By Jim Finkle, Joseph Menn and Aruna Viswanatha
May 19 The United States on Monday charged five
Chinese military officers and accused them of hacking into
American nuclear, metal and solar companies to steal trade
secrets, ratcheting up tensions between the two world powers
over cyber espionage.
China immediately denied the charges, saying in a strongly
worded Foreign Ministry statement the U.S. grand jury indictment
was "made up" and would damage trust between the two nations.
Officials in Washington have argued for years that cyber
espionage is a top national security concern. The indictment was
the first criminal hacking charge that the United States has
filed against specific foreign officials, and follows a steady
increase in public criticism and private confrontation,
including at a summit last year between U.S. President Barack
Obama and Chinese President Xi Jinping.
"When a foreign nation uses military or intelligence
resources and tools against an American executive or corporation
to obtain trade secrets or sensitive business information for
the benefit of its state-owned companies, we must say, 'Enough
is enough,'" U.S. Attorney General Eric Holder said at a news
conference.
Federal prosecutors said the suspects targeted companies
including Alcoa Inc, Allegheny Technologies Inc,
United States Steel Corp, Toshiba Corp unit
Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG
, and a steel workers' union.
Officials declined to estimate the size of the losses to the
companies, but said they were "significant." The victims had all
filed unfair trade claims against their Chinese rivals, helping
Washington draw a link between the alleged hacking activity and
its impact on international business.
According to the indictment, Chinese state-owned companies
"hired" Unit 61398 of the People's Liberation Army "to provide
information technology services" including assembling a database
of corporate intelligence. The Chinese companies were not named.
The Shanghai-based Unit 61398 was identified last year by
cybersecurity firm Mandiant as the source of a large number of
espionage operations. All five defendants worked with 61398,
according to the indictment.
"The administration is trying to make this clear it's a
trade issue, not a cold war with China," said Jim Lewis of the
Center for Strategic and International Studies, who has served
as a U.S. representative in hacking negotiations with China.
The Chinese Foreign Ministry statement said it would
suspend the activities of a Sino-U.S. working group on cyber
issues, which American officials believe refers to a joint
effort established in April 2013 involving State Department
expert Chris Painter and China Foreign Ministry official Dai
Bing.
That was set up as a spinoff from the U.S.-China Strategic
and International Dialogue, but produced little tangible
progress even before leaks by former National Security
Administration contractor Edward Snowden leaks gave China
grounds for accusing the NSA of infiltrating Chinese companies
as well as government offices.
U.S. officials have maintained that they do not steal
secrets to give an advantage to U.S. companies, but in China,
Lewis said, the line between military and business prowess is
unclear.
Unit 61398 has hundreds of active spies and is just one of
dozens of such bodies in China, said Jen Weedon, an analyst at
Mandiant, now owned by global network security company FireEye
Inc. She said the group is not among the most
sophisticated.
The specific accusation is less important than the
demonstration that the United States is committed to stepping up
its fight in multiple ways, Weedon said.
"There's a paradigm shift with regards to other ways
countries try to hold each other accountable," she said.
U.S.-CHINA TIES
The cyber spying charges come amid growing tensions between
Washington and Beijing over China's increased assertiveness in
maritime disputes with its neighbors.
Days after Obama ended an Asia-Pacific tour in late April,
China deployed an oil drilling rig 150 miles (240 km) off the
coast of Vietnam, in a part of the South China Sea claimed by
itself and Hanoi. That sparked deadly anti-China riots in
central Vietnam last week and raised questions among U.S. allies
in the region over whether Obama's long-promised strategic
"pivot" toward Asia is more than talk.
A tougher stand against Chinese cyber crime targeting U.S.
interests could help counter criticism that Washington has
responded too passively to Beijing's geopolitical challenges.
U.S. officials have long complained about Chinese cyber spying
but have taken few concrete actions to punish those suspected of
being behind it.
Washington announced the charges as new claims emerged last
week about the scope of overseas spying by the United States.
Documents leaked by Snowden showed the agency intercepted and
modified equipment made by Cisco Systems Inc that was
headed overseas.
Cisco responded by asking Obama to curtail U.S. surveillance
programs, underscoring the vulnerability of multinationals to a
whipsaw of competing government interests.
Douglas Paal of the Carnegie Endowment for International
Peace think tank said the hacking charges will add to the list
of grievances that have been accumulating between China and the
United States. "It will give Beijing a chance to remind the U.S.
that its own spying is a bigger problem."
He added, "We have a plethora of vulnerable firms, including
Cisco, Intel, IBM and others. Targeted
retaliation is likely intended to split and weaken American
support for the administrations action."
Skeptics said U.S. authorities would not be able to arrest
those indicted because Beijing would not hand them over. Still,
the move would prevent the individuals from traveling to the
United States or other countries that have an extradition
agreement with the United States.
"It won't slow China down," said Eric Johnson, dean of the
business school at Vanderbilt University and an expert on cyber
security issues.
But the step could prompt China to rethink the position that
industrial secrets are fair game, analysts said.
"At some point, they are going to start dealing seriously
with this problem, unless they want to hurt relations," said
Dmitri Alperovitch, co-founder of security firm CrowdStrike.
SPEAR PHISHING
In an indictment filed in the Western District of
Pennsylvania, prosecutors said the officers hacked into
computers starting in 2006, often by infecting machines with
tainted "spear phishing" emails to employees that purport to be
from colleagues.
Prosecutors alleged that one hacker, for example, stole cost
and pricing information in 2012 from an Oregon-based solar panel
production unit of SolarWorld. The company was losing market
share at the time to Chinese competitors who were systematically
pricing exports below production costs, according to the
indictment.
Another officer is accused of stealing technical and design
specifications about pipes for nuclear plants from Westinghouse
Electric as the company was negotiating with a Chinese company
to build four power plants in China, prosecutors said.
American businesses have long urged the government to act
against cyber espionage from abroad, particularly by China.
Alcoa spokeswoman Monica Orbe said: "To our knowledge, no
material information was compromised."
U.S. Steel declined to comment, while SolarWorld CEO Frank
Asbeck said the company supported the U.S. investigation.
(Reporting by Jim Finkle in Boston, Joseph Menn in San
Francisco and Aruna Viswanatha in Washington; Additional
reporting by Susan Heavey, Mark Hosenball, Matt Spetalnick and
David Brunnstrom; Editing by Bernadette Baum, Tiffany Wu and
Eric Walsh)