Chinese hackers targeted business partners as well as rivals, indictment alleges

Attorney General Eric Holder formally announced the U.S. plan to bring charges against members of the Chinese People's Liberation Army for hacking into the computers of six organizations in western Pennsylvania. (AP)

In early February, Alcoa announced a “strategic partnership” with the Chinese state-owned aluminum company, Chinalco, in which the two would team up to buy $14 billion worth of shares in mining giant Rio Tinto.

The purchase was designed to block a takeover of Rio Tinto by BHP, another mining firm, a merger that would have created a daunting competitor for the Chinese and American companies. To buy the shares, Alcoa and Chinalco formed a joint venture called Shining Prospect, and analysts said the outlook for further cooperation looked bright.

But about three weeks later, a Chinese military officer, Sun Kailiang, allegedly launched a spear-phishing campaign that targeted 10 senior Alcoa employees by using a fake e-mail account impersonating a member of Alcoa’s board of directors. Once opened, the e-mail installed malware on the employees’ computers. And around June, at least 2,907 Alcoa e-mail messages and attachments, including messages among senior executives discussing the partnership, were stolen.

The intrigue surrounding the Alcoa and Chinalco strategic partnership was revealed as part of the Justice Department’s indictment of five members of the Chinese military on charges of hacking computers and stealing valuable trade secrets from firms involved in making aluminum, steel, solar panels and nuclear power plants.

But to most American companies, such spying comes as no revelation. High-level executives at U.S. firms frequently complain that they are targeted whether they are bickering with their Chinese counterparts or, at least on the surface, acting in concert.

The Washington Post’s Ellen Nakashima breaks down the significance of the Justice Department’s decision to charge Chinese military members with cyber-espionage against American companies. (Jackie Kucinich/The Washington Post)

“The Chinese want to know everything,” said Henry Sokolski, a nuclear expert and executive director of the Nonproliferation Policy Education Center. “What they can’t buy, they steal,” he said, noting that other countries have done similar things.

Kenneth Lieberthal, a senior fellow at the Brookings Institution, said that “the U.S. has been vigorous and vehement about drawing a clear distinction between espionage, cyber-intrusions for purposes of national security and for commercial advantage.”

“I think that’s a distinction that the Chinese don’t make . . . because to them the competitive health of their firms, especially the big state-owned enterprises, is part of their national security,” he said.

The indictment singled out a unit of the People’s Liberation Army that was, in at least one case, hired by Chinese firms to engage in industrial espionage.

Another case involved Allegheny Technologies Inc. (ATI), which has owned 60 percent of a profitable joint venture with Baosteel, one of the biggest steel companies in the world, since 1995.

The venture takes thick coil and churns out very light-gauge steel, as thin as 38mm, for use in automobiles or cellphones.

But in June 2009, ATI joined a trade dispute over a different product, a flat-rolled electrical steel used in power transformers. The day after the directors of the joint venture met in June 2012, Wen Xinyu, another member of the army, stole the user names and passwords of at least 7,000 ATI employees and later used them to steal information, the Justice Department said.

SolarWorld, the U.S. unit of a German firm, has been waging battle against Chinese solar manufacturers over the alleged dumping of panels at below fair value. As part of the complaint process, SolarWorld made confidential filings to be seen only by Commerce Department officials and lawyers. But the indictment said Wen hacked and stole data and files from three senior SolarWorld executives, obtaining information about the company’s cash flow, ability to survive a market shock, manufacturing metrics and proprietary cost figures.

SolarWorld won hefty tariffs in an anti-dumping case against Chinese manufacturers in 2012 and is trying to close a loophole this year. The International Trade Commission is expected to make a preliminary anti-subsidy determination on June 2.

Westinghouse Electric, a unit of Toshiba, makes nuclear power plants, and it, too, has long contended with technology theft. A consultant in Beijing, who spoke on the condition of anonymity to protect business relationships, said that in the nuclear power sector, companies “create their own competition.” He advises firms: “If you don’t have a black box, don’t come to China.”

Westinghouse, lured by the prospect of selling nuclear plants in one of the few countries still building them, sold four reactors in China in 2007. In late 2010, while building the plants, Westinghouse negotiated with the State Nuclear Power Technology Corp. to share technology and jointly seek more contracts in China and around the world.

The state corporation said it would create a reactor called CAP1400, using technology similar to the Westinghouse AP1000. In May 2013, the two signed an agreement to develop and deploy small modular reactors based on Westinghouse designs.

Throughout the lengthy negotiations between the firms, the Chinese army unit was tapping into the Westinghouse e-mail system, the indictment says. It stole e-mail from the company’s chief executive, the Justice Department alleges, eventually pilfering the equivalent of 700,000 pages of messages and attachments.

Steven Mufson covers energy and other financial news.
Comments
Show Comments
Most Read Business