China Hacking Indictments Day 2: Now For The Blowback

The big news yesterday was about the U.S. Justice Department announcing the first-ever criminal charges against a foreign country for cyberspying. The news today may well be about China (and other countries) taking retaliatory actions, including similar legal steps against individuals in this country, working on behalf of the NSA, CIA or other government agencies.

Eric Holder, John Carlin, David Hickton, Robert Anderson
Attorney General Eric Holder announced charges against five Chinese nationals on Monday. (Photo courtesy of AP.)

The Justice Department on Monday announced that a grand jury in the Western District of Pennsylvania indicted five Chinese citizens (PDF) for charges that include computer hacking and economic espionage directed at six American companies in the nuclear power, metals and solar products industries.

The indictment alleges that the five defendants conspired to hack into American companies on behalf of competitors in China, including state-owned enterprises.  The stolen information included intellectual property that would allow the Chinese firms to better compete with their American competitors. The hackers also stole confidential information regarding business negotiations and other deals that would aid the Chinese firms in litigation, business negotiations or competitive bidding situations.

The hacked firms include manufacturing giants Westinghouse and Alcoa, solar power firm SolarWorld and U.S. Steel, among others.

As Wired’s Andy Greenberg reported yesterday, the U.S.’s decision to prosecute five Chinese nationals for cyber espionage against U.S. corporations may well be used as a pretext to launch similar cases against U.S. citizens in foreign courts.

China’s Ministry of Foreign Affairs issued a statement yesterday that was critical of the Justice Department’s indictments. Justice’s case against the five  men “seriously violated basic norms of international relations, damage Sino-US cooperation and mutual trust,” said Foreign Ministry Spokesman Qin Gang in a published statement. China urged the U.S. to drop the charges against the men.

The country also suspended its work in the Sino-US Network Working Group, which was designed to foster cooperation between the two countries on issues related to cyber crime, cyber espionage and online activities.

Tensions have been high between the U.S. and China for years. The U.S. has alleged that the Chinese military is behind a years-long campaign of cyber attacks against U.S. government agencies and private sector firms, many apparently designed to further the development of Chinese firms and state-owned enterprises.

A 2012 report from the security firm Mandiant (now part of FireEye) made direct connections between attacks on U.S. firms and the Chinese government and, particularly, the People’s Liberation Army (PLA).

Specifically: Mandiant was able to parse the findings of around 150 intrusions it has analyzed that are attributable to a group it dubbed “APT 1” and determine that the group was synonymous with a “Network Operations” unit of the PLA known as “Unit 61398,″ which operates out of  a 130,000 square foot, 12 storie office building on Datong Road in Gaoqiaozhen in the Pudong New Area of Shanghai.

Mandiant was able to map APT1′s attack infrastructure of over 1,000 servers and estimate the number of human beings (linguists, open source researchers, malware authors and others) who support it. The company said that Unit 61398 may number in the hundreds or thousands of individuals.

Equally damning, however, were revelations stemming from former NSA contractor Edward Snowden’s leak of classified information on cyber espionage conducted by the U.S. government. Those documents revealed extensive operations to compromise both hardware and software used by foreign governments and even private sector firms. That included hacking tools used to compromise products by U.S. and foreign firms. More recently, a book by Glen Greenwald revealed that the NSA’s Tailored Access Operations (TAO) group intercepted shipments of networking hardware from vendors like Cisco Systems en route to target firms. NSA operatives planted monitoring software on the devices before sending them on to the customer.

Policy makers have noted that the Snowden leaks undermine the U.S.’s standing as a victim of cyber espionage – showing that the U.S. gives at least as good as it gets.

In its statement, the Chinese Foreign Ministry alluded to those disclosures in hitting back against the U.S.,  saying it was the victim not the perpetrator of illegal cyber espionage.  

“For a long time, the U.S. departments of foreign dignitaries, corporate, personal conduct large-scale, organized theft and network monitoring, control activities…According to a lot of information publicly disclosed, the relevant U.S. agencies have been on the Chinese government departments, agencies, businesses, universities, individuals and network intrusion monitoring, surveillance.”

Comments are closed.