US Toughens Stance on Chinese Cyberspying With 5 Criminal Indictments
Although it's unlikely any arrests will be made, U.S. indictments against five Chinese officials for hacking into American companies' networks send a clear message. "This is a shot across China's bow," said Richard Stiennon, chief research analyst at IT Harvest. "It demonstrates that the U.S. is serious about this." One possible result could be movement toward international cyberespionage norms.
05/20/14 5:00 AM PT
The U.S. Justice Department on Monday kicked up a notch the Obama administration's efforts to curb China's economic espionage activity against American businesses.
A grand jury indicted five members of the Chinese army on DoJ allegations they conspired to hack into the networks of U.S. companies to steal information that would be useful to their competitors in China.
"This is a case alleging economic espionage by members of the Chinese military and represents the first ever charges against a state actor for this type of hacking," said U.S. Attorney General Eric Holder.
"The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response," he added.
"Success in the global market place should be based solely on a company's ability to innovate and compete, not on a sponsor government's ability to spy and steal business secrets," Holder continued. "This Administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market."
China, as it has done in the past, denied any merit in the indictments.
"This U.S. move, which is based on fabricated facts, grossly violates the basic norms governing international relations and jeopardizes China-U.S. cooperation and mutual trust," said China Foreign Ministry spokesperson Qin Gang.
"The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cybertheft of trade secrets," he insisted. "The U.S. accusation against Chinese personnel is purely ungrounded and absurd."
The attacks in the indictment have been described in public reports in the past, but for the first time, the names of companies involved have been made public.
In one of the incidents cited in the indictment, alleged hacker Sun Kailiang in 2010 and 2011 stole confidential and proprietary information from Westinghouse to give a Chinese company an edge during negotiations over building some power plants in China.
Sun also is accused of nicking emails from Alcoa relating to a partnership that the company announced with a Chinese firm.
The indictment alleges that Sun and another defendant, Wang "UglyGorilla" Dong, in 2010 planted malware and exploited server vulnerabilities on U.S. Steel systems around the time it was participating in trade litigation against Chinese companies.
Another defendant, Wen Xinyu, is accused of conspiring in 2012 with an unidentified person to steal business documents from SolarWorld that would have enabled a Chinese competitor to target the American company from a number of angles.
Wen allegedly also stole the network credentials for most of the employees at ATI, which was involved in a trade dispute with a Chinese company, as well as emails from senior officials at USW when that company was involved in some disputes over Chinese trade practices in at least two industries.
Two other military figures named in the indictment, Huang Zhenyu and Gu "KandyGoo" Chunhui, contributed to the hacking activities of others by registering and managing domains used by the cyberspies, testing spearphishing letters, and setting up a data base to hold pilfered information from U.S. companies.
Shot Across the Bow
The DoJ indictments have been a long time coming.
"This is an escalation that had to happen," Richard Stiennon, chief research analyst at IT Harvest, told TechNewsWorld.
"This is probably something that should have happened 10 years ago," he said. "There was enough evidence then to start pushing back."
"This is a shot across China's bow," he added. "It demonstrates that the U.S. is serious about this."
It also underscores the vulnerability of U.S. businesses to these kinds of attacks.
"China may be participating in the concept of capitalism, but many of their businesses are still tightly coupled to the government," Julian Waits, CEO of ThreatTrack Security, told TechNewsWorld.
"Our businesses are completely separate, so they're almost crippled in dealing with something like cyberespionage," he pointed out. "Our government won't share information with us. It's up to the business to protect itself."
No one knows yet what China will do in the face of these indictments, but some believe it will act cautiously.
"The Chinese government has an interest in building commercial relationships with U.S. companies, so engaging in any sort of retaliatory behavior in reaction to a public indictment is something that would run counter to that," Paul Tiao, a partner with Hunton & Williams, told TechNewsWorld.
Spur for Norms
While it isn't likely that China will surrender the Army officers named in the indictments, the move can make things uncomfortable for the alleged hackers should they leave China.
"They're on the FBI's Wanted List, and the U.S. government can file a notice with Interpol so any country with an extradition treaty with the U.S. would arrest them," explained Dmitri Alperovitch, cofounder and CTO of CrowdStrike.
"That means no more vacations on the French Riviera or in Thailand," he told TechNewsWorld.
"This sends a message to others who are participating in this activity -- even if they're doing it on behalf of the Chinese government -- that their lives will be severely impacted if they continue to do it," he added.
The indictments also may lead to some positive developments in how nations treat cyberspies.
"This is a step forward on the long road toward establishing a set of international norms regarding cyberespionage," said Tom Cross, director of security research at Lancope.
"These prosecutions do send a clear message regarding what sort of behavior the United States views as unacceptable," he told TechNewsWorld. "That message will prompt a dialog about international norms in this area, and having that dialog is a vital part of coming to grips with the impact that Internet security issues are having on our societies."