U.S. authorities charged five Chinese military personnel with hacking American businesses’ computers to steal trade secrets and gain a competitive advantage — the first time in U.S. history that criminal charges have been filed against another country for cyber-espionage.
“When a foreign nation uses military or intelligence resources and tools against an American executive or corporation to obtain trade secrets or sensitive information for the benefit of its state-owned companies we must say: Enough is enough,” Attorney General Eric Holder said in a press conference Monday. “This administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market.”
U.S. law enforcement officials said the hacking caused U.S. job losses, the closing of a Texas industrial plant, and the theft of design information for a nuclear power plant and cost-and-pricing from a solar panel firm.
Mr. Holder said the Chinese computer intrusions should serve as a “wake-up call” for the sriousness of cyberthreats and how the U.S. plans to deal with them. He added that the U.S. government doesn’t collect intelligence to help American companies – unlike what the Chinese had done.
He said he hopes China will cooperate with the indictment and allow the five accused to stand trial in the U.S., although the prospect of that is slim since Washington has no extradition agreement with Beijing.
U.S. authorities released photos of the suspects, including one man in military uniform, perhaps in an effort to shame them.
Monday’s announcement was long-planned, dating back at least a year as the Obama administration was searching for more punitive measures against Chinese hackers. The most serious charge of economic espionage includes a maximum 15-year prison sentence.
The gesture is largely symbolic and draws a much needed line in the sand by Washington to foreign entities trying to steal commercial secrets, said Shawn Henry, former executive assistant director of the FBI’s Criminal, Cyber, Response and Services Branch, where he oversaw all of the bureau’s criminal and cyber programs and investigations worldwide.
“It’s a good first step,” said Mr. Henry, who is now president of CrowdStrike Services, a cybersecurity detection and prevention firm.
He has long advocated that the U.S. government secure the protection, safety and security of its citizens by defending cyberspace with the same diplomatic, military and legal measures it employs when borders are crossed in the physical world.
“The U.S. government can have some pretty candid conversations with heads of state and other governments about what’s acceptable and what’s not acceptable and what the redlines are,” Mr. Henry said. “If you launch a cyberattack into our space, this is what the results are going to be.”
Officials said the Chinese aimed to steal secrets from six entities in the steel and energy industries: U.S. Steel; Alcoa; Allegheny Technologies Inc., a specialty steelmaker; Westinghouse; the U.S. Steelworkers’ Union; and SolarWorld AG, solar panel manufacturer. These businesses were targeted in a scheme that began in 2006.
The indictment accuses Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui of conspiracy to commit computer fraud and abuse. The indictment was handed up by a grand jury in Pittsburgh, a city close to many of the U.S. firms targeted.
In November, FBI Director James B. Comey testified before Congress that the risk of cyberattacks is likely to exceed the danger posed by al Qaeda and other terrorist networks as the top threat to national security and will become the main focus of law enforcement and intelligence services.