Five Chinese officials indicted for hacking Pittsburgh-area businesses
May 19, 2014 11:29 PM
Charles Dharapak/Associated Press
Attorney General Eric Holder announced that a U.S. grand jury has charged five Chinese hackers with economic espionage and trade secret theft, the first-of-its-kind criminal charges against Chinese military officials in an international cyber-espionage case.
By Rich Lord and Tracie Mauriello / Pittsburgh Post-Gazette
The indictment in U.S. District Court of five Chinese army officials for computer crimes, unsealed in Pittsburgh Monday, immediately raised tensions between the two countries and put a spotlight on their cyber cat-and-mouse game.
Not coming soon: A trial.
"China is very unlikely to turn over these individuals, because if they do, what is that going to do to the rest of their intelligence gathering apparatus?" said Arthur T. Dong, a Georgetown University business professor who specializes in the business and legal engagements between the two countries.
Hickton, Holder talk about Chinese cyberespionage ring
Charges related to a Chinese cyberespionage ring were announced today during a Washington, D.C., news conference held by U.S. Attorney General Eric Holder and David Hickton, the U.S. attorney in Western Pennsylvania. (5/19/2014)
Tech Talk: A closer look at cyberespionage case
On this edition of "Tech Talk," the PG's Ced Kurtz talks about the cyberespionage charges against the Chinese military and AT&T's proposed acquisition of DirecTV. (Video by Melissa Tkach; 5/19/2014)
Chinese army cyberspying, he predicted, "will stop for a while, but if they've been successful in the past, where they've been able to uncover useful information, I doubt very much it will stop" for long.
Targeted were Pittsburgh-area powerhouses U.S. Steel, Westinghouse Electric, Alcoa and Allegheny Technologies, along with the United Steelworkers International Union, according to the 38-page indictment, which had been under seal since May 1. Also hacked was SolarWorld, a German solar products manufacturing company, which has a production facility in Hillsboro, Ore., the grand jury alleged.
Indicted are Wang Dong -- known as "Ugly Gorilla," according to investigators -- Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui. All worked in a single building in Shanghai, China, according to federal officials, and were part of Unit 61398 of the People's Liberation Army.
They are charged with 31 criminal counts including conspiracy to commit computer fraud, illegal access to a protected computer, intentional damage to a protected computer, aggravated identity theft, economic espionage and theft of trade secrets.
The five used a method called spearphishing to get access to corporate computer networks, according to the indictment.
They manipulated remote computers in places like Kansas. Those computers transmitted messages to company officials, which masqueraded as emails from the officials' colleagues. The emails contained attachments with titles like "US Steel Industry Outlook."
A recipient who opened the attachments would unwittingly install malware -- malicious software -- that would give the defendants access to the company computer systems, "allowing the co-conspirators to bypass normal authentication procedures," according to the indictment. Among the thousands of emails stolen through the method, according to the indictment, were technology secrets, strategies for dealing with Chinese companies, tactics for anti-dumping complaints with the World Trade Organization and lobbying plans.
"This is a case alleging economic espionage by members of the Chinese military," Attorney General Eric Holder said. "They stole sensitive internal communications that would provide a competitor" with insights on U.S. technology and strategy, "for no other reason than to advantage state-owned companies and other interests in China."
Not so, countered the Chinese Foreign Ministry, which accused the Justice Department of fabricating evidence, asked for the indictments to be withdrawn, and suspended activities of a China-U.S. Cyber Working Group, which formed last year to find common ground amidst mutual accusations of cyber breaches.
"The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets. The U.S. accusation against Chinese personnel is purely ungrounded and absurd," Foreign Ministry spokesman Qin Gang said in a statement.
"U.S. institutions have long been involved in large-scale and organized cyber theft as well as wiretapping and surveillance activities against foreign political leaders, companies and individuals. China is a victim of severe U.S. cyber theft, wiretapping and surveillance activities," he said.
"We do not collect intelligence to provide competitive advantage" to U.S. companies, Mr. Holder said, adding that the "groundbreaking step" of indicting the five officials will be the first of many such actions.
York College of Pennsylvania political scientist Xiaofei Li, who specializes in China-U.S. relations, said Chinese cyber warriors are more reckless and careless than counterparts in other countries because they know their government will protect them.
"They're not disciplined. They're very bold," she said. "They can be identified easily and they don't care."
No extradition treaty
Charges that the Chinese targeted the metals industry spurred what U.S. Sen. Bob Casey called "a real sense of outrage."
"They're cheating all the time on various parts of our economy," he said, at an event at Station Square. "We have to make sure we use every possible resource and bring the full weight of justice down on their heads."
U.S. Rep. Tim Murphy, R-Upper St. Clair, told a crowd of more than 500 at a Munhall rally protesting unfair imports that any Chinese products made as a result of the theft should not be allowed into the country.
Legally, the indictment can't proceed without the presence of the defendants in Pittsburgh, where they could plead. But none of the five has ever been to the U.S., according to Department of Justice officials, and there is no extradition treaty between the two nations.
"I'm not going to handicap the question of when or how we will get them to justice in Pittsburgh," Mr. Hickton said. "I remain optimistic that China will respect our criminal justice system and we will use every means on our side to try to bring them to justice and provide due process and try them in a federal court in Pittsburgh."
Mr. Dong noted that Chinese General Secretary Xi Jinping has been pushing the U.S. to send back alleged corrupt Chinese officials who are living in this country, with little success.
Mr. Dong said that a trade -- corrupt officials for cyber thieves -- is possible. More likely though is increased tension.
"What the U.S. wishes to achieve is to put China on notice that they are aware of some of the things that are going on, that they can specifically identify where these hacks are coming from and who are the perpetrators of these hacks," he said.
Steve Orlins, president of the National Committee on U.S.-China Relations, said the indictments are symbolic and could be a sign that the White House is frustrated by the failure of diplomatic efforts to curb cyberespionage.
It's clear that the Chinese government will not react well, said Mr. Orlins and other experts on U.S.-China relations.
China takes its sovereignty every seriously and tends to react strongly to foreign criticism, they said.
Mr. Orlins hopes any reaction is tempered by the need to sustain international cooperation on climate change, environmental issues, Iran, North Korea and more.
The indictment portrays a successful hacking campaign, starting in 2006 and continuing through last month, that gave China at-will access to the strategies of companies with which its state-owned enterprises were competing.
In 2007, Westinghouse signed contracts with a Chinese government-owned company for the construction and operation of four nuclear reactors, according to the indictment. Unit 61398 then stole specifications that would allow the Chinese to build similar plants without any of the research costs incurred by Westinghouse, prosecutors allege.
"In total, between in or about 2010 and in or about 2012, members of the conspiracy stole at least 1.4 gigabytes of data, the equivalent of roughly 700,000 pages of email messages and attachments, from Westinghouse's computers," the indictment said.
In 2010, the defendants accessed U.S. Steel's computers while the Downtown-based steelmaker was engaged in anti-dumping litigation involving seamless steel pipes that Chinese firms were selling to the U.S. at unfair prices, investigators alleged.
Similarly, in 2012, the defendants obtained the passwords of 7,000 Allegheny Technologies employees while that firm was involved in a trade dispute focused on its sales to China, according to the indictment.
In 2012, after the United Steelworkers issued a "call to action" against Chinese industrial policies, Mr. Wen "stole email messages containing strategic discussions" among union leaders, according to the indictment.
Also that year, Mr. Wen stole emails that would enable Chinese solar manufacturers to "undermine SolarWorld financially through targeted and sustained underpricing" of products, the grand jury charged.
The targeted companies all declined comment.
"All of our Fortune 500 companies have been attacked," said Karen Paullet, assistant professor of information systems at Robert Morris University, who on Monday happened to be leading a group of 20 students in a visit to the Chinese embassy in Washington. "The U.S. has been aware of the problem. It has just been a matter of evidence."
She said that the students asked about the indictment during a presentation at the embassy, and the Chinese diplomat "definitely insinuated that we attacked first."
Rich Lord: firstname.lastname@example.org, 412-263-1542 or on Twitter @richelord. Washington Bureau Chief Tracie Mauriello: email@example.com, 703-996-9292 or on Twitter @pgPoliTweets. Len Boselovic contributed. First Published May 19, 2014 9:00 AM
To report inappropriate comments, abuse and/or repeat offenders, please send an email to
firstname.lastname@example.org and include a link to the article and a copy of the comment. Your report will be reviewed in a timely manner.