The Justice Department has indicted five members of the Chinese military on charges of hacking into computers and stealing valuable trade secrets from leading steel, nuclear plant and solar power firms, marking the first time that the United States has leveled such criminal charges against a foreign country.
The landmark case paves the way for more indictments and demonstrates that the United States is serious about holding foreign governments accountable for crimes committed in cyberspace, officials said at a news conference Monday.
The Obama administration “will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market,” Attorney General Eric H. Holder Jr. said.
The decision to confront China grew out of a White House strategy formulated two years ago to impose increasing costs on Beijing if it didn’t respond to requests to stop its widespread hacking for commercial advantage. The indictment is intended to address what President Obama and senior intelligence officials have called one of the top threats to national and economic security, with an estimated annual cost to the U.S. economy that ranges from the tens of billions of dollars to more than $100 billion.
The criminal charges provoked a response from Beijing, which said Monday that it was suspending high-level cyber talks with the United States that began in June.
China has summoned the U.S. ambassador over the hacking charges. According to an online notice posted Tuesday by state-run Xinhua on Weibo, Assistant Foreign Minister Zheng Zeguang summoned Abassador Max Baucus to complain that U.S. authorities published their indictment ignoring the strong protests by Chinese authorities.
“Given the lack of sincerity by the United States for cooperation to solve cyber security problems through dialogue, China has decided to suspend the activities of the Sino-U.S. Cyber Working Group,” Foreign Ministry Spokesman Qin Gang said in a statement.
The charges are “purely ungrounded and absurd,” Qin said. He added that the United States had “fabricated facts” in the indictment, which he said “seriously violates basic norms of international relations and damages Sino-U.S. cooperation and mutual trust.”
The leaks from former National Security Agency contractor Edward Snowden already had complicated the talks. Beijing has pointed to disclosures by Snowden of vast NSA surveillance activities — including spying on Chinese companies — to assert that the United States is the greater aggressor in the area.
State Department spokeswoman Jen Psaki said, “We regret China’s decisions.” But she added that she does not think the development will affect strategic and economic dialogue meetings with China, scheduled for early July.
The indictment, which was filed May 1, charges five officials in the People’s Liberation Army (PLA) — hackers with handles such as UglyGorilla and KandyGoo — with computer fraud, conspiracy to commit computer fraud, damaging a computer, aggravated identity theft and economic espionage.
China has no extradition treaty with the United States and none of the suspects is likely to see aa U.S. courtroom. Nonetheless, Holder said he hopes Beijing will “respect our criminal justice system and let justice take its course.”
The indictment is the result of years of work, officials said, in which investigators followed a complex trail of computer bits to one building in one Chinese city.
That nondescript 12-story building under military guard in the Pudong New Area of Shanghai is home to Unit 61398 — part of the PLA and identified by researchers as one of the most prolific hacking crews targeting Western companies’ trade secrets and intellectual property.
The 56-page indictment describes the hacking of five companies and a trade union. All but one are located in the Western District of Pennsylvania, where the charges were brought.
The companies — which include U.S. Steel, the country’s largest steelmaker, and Alcoa, the largest aluminum manufacturer — agreed to come forward, bucking what for years had been a reluctance by many firms to acknowledge that they had been hacked for fear of shareholder lawsuits and damage to reputation.
“There has come a point at which enough is enough,” said David Hickton, U.S. attorney for the Western District of Pennsylvania. “The companies are tired of being raided.”
The other companies are Westinghouse Electric, which builds nuclear power plants; Allegheny Technologies, a metals manufacturer; and SolarWorld, which makes solar products in Hillsboro, Ore. Also hit was the United Steelworkers union, which opposes Chinese trade practices.
The indictment alleges that the hackers stole trade secrets that would have been particularly beneficial to Chinese companies.
PLA member Wen Xinyu — also known as “WinXYHappy” — hacked SolarWorld’s computers and stole thousands of files containing cost and pricing information, prosecutors allege. Hackers took detailed production information that could help a competitor shorten its research and development timeline.
The American company rapidly lost market share to Chinese competitors that were accused of systematically pricing exports well below production costs.
After a complaint from SolarWorld, the Commerce Department and the U.S. International Trade Commission found that China had “dumped” solar products in the U.S. market.
In another case, defendant Wang Dong — or UglyGorilla — gained access to a U.S. Steel computer, which allowed him to steal descriptions for more than 1,700 other company computers and worm his way into vulnerable machines, according to the indictment. He gained access after fellow PLA hacker Sun Kailiang, also known as Jack Sun, sent spear-phishing e-mails to employees, including one purporting to be from the firm’s chief executive. The
e-mails contained malware that, when clicked on, surreptitiously loaded onto employees’ computers and allowed back-door access.
John Carlin, the assistant attorney general for national security, said the Chinese have long challenged U.S. officials to provide hard evidence of their data theft that could stand up in court. “Well today, we are,” he said. “For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses.”
Although the indictment does not name the state-owned enterprises that may have benefited from the espionage, according to open-source literature, they are State Nuclear Power Technology, the Baosteel Group and the Aluminum Corporation of China, which is commonly known as Chinalco.
James Lewis, a cyber policy expert with the Center for Strategic and International Studies, said China’s withdrawal from the talks was “childish” and a mistake. “If you want to get the United States to do something different, you don’t say, ‘I’m not going to talk to you,’ ” he said.
Lewis said he thinks that China will find ways to retaliate but that it cannot go too far. “Their economy is weaker than ours now,” he said. “Now is not the time for the Chinese to go full-bore in retaliation.”
Dmitri Alperovitch, co-founder of the CrowdStrike cybersecurity firm, said the indictments will send a signal to U.S. companies that have thought that the government could not do anything to hold state-sponsored hackers accountable. “Now they can look at these indictments and say, ‘Hey, if I want these people to be punished, the U.S. government is willing to step up and do it,’ ” he said. “That’s a very important message.”
Wan reported from Beijing. William Branigin and Karen DeYoung in Washington contributed to this report.