Skip to main content

US Charges Chinese Army Officers with Cyberespionage

Fed up with failed diplomacy, American officials today (May 19) unveiled a bold new tactic to combat Chinese state-sponsored online espionage, indicting five officers in China's People's Liberation Army (PLA) with stealing trade secrets from American metals and energy companies.

Named as victims of Chinese hacking were U.S. Steel and Alcoa, as well as Allegheny Technologies, Inc., the United Steel Workers union, nuclear-power-plant builder Westinghouse Electric Co. and the U.S. subsidiary of SolarWorld, a German maker of solar panels.

MORE: 7 Scariest Security Threats Headed Your Way

Familiar names in cyberespionage

The five defendants all allegedly work or worked for Unit 61398 of the Third Department of the PLA, also known as the "Comment Crew," "Shanghai Group," "APT 1" or "Byzantine Candor." The group is best known for breaking into the computer networks of The New York Times in early 2013, but is suspected in dozens of other attacks on governments and companies around the world.

"In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court," said Assistant Attorney General for National Security John Carlin at a press conference in Washington, D.C. announcing the indictments. "Well today, we are."

"Diplomacy and public disclosure haven't worked," said Executive Assistant Director of the FBI Robert Anderson. "So now we name indictments."

U.S. Attorney General Eric Holder noted that while all nations spy on each other for political and military matters, the spying in this case was done for purely economic reasons. The U.S. companies whose networks were allegedly broken into were competing with Chinese companies owned or controlled by the PLA.

"State actors who engage in economic espionage, even over the Internet from faraway offices in Shanghai, will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law," Holder said. "Success in the global marketplace should be based solely on a company's ability to innovate and compete, not on a sponsor government's ability to spy and steal business secrets."

A new strategy against cyberespionage

The five defendants were each charged by a federal grand jury in Pittsburgh with 31 counts, including conspiring to commit computer fraud and abuse, aggravated identity theft, economic espionage, trade-secret theft and multiple counts of accessing a protected computer without authorization and of using malware.

The indictment alleges that Wang Dong, Sun Kailiang and Wen Xinyu actively hacked into or tried to hack into the U.S. companies named, and that Huang Zhenyu and Gu Chunhui provided technical support to the other three by maintaining domain accounts (presumably command-and-control servers) used in the network penetrations.

Each defendant faces a possible maximum of 227 years in prison, although their apprehension depends on the cooperation of Chinese authorities.

When asked by a reporter at the Department of Justice press conference why none of the defendants had been apprehended, Carlin pointed out that the five worked for the PLA in Shanghai, and Holder noted that none had ever visited the United States.

Carlin and Anderson said the indictments reflected a new strategy on the part of the U.S. government against state-sponsored industrial espionage.

"Cybertheft is real theft, and we will hold state-sponsored cyberthieves accountable as we would any other transnational criminal organization that steals our goods and breaks our laws," Carlin said.

"This is the new normal," Anderson said. "This is what you're going to see on a recurring basis. If you attack America, we are going to hold you accountable."

How industrial espionage hits home

Holder, Carlin and U.S. Attorney for the Western District of Pennsylvania David Hickton detailed how the theft of trade secrets and other confidential data affected American companies.

"These PLA officers maintained unauthorized access to victim computers to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises," Holder said.

"Right about the time SolarWorld was rapidly losing its market share to Chinese competitors that were pricing exports well below costs, these hackers were stealing cost, pricing and strategy information from SolarWorld's computers," Carlin said. "While Westinghouse was negotiating with a Chinese state-owned enterprise over the construction of nuclear power plants, the hackers stole trade-secret designs for components of those plants."

The theft of secrets deeply affected the metals industry in and around Pittsburgh, where U.S. Steel, Alcoa and Allegheny Technologies are all based, Hickton said.

"Our competitive advantage has been to engineer superior steel," Hickton said. "These computer intrusions ... blunt our ability to compete."

"Cybertheft impacts real people," he added. "Production slows, plants close, workers get laid off and lose their homes."

Follow Paul Wagenseil at @snd_wagenseil. Follow Tom's Guide at @tomsguide, on Facebook and on Google+.