The US Department of Justice has named five members of the Chinese People's Liberation Army that, it claims, carried out an eight-year hacking campaign against some American companies to steal commercially sensitive information.
"These represent the first ever charges against known state actors for infiltrating U.S. commercial targets by cyber means," Attorney General Eric Holder told a press conference in Washington DC on Monday.
"The alleged hacking appears to have been conducted for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States. This is a tactic that the US government categorically denounces."
The Department of Justice named five individuals it claims are officers in Unit 61398 of the Third Department of the PLA. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, are accused of hacking into commercial systems from 2006 to the present day.
Unit 61398 was named in February 2013 by security firm Mandiant as one of the PLA's hacking teams. Mandiant was hired by The New York Times to investigate a hacking attack against its servers and the security firm claimed this was one of 20 hacking units run by the Chinese.
"Today's news is no surprise," a Mandiant spokeswoman told The Register. "It backs up what we've been saying all along.
The DoJ indictments, which were submitted to a grand jury in the Western District of Pennsylvania, claim five US companies were targeted for hacking – Westinghouse, US subsidiaries of SolarWorld AG, United States Steel, Allegheny Technologies, and Alcoa – in addition to the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW).
"This 21st century burglary has to stop," said David Hickton, U.S. Attorney for the Western District of Pennsylvania. "This prosecution vindicates hard working men and women in Western Pennsylvania and around the world who play by the rules and deserve a fair shot and a level playing field."
The indictments cite specific hacking cases that the DoJ claims to have evidence of, including a 2010 hacking attack on Westinghouse when the US firm was pitching to build four AP1000 power plants in the Middle Kingdom. It is claimed the hackers stole inter-management emails and proprietary data on the plant's pipes, pipe supports, and pipe routing.
The indictment claims that similar hacking attacks were carried out in 2012 on photovoltaic cell manufacturer SolarWorld and that the accused stole cash flow data, manufacturing metrics, production line information, costs, and correspondence with lawyers that could have been used to undercut the company in open markets.
"In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court," said Assistant Attorney General for National Security John Carlin.
"Well today, we are. For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses."
The US authorizes have been complaining about state-sponsored hacking for years now, and it was going to be top of the agenda last year for President Obama's meeting with the Chinese premier.
But shortly before the meeting, Edward Snowden started leaking details of how the NSA had been harvesting data on a massive scale from US companies, both with and without their knowledge. The US has remained quiet about state-sponsored hacking since then, but it appears the issue is now back on the agenda.
"This case should serve as a wake-up call to the seriousness of the ongoing cyberthreat. These criminal charges represent a groundbreaking step forward in addressing that threat," Holder said. "The indictment makes clear that state actors who engage in economic espionage, even over the Internet from faraway offices in Shanghai, will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law."
In a statement, the Chinese authorities indicated that Holder's ambitions will be thwarted. The statement decries the "fabricated facts" in the indictment and said the US move was "a serious violation of the basic norms of international relations."
The statement points out that the US has long been attacking and penetrating Chinese networks "according to information publicly disclosed." As a result of Monday's DoJ claims, the Chinese said they are suspending the activities of the Sino-US Network Working Group that was set up to improve online security and cooperation. ®