U.S. Charges Five in Chinese Army With Hacking

The Justice Department indicted five Chinese military officers, alleging they hacked U.S. companies’ computers to steal trade secrets, a major escalation in the fight between the two superpowers over economic espionage.

The indictment, unsealed Monday, marks the first time the U.S. government has publicly accused employees of a foreign power with cybercrimes against American firms. It also marks the most extensive formal allegations by the government of the kind of hacking that American corporations have long complained about, but until now have rarely acknowledged.

Among those named as victims in the document are brand names from America’s industrial heartland, including U.S. Steel Corp. Westinghouse Electric Co. and Alcoa Inc.

U.S. officials said other cases relating to China are being prepared. In addition, alleged hackers in Russia are likely to be charged soon, according to people familiar with the government’s investigations. U.S. agencies have also been investigating incidents with possible ties to Iran and Syria, these people say.

It is unlikely the suspects will ever be brought to trial in the U.S., since there is no extradition treaty with China. Yet in publicly naming the five, and providing details in a 48-page indictment, the Obama administration is ratcheting up the political and diplomatic costs to China and others if they use computers to steal secrets or attack U.S. interests.

“This case should serve as a wake-up call to the seriousness of the continuing cyberthreat,” Attorney General Eric Holder said.

The move drew an angry response from China’s Foreign Ministry. On Tuesday, China’s official Xinhua news agency said the ministry had summoned Max Baucus, the U.S. ambassador, to lodge “a solemn representation with the U.S. side” over the matter.

In a written statement earlier on the ministry’s website, spokesman Qin Gang said China is suspending participation in a U.S.-China working group on cybersecurity. Mr. Qin called the allegations groundless and demanded their withdrawal. “This U.S. move, which is based on fabricated facts, grossly violates the basic norms governing international relations and jeopardizes China-U.S. cooperation and mutual trust,” Mr. Qin said. “The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cybertheft of trade secrets.”

In a reference to disclosures about U.S. surveillance by former National Security Agency contractor Edward Snowden, Mr. Qin said “publicly disclosed information” showed the U.S. has spied on Chinese government departments, institutions, companies, universities and individuals.

The Justice Department spent six to eight months assembling the hacking cases, which were chosen because the companies allowed themselves to be named, a notable shift, and because prosecutors felt they had assembled strong evidence for their opening case, said people familiar with the probe. Officials wouldn’t say how they gathered evidence against the suspects.

James Comey, director of the Federal Bureau of Investigation, said in an interview the indictment came after efforts to change Chinese behavior through publicity and public shaming didn’t work. “This is thievery, so we’re going to investigate it and seek to prosecute it the way we do when anyone kicks in your door and steals something from your house or business,” he said.

The indictment details how five officers in Unit 61398 of the People’s Liberation Army in Shanghai allegedly engaged in espionage by hacking into five U.S. companies and a labor union. Authorities said the individuals were attempting to gain access to “trade secrets” and other information that would help the Chinese compete and gain an advantage at key moments, such as during negotiations to build a nuclear-power plant in China or during trade


The group allegedly hacked into systems to obtain computer information about U.S. Steel, and piping systems for nuclear-power plants from Westinghouse. Allegheny Technologies Inc., ATI +1.15% a specialty-metals manufacturer, had its network credentials for thousands of employees stolen, according to U.S. officials. The hacking allegedly took place from 2010 to 2012.

The hackers also targeted Alcoa executives, stealing at least 2,907 emails from that company’s computer system, the indictment charges.

A U.S. Steel representative referred questions to the Justice Department. Westinghouse and Allegheny declined to comment.

Alcoa spokeswoman Monica Orbe said, “To our knowledge, no material information was compromised during this incident, which occurred several years ago. Safeguarding our data is a top priority for Alcoa, and we continue to invest resources to protect our systems.”


The group also hacked into employee email accounts for officials at a union of manufacturing and energy workers, the indictment alleges. A spokesman for the union, the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union, which has long criticized Chinese trade practices, called the allegations troubling.

The indictment was handed up by a grand jury in Pittsburgh, a city close to many of the U.S. firms targeted.

The five individuals named in the indictment unsealed Monday are Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui, who were charged with conspiracy to commit computer fraud and abuse. In an unusual move, prosecutors also released photos of the suspects, including one man in military uniform.

In 2013, the administration ratcheted up pressure on China to cease cyberespionage against U.S. firms. Prosecutors pored over hacking cases seeking ones that wouldn’t damage U.S. firms. John Carlin, head of the Justice agency’s national security division, said there has been a “sea change” in the past year among fed-up firms willing to be identified as victims.

The administration’s efforts seemed to wane in the wake of the Snowden disclosures in June 2013, which exposed U.S. cyberspying efforts against China. Some disclosures showed the U.S. penetrating Chinese telecommunications giant Huawei, which U.S. officials allege is a vehicle for Chinese government cyberspying.

U.S. officials privately acknowledge they spy on companies for foreign intelligence purposes, particularly those they believe are at least in part state-controlled, but they say they won’t steal corporate secrets to provide an advantage to U.S. companies.

The White House on Monday defended its decision to issue the indictment and said it coordinated with Beijing in advance of filing the charges. “We don’t do what those Chinese nationals were indicted for,” White House Press Secretary Jay Carney added. “We don’t gather intelligence for the benefit of U.S. companies.”

In China, where many companies are state-controlled in some fashion, that nuanced argument has fallen flat.

Computer-security firm Mandiant, a division of FireEye Inc., FEYE +3.73% was the first to publicly identify in a report last year the Chinese group involved in Monday’s indictment. Founder Kevin Mandia said the five men identified Monday are similar to individuals Mandiant has seen in investigations of the group, which he said includes thousands of people.

“This is just the tip of the iceberg for what the Justice Department could do,” Mr. Mandia said in an interview Monday.

Other U.S. officials have said Mandiant’s report last year made it easier to launch a prosecution because it put details into the public sphere the U.S. obtained through classified methods and couldn’t discuss. Mr. Mandia said the government didn’t, however, use his report in building their case. “They got all of this on their own,” he said.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s