U.S. Charges Chinese Military Hackers with Cyber Espionage


This Monday, the United States Department of Justice made formal cyber espionage charges against 5 members of the Chinese People’s Liberation Army. This is the very first time the United States has taken such action against any state-sponsored actors for cyber crime.

The Facts

Monday’s indictment from the U.S. DOJ brings a whopping 31 charges against each one of the alleged 5 offenders. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui of Unit 61398 of the Third Department of the Chinese PLA have all been accused of committing:

  1. conspiracy to commit computer fraud
  2. unauthorized access of a protected computer for commercial advantage/financial gain
  3. transmission of malware
  4. aggravated identity theft
  5. economic espionage
  6. trade secret theft

These crimes are alleged to have occurred between 2006-2014, and according to the official DOJ press release and executive statement, victims include corporations involved in the nuclear power, metals and solar products industries, such as Alcoa Incorporated, Westinghouse Electric Company, and the United Steelworkers Union (USW).

An initial report from Ars Technica also sheds light on some specifics:

  • 1,700 US Steel servers – hacked
  • nuclear power piping systems of Westinghouse nuclear power plants – hacked
  • email accounts of members of the USW steelworkers’ trade union – hacked
  • email accounts of Alcoa executives – hacked, with some 3,000 messages and 800 attachments stolen

All of these attacks allegedly occurred during time sensitive periods, when victim U.S. companies were engaged in business with Chinese clients – times when it would have been most opportune for Chinese competitors to obtain information and gain a commercial advantage.

The Reasoning

State-sponsored cyber-spying is nothing new; however, this is the very first time the U.S. government has sought to enforce its Computer Fraud and Abuse Act and its Economic Espionage act against foreign offenders. Officials have emphasized that the economic element of the alleged crimes is the main reason the charges have been brought forward.

“Success in the global market place should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets.  This Administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market.”

    -U.S. Attorney General Eric Holder

Many writers, critics, and legals experts have noted how this distinction is extremely important, especially in the wake of Edward Snowden’s revelations on the NSA – particularly because those revelations point to U.S. sponsored cyber espionage campaigns to monitor both its citizens and other governments, including China. During a news conference, U.S. Attorney General Eric Holder went on to state that China’s actions are entirely different, because they are economically motivated and because they negatively affect the economic health of US citizens who work for the victimized companies. Adds David Hickton, U.S. Attorney for the Western District of Pennsylvania:

“Cybertheft impacts real people in real and painful ways. When these cyberintrusions occur, production slows, workers get laid off and lose their homes. This 21st century burglary has to stop.”

-David Hickton, U.S. Attorney for the Western District of Pennsylvania

The Impact

Monday’s accusation is both an unprecedented legal and cyber security event. The impact the charges will have on both fields is therefore impossible to predict. Many observers have already pointed out that the DOJ’s indictment is largely a political chess move; whether the Chinese government will choose to honor it and hand over the 5 accused will undoubtedly affect U.S.-China relations moving forward.

Regardless, Monday’s events reflect the ever-increasing importance of Internet Security in a ubiquitously connected world. Malware campaigns enacted to collect competitor credentials and, in turn, competitor trade secrets have simply become part of doing business for some companies. In free market economies, like the United States, governments have reacted to this trend with legislation; however, no law – real-world-based or cyber – can ever boast a 100% prevention rate.

Perhaps, then, computer security expert and former Justice Department lawyer, Marc Zwillinger, has put it best:

“The only computers these days that are safe from Chinese government hackers are computers that are turned off, unplugged, and thrown in the back seat of your car.”

-Marc Zwillinger, former Justice Department lawyer

In reality, the same can be said about malware coming from any attacker, anywhere in the world. Any business’s information can be a powerful tool to that business’s competitor, and today protecting such information should be a top priority for any business that wants to remain viable. Accordingly, Zwillinger has probably never heard of Emsisoft Anti-Malware for Business ;)

Have a Great ((State-Sponsored) Malware-Free) Day!