The U.S.-China digital cold war is getting warmer.
Monday, the U.S. Justice Department announced an indictment against five Chinese army officers for hacking into American organizations. The organizations were Westinghouse Electric, Alcoa, Allegheny Technologies, U.S. Steel, the United Steelworkers Union, and SolarWorld.
“These represent the first-ever charges against known state actors for infiltrating U.S. commercial targets by cyber means,” U.S. Attorney General Eric Holder said at a press conference in Washington, D.C.
“Virtually every Fortune 500 company assumes they’ve been infiltrated,” Gartner security analyst Avivah Litan told VentureBeat. She added that it was not likely hacker gangs have been behind all the attacks, “not with the level [of cyber-espionage] we’re seeing.”
Each of the five officers are charged with 31 criminal counts, including accessing a computer without authorization for the purpose of commercial advantage and private financial gain, aggravated identity theft, economic espionage, and theft of trade secrets. The indictments were handled down by a federal grand jury in Pittsburgh, since some of the allegedly hacked companies have locations in western Pennsylvania.
‘Observed’ sending and controlling
While most major nation-states — including the U.S. — engage in cyber-spying and even cyber-strikes against military and intelligence targets, the U.S. contends it does not conduct cyber-attacks against foreign companies to bolster the economic interests of American companies.
Classified National Security Agency documents released by ex-NSA contractor Edward Snowden indicated the U.S. had penetrated the servers of Chinese telecommunications giant Huawei, which it considered a security threat. Those hacks, however, were defended by the U.S. as national security operations, not actions intended to assist American companies at the expense of Chinese ones.
The FBI’s wanted posters mention that the six American companies were hit “while those companies were engaged in negotiations or joint ventures or were pursuing legal action with or against state-owned enterprises in China.” The allegedly stolen emails, trade secrets, and tech specs, the FBI said, were then used to weaken the bargaining position of the American companies.
The five indicted Chinese officers are Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, all members of Unit 61398 in the 3rd Department of the People’s Liberation Army and all operating out of the same Shanghai building. Each now has his own FBI “Wanted” poster.
The FBI notices mention that Sun Kailiang in particular was “observed both sending malicious e-mails and controlling victim computers,” although we don’t know whether that observation was made in person or forensically.
The Chinese government’s Foreign Ministry responded to the indictments by saying the U.S. “fabricated facts” and that the indictment “seriously violates basic norms of international relations and damages Sino-U.S. cooperation and mutual trust.” In retaliation, the Chinese government said it would suspend a Chinese-American Internet working group.
All five officers are thought to be in China currently, and, if so, they cannot be arrested unless the Chinese government delivers them – a highly unlikely event.
But the indictments do raise the visibility of this issue as well as put some limits on the futures of these five individuals. Their travel plans outside China, for instance, may now be put on hold.
And, as former NSA attorney Stewart Baker told Reuters, these indictments could limit their employability by Chinese firms, “because [the] U.S. government is going to look askance at Chinese firms that hire former cyber spies.”