Tensions between China and the United States over spying go back a long way.
But, in a first, the US has laid out criminal charges of spying against members of the Chinese military – which could ratchet up the tension to a new level.
The US Department of Justice (DOJ) announced on Monday, 19 May, that it has indicted five Chinese army officers on 31 counts of hacking the networks of US companies and the theft of trade secrets.
It’s not likely, however, that the accused hackers will ever be prosecuted, since China would need to extradite its own military officers to the US to face trial.
Nevertheless, the indictments send a clear message that the US won’t tolerate Chinese cyber espionage aimed at its economic interests.
The backlash from China has already begun – shortly after the DOJ’s announcement, a Chinese official denounced the allegations as unfounded and said China was withdrawing from the China-US Cyber Working Group.
According to the DOJ, the accused Chinese military hackers used access to the companies’ computers to steal information that would benefit Chinese competitors, including state-owned enterprises (SOE).
The US companies victimized by the alleged hacker attacks are Westinghouse, SolarWorld, Alcoa, US Steel, the United Steel Workers Union, and ATI.
Among the allegations are claims that the military officers targeted high-level executives with spearphishing emails to access their accounts.
In one case, the Chinese officers allegedly used emails to implant malware on a target’s computer at US Steel, in order to access information about the company that could benefit Chinese state-owned steel companies in trade disputes.
Another of the hacked companies, aluminum manufacturer Alcoa, was targeted in 2008 after Alcoa sought to enter an agreement with a Chinese SOE.
In that case, according to the DOJ, one of the indicted Chinese officers used spearphishing emails to gain access to Alcoa email accounts, after which “thousands of email messages and attachments” related to the transaction were stolen.
Alcoa has denied, however, that any “material information” was compromised, according to the Associated Press.
US Attorney General Eric Holder said the charges are the first ever against a state actor over hacking, although it’s not the first allegation of economic espionage by the Chinese military.
Perhaps in anticipation of criticism by the Chinese that the US also engages in spying, Holder said the US does not collect intelligence for the purpose of benefiting US companies or industries.
The investigation into the alleged hacking was conducted by the FBI, which has been ramping up its efforts to combat cyber crime.
FBI Director James Comey said in a prepared statement that there are many more cases involving Chinese spying on US companies.
For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries.
The indictment announced today is an important step. But there are many more victims, and there is much more to be done. With our unique criminal and national security authorities, we will continue to use all legal tools at our disposal to counter cyber espionage from all sources.
China’s history of hacking
China’s history of cyber espionage is long, and not limited to attacks on US companies.
In February 2013, EADS, the European Aeronautic Defense and Space company, and German steelmaker ThyssenKrupp, claimed that their networks had been hacked by Chinese spies.
Those claims came around the same time as a report from the New York Times that it had been targeted by Chinese hackers over a period of four months.
Chinese hackers targeted the newspaper as it prepared to publish an investigation into the family of then-Chinese prime minister Wen Jiabao.
According to NBC News, former Justice Department lawyer Marc Zwillinger noted that China’s cyber espionage capabilities are formidable.
“The only computers these days that are safe from Chinese government hackers are computers that are turned off, unplugged, and thrown in the back seat of your car,” Zwillinger said.