Attorney General Eric Holder speaks at a May 19 news conference at the Justice Department in Washington. Holder announced that a U.S. grand jury has charged five Chinese hackers with economic espionage and trade secret theft, the first-of-its-kind criminal charges against Chinese military officials in an international cyber-espionage case. (Charles Dharapak / AP)
This wanted poster is displayed at the Justice Department shows five alleged Chinese hackers charged with economic espionage and trade secret theft, the first-of-its-kind criminal charges against Chinese military officials in an international cyber-espionage case. (AP)
WASHINGTON — In a landmark case alleging international economic spying, the United States announced on Monday unprecedented cyber espionage charges against five Chinese military officials accused of hacking into U.S. companies to gain trade secrets.
The hackers targeted big-name makers of nuclear and solar technology, stealing confidential business information, sensitive trade secrets and internal communications for competitive advantage, according to a grand jury indictment.
“Success in the international marketplace should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets,” Attorney General Eric Holder said at a news conference.
The alleged targets are Alcoa World Alumina, Westinghouse Electric Co., Allegheny Technologies, U.S. Steel Corp., the United Steelworkers Union and SolarWorld. The indictment, which includes charges of trade-secret theft and economic espionage, was issued in Pittsburgh, where most of the companies are based.
The charges dramatize a longtime Obama administration goal to prosecute state-sponsored cyber threats, which U.S. officials say they have grappled with for years. A recent government report said that more than 40 Pentagon weapons programs and nearly 30 other defense technologies have been compromised by cyber intrusions from China. The cybersecurity firm Mandiant also has linked a secret Chinese military unit to years of cyberattacks against U.S. companies.
The prosecution was announced on the heels of a separate worldwide operation over the weekend that resulted in the arrests of 97 people in 16 countries who are suspected of developing, distributing or using malicious software called BlackShades. The software allows criminals to gain surreptitious control of personal computers.
“This is the new normal. This is what you’re going to see on a recurring basis,” Bob Anderson Jr., executive assistant director of the FBI’s Criminal, Cyber Response and Services Division, said of the cyber espionage case.
In a statement, China’s Foreign Ministry said the U.S. charges were based on “fabricated facts” and jeopardize China-U.S. “cooperation and mutual trust.”
“China is steadfast in upholding cybersecurity,” said the statement. “The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cybertheft of trade secrets. The U.S. accusation against Chinese personnel is purely ungrounded and absurd.”
The indictment says that five hackers — members of the People’s Liberation Army — worked from a building in Shanghai to steal proprietary information from the companies and the labor union, including communications that could have helped Chinese firms learn strategies and weaknesses of American companies involved in litigation with the Chinese government or Chinese firms.
The defendants are all believed to be in China and it was unclear whether they would ever be turned over to the U.S. for prosecution. But the Justice Department, publicizing the charges, identified all five by name and issued “wanted” posters.
“For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses,” said John Carlin, the head of the Justice Department’s National Security Division.
U.S. officials have previously asserted that China’s army and China-based hackers have launched attacks on American industrial and military targets, often to steal secrets or intellectual property. China has said that it is the nation that faces a major threat from hackers, and the country’s military is believed to be among the biggest targets of the NSA and U.S. Cyber Command.
The indictment will put a greater strain on the U.S.-China relationship and could provoke retaliatory acts in China or elsewhere.
“What we can expect to happen is for the Chinese government to indict individuals in the United States who they will accuse of hacking into computers there,” said Mark Rasch, a former U.S. cybercrimes prosecutor. “Everybody now is going to jump into the act, using their own criminal laws to go after what other countries are doing.”
Rasch said the indictments attempt to distinguish spying for national security purposes — which the U.S. admits doing — from economic espionage intended to gain commercial advantage for private companies or industries, which the U.S. denies it does. Classified documents disclosed by former National Security Agency analyst Edward Snowden described aggressive U.S. efforts to eavesdrop on foreign communications that would be illegal in those countries.
“These five people were just doing their jobs. It’s just that we object to what their jobs are,” Rasch said. “We have tens of thousands of dedicated, hard-working Americans who are just doing their jobs, too.”
Unlike in some countries, there are no nationalized U.S. industries. American officials have flatly denied that the government spies on foreign companies and then hands over commercially valuable information to American companies.
In recent months, Washington has been increasingly critical of what it describes as provocative Chinese actions in pursuit of territorial claims in disputed seas in East Asia. Beijing complains that the Obama administration’s attempt to redirect its foreign policy toward Asia after a decade of war in the Middle East is emboldening China’s neighbors and causing tension.
“If we were trying to make things smoother in this region, this isn’t going to help,” said Richard Bejtlich, chief security strategist at FireEye, a network security company.
Despite the ominous-sounding allegations, at least one of the firms minimized the hacking.
“To our knowledge, no material information was compromised during this incident, which occurred several years ago,” said Monica Orbe, Alcoa’s director of corporate affairs. “Safeguarding our data is a top priority for Alcoa, and we continue to invest resources to protect our systems.”
Last September, President Barack Obama discussed cybersecurity issues on the sidelines of a summit in St. Petersburg, Russia, with Chinese President Xi Jinping.
“China not only does not support hacking but also opposes it,” Premier Li Keqiang said last year in a news conference when asked if China would stop hacking U.S. websites. “Let’s not point fingers at each other without evidence, but do more to safeguard cyber security.”
Associated Press reporters Matthew Pennington and Ted Bridis in Washington, Joe Mandak in Pittsburgh and Didi Tang in Beijing contributed to this story.