Today, the Attorney General ended speculation about whether the United States would ever criminally charge members of the Chinese Army by announcing that a grand jury in the Western District of Pennsylvania had issued an indictment of five Chinese men for illegal hacking, economic espionage, theft of trade secrets and other statutory violations.
The Chinese hackers, members of a signals intelligence component of the People’s Liberation Army (PLA), allegedly targeted six American entities at times when the stolen information would be particularly beneficial to their Chinese competitors (including state-owned enterprises, or SOEs). The victims included Westinghouse, SolarWorld, U.S. Steel, Allegheny Technologies Inc. (ATI), the United Steel Workers Union, and Alcoa, Inc. Each company was hacked while engaging in business deals with China or while competing with Chinese companies. You can view the Department of Justice Press Release Here.
The hackers used sophisticated techniques to gain access to the computer systems. They also had repeated success with “spearphishing” messages – one defendant sent spearphishing emails appearing to be from U.S. Steel employees to others at the company with the subject line “US Steel Industry Outlook.” The message included a link to malware that would provide the hackers with backdoor access to the company’s computers. The hackers used these attacks to steal confidential corporate information either to assist Chinese companies in negotiations, or to provide a competitive advantage.
The indictment against the Chinese hackers comes at the same time as the New York Attorney General and FBI announced charges filed in connection with Blackshades, an organization that sold and distributed malware that allowed the hacker to remotely access a user’s computer and webcam.
Although only six companies were specified in the cyber-espionage case today, as Marc Zwillinger said in an interview on CNBC, “This is just the tip of the iceberg. There are many more affected companies out there.” It remains to be seen whether the Department of Justice will bring more cases or whether these hackers will ever see the inside of an American courtroom. Nonetheless, the indictments are a significant step in confronting Chinese efforts to attack American companies to gain a competitive advantage.
Photo by Kevin Dooley from Flickr
