Gen. Martin E. Dempsey, chairman of the Joint Chiefs of Staff, welcomes Chinese Gen. Fang Fenghui, chief of the General Staff of the People’s Liberation Army Image: DoD
The US government has charged five hackers, all members of China's People's Liberation Army, with stealing trade secrets. It's the first indictment of its kind, and the most pointed accusation yet that the Chinese government is using espionage to undermine American business interests.
"These represent the first ever charges against known state actors for infiltrating US commercial targets by cyber means," Attorney General Eric Holder said at a press conference today. The five hackers, who the FBI has traced to "one building in one block in one city in China," according to US Attorney David Hickton, have been indicted with committing cyber espionage, and stealing the secrets of five American companies and one labor union.
Targeted companies include Westinghouse, the nuclear technology firm, to US Steel, the biggest steel company in the nation, to Solar World, a leading renewable energy company, and the United Steelworkers Union, the country's biggest industrial trade union.
During the morning press conference, leaders at the Department of Justice and the FBI detailed the findings of a years-long investigation into the PLA unit 61398, which federal agents determined is responsible for a very specific series of hacks. The DOJ alleges that the hacks were often made at key times during trade negotiations or disputes, and often directly for the benefit of Chinese-owned corporations.
One striking example was how the hackers helped China outmaneuver US solar power companies.
"Right about the time SolarWorld was rapidly losing its market share to Chinese competitors that were pricing exports well below costs, these hackers were stealing cost, pricing, and strategy information from SolarWorld’s computers," Assistant Attorney General for National Security John Carlin said. Hickton, who represents Western Pennsylvania, home to many of the targeted companies, alleged that the hackers stole secrets from the steel companies and its union during a heated trade dispute, to improve its position and siphon away technology.
The hackers didn't just go after stark competitors, either—sometimes they targeted business partners, too.
"And while Westinghouse was negotiating with a Chinese state-owned enterprise over the construction of nuclear power plants, the hackers stole trade secret designs for components of those plants," Carlin said.
For years, the US government has warily eyed the increasingly aggressive hacking activity originating in China. It's long been suspected that hackers affiliated with the PLA have been working to steal trade and state secrets—one high profile report revealed that there had been 261 attacks, 123 of which had specifically targeted drone manufacturers, many which were large US defense contractors.
The Shanghai building Unit 61398 is housed in, courtesy of Google Maps and Cryptome.
Unit 61398 has in the past been tied to a hacking group the Comment Crew, most decisively by a 2013 Mandiant cyber security report. The New York Times explained that, according to the research, the Comment Crew "has drained terabytes of data from companies like Coca-Cola" but that "increasingly its focus is on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks. According to the security researchers, one target was a company with remote access to more than 60 percent of oil and gas pipelines in North America.”
It's interesting, of course, that the US is charging China with spying at a moment when its own foreign surveillance programs are better known than ever. Holder preemptively sought to parry such criticisms: "All nations are engaged in intelligence gathering," he said, but the PLA spied "to gain commercial advantage, and that is what makes this case different."
It's a strange but predictable distinction to draw—spying for diplomatic or military advantage is fine, yet corporate espionage is beyond the pale—but it highlights, perhaps, why the FBI and the DOJ didn't pursue hackers who pilfered drone technology or other military secrets. Perhaps that's just a bit to close to the kind of activity the NSA excels at.
Regardless, it's unclear what the impact of these charges will actually be. None of the DOJ or FBI officials said that there were any plans to extradite the accused hackers, and it seems unlikely that they would travel to the US to give themselves up, as Holder said he would like them to do.
"Our intention is for the defendants to have due process in an American court of law. That is our intention," he said. "It is our hope to have these people stand before an American jury."
Again, that seems unlikely. It may be that the public indictment was aimed at discouraging foreign hackers from such brazen espionage.
"We have repeatedly pledged we will do more to hold those accountable who engage in these actions," Carlin said. "Today we begin to fulfill that pledge."
Robert Anderson Jr, the new head of the FBI's cybercrime division, doubled down on that sentiment.
"This clears the way for additional charges to be made," he said. "This is the new normal. This is what you're going to see on a regular basis."