The U.S. Justice Department and FBI have charged a handful of Chinese officials over alleged state-sponsored hacking of American business interests, conducted for economic advantage. The Chinese government itself stands accused of backing these hacking efforts.
In a statement on Monday, the DOJ accused the 5 officials in China’s People’s Liberation Army (PLA) — Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui — of targeting 6 U.S. firms in the nuclear power, metals and solar power sectors. The charges allege that “the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen”, as well as strategic information.
According to FBI director James Comey:
“For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries. The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.”
China has long been accused of being an enthusiastic thief of trade secrets. In a 2013 report, the U.S. National Bureau of Asian Research claimed that as much as 80 percent of U.S. intellectual property theft could be traced back to the Middle Kingdom. Alleged targets have included everyone from universities and research institutes to firms operating in the aerospace and biotech fields – entertainingly, China showed off “new” fighter jet and drone designs last year that bore a striking resemblance to U.S. aircraft.
In this case, the alleged targets were: Westinghouse Electric Co.; U.S. subsidiaries of SolarWorld; United States Steel Corp.; Allegheny Technologies Inc.; the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW); and Alcoa Inc. The charged individuals are or were officers in Unit 61398 of the PLA, identified last year by the security firm Mandiant as being behind the most serious “cyber” attacks on U.S. businesses and government agencies.
Each defendant faces 31 counts ranging from “conspiring to commit computer fraud and abuse” (maximum 10-year penalty) to “economic espionage” (15 years). As for what sentences would mean in effect, it’s unlikely that the officials would find themselves behind U.S. bars because they’re not in the country — however, they may find it tricky to travel.
You’d be forgiven for finding this move a tad hypocritical, coming as it does in the wake of months upon months of revelations regarding the U.S.’s own hacking and espionage efforts, including attacks on China and equipment sold by Chinese networking vendors. That stuff may largely be diplomatic and/or anti-terror in focus, but NSA leaker Edward Snowden has also explicitly accused the U.S. of engaging in industrial espionage by spying on technology and energy firms. The NSA has always denied taking such a tack.
It will be interesting to see whether the U.S. also goes after the likes of India and Russia, both of which also host very active intellectual property theft operations. In all these cases, the big question is how closely these outfits can be tied to actual state sponsorship.
As this is the first time the U.S. has formally accused any country of state-sponsored industrial espionage, the fallout is unpredictable. Although China’s involvement in such things has been on the diplomatic agenda for some time, this argument has now stepped up a notch — predictably, given the context of the Snowden revelations, China has hit back at the U.S. over its surveillance programs and suspended a key Sino-U.S. cybersecurity working group.
This article was updated at 7.45am PT to reflect the details of the now-published charges, and again at 9am PT to note China’s suspension of the working group.