Cyber-spying charges against Chinese reveal shadow trade war

McClatchy Washington BureauMay 19, 2014 

— The indictment of alleged Chinese military hackers announced Monday illuminates the shadowy world of cyber-theft, while exacerbating the already tense relations between China and the United States.

Capping a multi-year investigation that began in Pennsylvania and reached all the way to Datong Road in Shanghai, Justice Department officials charged five People’s Liberation Army officers with stealing secrets from U.S. nuclear power, solar power and steel companies, among others.

The purloined materials include emails, technical documents and financial spreadsheets, Justice Department officials say. The alleged corporate victims include some straight from the U.S. heartland, several of them blue chip symbols of American industry, such as Alcoa, U.S. Steel and Westinghouse Electric.

“When a foreign nation uses military or intelligence resources against an American executive or corporation to obtain trade secrets or sensitive business information for the benefit of its state-owned companies, we must say, ‘Enough is enough,’ ” Attorney General Eric Holder said at a news conference.

Chinese officials immediately denounced the indictments, formally issued May 1 by a Pittsburgh-based federal grand jury in the Western District of Pennsylvania.

“This U.S. move, which is based on fabricated facts, grossly violates the basic norms governing international relations and jeopardizes China-U.S. cooperation and mutual trust,” Foreign Ministry representative Qin Gang said in a statement.

The Foreign Ministry official further called the indictments “purely ungrounded and absurd” and declared that “the Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets.”

In retaliation, the Chinese government said it was suspending its participation in a China-U.S. cyber working group. The working group was established in April 2013 after finger-pointing and complaints from both countries about cross-border hacking.

President Barack Obama has talked with Chinese President Xi Jinping about the U.S. concern over government- sponsored, cyber-enabled theft of trade secrets and business information for commercial gain. The two presidents discussed the issue as recently as March.

“We have consistently and candidly raised these concerns with the Chinese government, and today’s announcement reflects our growing concerns that this Chinese behavior has continued,” White House spokesman Jay Carney said

Adam Segal, a cyber security expert with the Council on Foreign Relations, said it was also possible that the tense relationship with China over territorial disputes in the South China Sea and elsewhere had played into the Obama administration’s decision to pursue the charges.

“Perhaps if we were getting along better, this would have been dealt with behind closed doors,” Segal said.

More pointedly, though, the indictments exposed the tip of what many U.S. officials consider to be the cyber-war iceberg. The Republican and Democratic leaders of the House Intelligence Committee charged Monday that “thousands of People’s Liberation Army (are) hackers working every day, at the behest of the Chinese government, to steal American trade secrets.”

The indictments of the five officers associated with a Shanghai-based military signals intelligence detachment known as Unit 61398 mark the first time criminal charges have been brought against known “state actors for infiltrating U.S. commercial targets by cyber means,” Holder noted. All told, the officers face 31 criminal counts, including conspiring to commit computer fraud, economic espionage and theft of trade secrets.

The officers, purportedly known by such online aliases as “KandyGoo,” “Jack Sun” and “UglyGorilla,” will be brought to trial only if the Chinese government hands them over, which appears unlikely. Nonetheless, the FBI took pains Monday to publish “wanted” posters for each of the five, accompanied by color photographs.

“We hope we will be able to bring them to justice,” said John Carlin, assistant attorney general for national security. “We hope these individuals will come to face their charges in a U.S. courtroom.”

Early last year, a U.S. security company, Mandiant, reported that 140 U.S. and foreign companies had been the victims of cyber intrusions from a unit of the People’s Liberation Army.

Complicating the picture is the difference between how the U.S. and Chinese governments view cyber attacks on private industry, as opposed to purely military targets. China doesn’t recognize a distinction between the two.

The 48-page indictment spells out details of how the five Chinese officers allegedly used malicious software, called malware, as well as hacking techniques with names such as “spear phishing,” to swipe U.S. secrets.

Since at least 2006, Justice Department officials say, the Chinese officers targeted trade secrets at particularly sensitive times. The indictment claims, for example, that while the suburban Pittsburgh-based Westinghouse Electric Co. was negotiating with a Chinese state-owned nuclear power company for construction of four power plants, a Chinese military officer finagled his way into the Westinghouse computer system.

From 2010 to 2011, according to the indictment, the Chinese officer stole technical and design specifications, as well as internal Westinghouse communications concerning the company’s strategy for doing business in China. Some of the stolen emails belonged to Westinghouse’s chief executive officer, officials say.

“Our future is being built every day by the innovation and effort of American workers and companies,” said Robert Anderson, executive assistant director of the FBI. “None of us can afford to watch it be stolen.”

According to another example prosecutors cited, one of the Chinese officers sent spear-phishing emails to employees of U.S. Steel, which was involved in trade disputes with Chinese companies. Spear-phishing emails typically resemble those sent by co-workers or acquaintances, and they try to trick the recipients into opening links that launch malware.

In 2010, according to the indictment, the hacking succeeded in planting Chinese malware on U.S. Steel computers, via a sneaky email with the subject line “US Steel Industry Outlook.” The Chinese officer was then allegedly able to steal host names and descriptions for more than 1,700 U.S. Steel computers.

In a similar vein, prosecutors say, one of the Chinese officers in 2012 virtually tiptoed into computers of the union that represents U.S. steel workers. At the time, the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union was challenging Chinese trade practices. The hacker stole emails from senior union officials that included strategies relating to the trade disputes, prosecutors say.

The other companies the Chinese allegedly hacked were Allegheny Technologies Inc., a specialty metals supplier to the aerospace and defense industries that’s also based in Pittsburgh, and U.S. subsidiaries of SolarWorld AG.

“This 21st-century burglary has got to stop,” said David J. Hickton, the U.S. attorney for the Western District of Pennsylvania.

Leavenworth reported from Beijing. McClatchy reporter Lesley Clark and McClatchy special correspondent Tiantian Zhang contributed. Email:,; Twitter: @MichaelDoyle10, @sleavenworth.

McClatchy Washington Bureau is pleased to provide this opportunity to share information, experiences and observations about what's in the news. Some of the comments may be reprinted elsewhere in the site or in the newspaper. We encourage lively, open debate on the issues of the day, and ask that you refrain from profanity, hate speech, personal comments and remarks that are off point. Thank you for taking the time to offer your thoughts.

Commenting FAQs | Terms of Service