US charges Chinese military officials in cyberspying case
By TIMOTHY M. PHELPS AND JULIE MAKINEN | Tribune Washington Bureau | Published: May 20, 2014
WASHINGTON — The federal indictment of five Chinese military officials for allegedly stealing U.S. corporate trade secrets significantly escalated the cyberespionage battle between the two superpowers — and sharply contrasted their attitudes toward commercial spying.
Monday’s first-of-its-kind case against foreign government officials marks a new, more aggressive posture by the U.S., which for years has traded accusations with China about launching and supporting cyberattacks against government and private entities.
“This administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market,” U.S. Attorney General Eric H. Holder Jr. said at a news conference in Washington, where he disclosed the previously sealed indictment.
The allegations elicited strong denials from the Chinese government, which dismissed the case as “fabricated” and warned it would jeopardize diplomatic and commercial relations.
“The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cybertheft of trade secrets,” Foreign Ministry spokesman Qin Gang said in a statement. “The U.S. accusation against Chinese personnel is purely ungrounded and absurd.”
Qin accused the U.S. of hypocrisy, alluding to disclosures by former National Security Agency contractor Edward Snowden that the U.S. has long monitored and hacked into Chinese phone and communications companies.
Holder insisted, however, that the U.S. engages in cybersurveillance only for national security purposes, not to give American companies a competitive advantage against their Chinese rivals.
Kathleen Walsh, an associate professor at the Naval War College, said the indictment underscored key differences in the viewpoints of the global powers.
The U.S. has historically considered it a crime to spy on foreign companies in order to provide a commercial advantage to U.S. firms, she said. In contrast, China sees no reason not to assist Chinese-owned companies and embraces all forms of technology transfer, including espionage and cyberespionage.
“Therefore, this indictment is unlikely to fundamentally change China’s long-standing technology development strategy and cyberespionage activities,” said Walsh, who emphasized that her analysis did not represent the official views of the U.S. government or the military.
“It does, nonetheless, raise the costs somewhat, if mainly in diplomatic terms and as a loss of global face,” she said.
The hacked U.S. companies and organizations included U.S. Steel, Westinghouse Electric, aluminum giant Alcoa, metals company Allegheny Technologies, the United Steelworkers union and U.S. subsidiaries of German-owned SolarWorld.
The detailed indictment — which included the names, photos, Internet handles, unit and building address of the alleged conspirators in Shanghai — was not expected to result in arrests because China is unlikely to turn over any of its citizens. The officers were identified as Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui.
Holder said the five stole trade secrets and “sensitive, internal communications” that provided Chinese companies with valuable information on the strategies and vulnerabilities of U.S. competitors engaged in negotiation, litigation or trade disputes with Chinese firms.
Analysts viewed the case as an implicit U.S. warning to China.
“The purpose in naming them specifically would be to show they were able to be caught and tracked down, i.e. the Chinese tradecraft was sloppy,” said Dennis Blasko, a former Army attache at the U.S. Embassy in Beijing.
U.S. officials characterized the charges as a response to Chinese leaders, who have long denied that the People’s Liberation Army is engaged in economic espionage and had challenged the U.S. to provide proof.
“Well, today we are” providing proof, said John Carlin, assistant attorney general for national security. “For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses.”
The Chinese government demanded that the U.S. indictment be withdrawn and announced it was suspending activities of the China-U.S. Cyber Working Group, created last year to address allegations of hacking. Some experts predicted China would respond by filing its own cyberspying indictment against U.S. entities.
The case was filed in U.S. District Court in Pittsburgh, the heart of the U.S. metals industry, where several of the targeted U.S. companies operate. It provided a cautionary tale for companies doing business with China.
According to the indictment, while Westinghouse was building four nuclear power plants in China and negotiating to build more, a Chinese military officer using the handle Jack Sun was burrowing into the company’s computers.
From 2010 to 2012, the indictment says, Sun and colleagues in “Unit 61398” of the People’s Liberation Army in Shanghai stole the equivalent of 700,000 pages of email messages and other documents belonging to Westinghouse’s chief executive and other senior executives. The documents included the company’s business strategies, designs and proprietary technology.
After U.S. Steel accused China of dumping cheap steel in the U.S., Sun, aided by another officer who went by the name “UglyGorilla,” sent a so-called spearphishing email purporting to come from U.S. Steel’s chief executive to 20 company employees. Some were tricked into installing malware on company computers when they clicked on a link in the email, the indictment states.
The malware installed by this and other attacks gave the Chinese backdoor access to the company’s computers, enabling the Chinese government to gather information from 1,700 company computers that included servers used for emergency response and network security, the indictment said.
When the United Steelworkers’ international president issued a “call to action” against Chinese trade policies, a defendant known as “WinXYHappy” allegedly hacked into his and other union officials’ email accounts, which contained the union’s private strategic discussions.
Wayne Ranick, a spokesman for the 850,000-member union, called the allegations “quite troubling.”
David Hickton, the U.S attorney in Pittsburgh, asserted that the espionage, combined with illegal dumping of underpriced materials, had led directly to U.S. plant closings and the loss of thousands of jobs around the country.
“This 21st-century burglary has to stop,” Hickton said. “We would not stand idly by if someone pulled a tractor trailer up to a corporate headquarters, cracked the lock and loaded up sensitive information.”
The case is likely to increase public pressure on the administration to take further actions against China, whose trade surplus with the U.S. is estimated to have surpassed $318 billion last year. According to recent estimates, cyberespionage costs U.S. firms $24 billion to $120 billion annually.
The alleged activities of the Shanghai unit were first revealed in February 2013 by the U.S. information security firm Mandiant. It reported that Unit 61398 had been linked to cyberintrusions of 141 U.S. and foreign companies and entities, mostly in English-speaking countries.
President Barack Obama raised the issue in June during meetings with China’s president, Xi Jinping, during an informal summit in California.
“Mandiant was the first major shot across the bow, and clearly it wasn’t working, so this is the next step,” said June Teufel Dreyer, a professor at the University of Miami who specializes in China.
She said the indictment was an effort by the Obama administration to demonstrate toughness, both to China and the region.
“From Obama’s perspective, this will hopefully take some of the heat, the criticism, off him that he’s been totally wimpy,” she said.
But she noted that the administration sought to contain the diplomatic backlash by charging only officers rather than the army.
“It is possible what the Obama administration wants to do is limit the adverse reaction by not indicting the entire (military), but naming specific individuals,” she said.
Phelps reported from Washington; Makinen from China. Times staff writers Robert Faturechi in San Francisco and Richard A. Serrano in Washington contributed to this report.