Westinghouse Electric Co.; U.S. subsidiaries of SolarWorld AG; United States Steel Corp.; Allegheny Technologies Inc.; the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union; and Alcoa Inc.
“This is a case alleging economic espionage by members of the Chinese military and represents the first-ever charges against a state actor for this type of hacking,” Holder said. The alleged cyber-espionage against these U.S. companies came at critical times for the companies involved, including during international trade disputes and planning phases for major new facilities. The compromises appear to have been conducted for no other reason but to gain competitive advantage for Chinese companies that were either involved in the trade disputes or active competitors in the global market.
Assistant Attorney General for National Security John Carlin said the indictments are a direct response to China’s public challenges to the U.S. to produce evidence to back up a series of public statements by the Obama administration calling out China as one of the main perpetrators of state-sponsored cyber-espionage against U.S. companies and government agencies.
“For the first time, we are exposing the faces and names behind the keyboards in Shanghai,” Carlin said.
The indictment charges one of the defendants, Sun Kailiang, with stealing confidential and proprietary technical and design specifications of pipes, supports and routing diagrams related to a new Westinghouse power plant. The intrusion allegedly took place in 2010, while Westinghouse was building four AP1000 power plants in China and negotiating other terms of the construction with Chinese officials.
That same year, U.S. Steel was participating in trade disputes with Chinese steel companies. Shortly before the scheduled release of a preliminary determination in one such litigation, the indictment alleges Sun sent spearphishing emails to U.S. Steel employees, some of whom were in a division associated with the litigation.
“Some of these emails resulted in the installation of malware on U.S. Steel computers,” the indictment states. Three days later, Sun’s co-conspirator, Wang Dong, “stole hostnames and descriptions of U.S. Steel computers (including those that controlled physical access to company facilities and mobile device access to company networks),” the indictment states. Wang thereafter took steps to identify and exploit vulnerable servers on that list.
The indictment also alleges in 2012, at about the same time the Commerce Department found that Chinese solar product manufacturers had “dumped” products into U.S. markets at prices below fair market value, Wen Xinyu and at least one other unidentified co-conspirator stole thousands of files about SolarWorld’s cash flow, manufacturing metrics, production line information, costs and privileged attorney-client communications relating to ongoing trade litigation.
“Such information would have enabled a Chinese competitor to target SolarWorld’s business operations aggressively from a variety of angles,” the indictment states.
Justice Department officials have accused Huang Zhenyu of facilitating hacking activities by registering and managing domain accounts his co-conspirators allegedly then used to hack into U.S. companies. Between 2006 and at least 2009, Unit 61398 assigned Huang to perform programming work for an unnamed state-owned company, including the creation of a “secret” database designed to hold corporate “intelligence” about the iron and steel industries, including information about American companies, according to the indictment.
“This conduct is criminal,” Carlin said, accusing the Chinese of “stealing the fruits of our labor” rather than innovating and creating better products and business processes to compete more effectively in the global market.
“For too long, the Chinese government has blatantly sought to use cyber-espionage to obtain economic advantage for its state-owned industries,” said FBI Director James B. Comey in a statement accompanying the indictment. “The indictment announced today is an important step. But there are many more victims, and there is much more to be done.”
FBI Executive Associate Director Robert Anderson said although the indictment is the culmination of several years of investigation, the FBI believes there are “many other victims.” Anderson encouraged other companies who may have been targeted to come forward.
Cybersecurity researchers and former U.S. intelligence officials have determined there are at least 24 hacker organizations in China that have an attack infrastructure with more than a 1,000 servers and are capable of maintaining access to hacked networks for at least a year, on average.