Washington on Monday charged five “Chinese military hackers” with cyber-espionage, alleging that between 2006 and 2014 they broke into the computer networks of six U.S. corporations and made away with a “significant” trove of intellectual property and trade secrets relating to the nuclear power, metals and solar products industries.
The indictment against members of the Chinese military “represents the first ever charges against a state actor for this type of hacking,” U.S. Attorney General Eric Holder said, adding, “Success in the global market place should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets.”
The high-profile charges are likely to heighten tensions between Washington and Beijing even as numerous trade disputes between the two countries continue to fester.
However China may well push back on the allegations, particularly pointing to reports earlier this year that the U.S. National Security Agency (NSA) hacked into the servers of Huawei, a large Chinese telecommunications equipment manufacturer closely linked to the Government of China.
In March, media reports based on a series of documents supplied to media by whistleblower and former NSA contractor Edward Snowden revealed that the NSA created ‘backdoors’ into Huawei’s networks and covertly accessed the e-mails of Huawei founder Ren Zhengfei among others.
This week, the Department of Justice identified the defendants in the case as Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, “who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army.”
The DOJ alleged that Wang, Sun, and Wen, “among others known and unknown to the grand jury,” hacked or attempted to hack into U.S. entities named in the indictment, while Huang and Gu supported their conspiracy by, among other things, managing infrastructure such as domain accounts used for hacking.
The DOJ identified the “victims” of the alleged economic espionage as Westinghouse Electric Co., U.S. subsidiaries of SolarWorld AG, U.S. Steel Corp., Allegheny Technologies Inc., the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union and Alcoa Inc.
Outlining some of the details of the methods used by the alleged hackers, the DOJ said that they stole everything from confidential and proprietary technical and design specifications for pipes, to private data on cash flow, manufacturing metrics, production line information, costs, and privileged attorney-client communications relating to ongoing trade litigation.
One technique allegedly deployed by several of the accused individuals was “spear-phishing,” referring to incoming e-mails that may appear to be from known individuals or businesses but in fact represent an e-mail spoofing fraud that enables hackers to obtain unauthorised access to confidential data within an organisation.