Five Chinese military officers were indicted Monday by a federal grand jury in the Western District of Pennsylvania on charges of computer hacking and economic espionage, among other crimes. The hackers were allegedly targeting six entities in the U.S. nuclear power, metals and solar products industries.
According to the indictment, the defendants conspired to hack into American entities so they could gain and maintain illegal access to their computers and to steal information that would be useful to their competitors in China, including state-owned enterprises.
The indictment also alleges that the hackers, using Chinese military and intelligence resources, downloaded massive amounts of industrial information, including strategic plans, from U.S. businesses. The six U.S. entities were Westinghouse Electric, U.S. Steel, SolarWorld, the United Steel Workers Union, Allegheny Technologies and Alcoa.
First Time for Everything
U.S. Attorney General Eric Holder said the case represents the first-ever charges against a state actor for this type of hacking. He called the range of trade secrets and other sensitive business information stolen in this case "significant" and said it demands an aggressive response.
"Success in the global market place should be based solely on a company's ability to innovate and compete, not on a sponsor government's ability to spy and steal business secrets," Holder said. "This administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market."
Mike Davis, CTO of CounterTack, a real-time endpoint security firm, told us there's a growing legion of criminal enterprises like the Chinese People's Liberation Army that are looking to try anything to get data as part of large-scale cyber-espionage efforts.
"It's just part of the game now, but these enterprises are well funded, and they are persistent. It's interesting that this news surfaced today," Davis said. "There is a substantial long-term play in terms of how the U.S. will prosecute these types of criminals, striking a delicate balance between using a heavy hand now to send a message -- depending on what the charges and sentence is -- but also to say that the U.S. isn't showing any type of weakness in its cyber-security approach."
An Important Move
Tom Cross, director of security research at network security firm Lancope, said this was an important move by the U.S. Department of Justice toward establishing a set of international norms regarding cyber-espionage. (continued...)