china-hackers-cyber-espionage

Five Chinese government military hackers have been accused of infiltrating American companies and stealing trade secrets to undermine the free market. Earlier this week, Attorney General Eric Holder unveiled economic espionage and identity theft charges, among others.  These charges mark the first time the U.S. has formally charged military officials for acting at the behest of a foreign government in cyber crimes.

“The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response,” Attorney General Eric Holder said in announcing the charges, which were brought by a federal grand jury in Pennsylvania.

The companies that were targeted were:

  • Alcoa World Alumina (the world’s third-largest aluminum maker)
  • Westinghouse Electric Co. (a world leader in nuclear power development)
  • Allegheny Technologies (one of the largest and most diversified specialty materials and components producers in the world)
  • U.S. Steel Corp. (America’s oldest and biggest steel manufacturer)
  • United Steelworkers Union (one of the most iconic and recognizable labor unions)
  • SolarWorld (a leading solar technology company)

“In some cases, they stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen,” Holder said, “In others, they stole sensitive, internal communications that would provide a competitor, or adversary in litigation, with insight into the strategy and vulnerabilities of the American entity. In sum, the alleged hacking appears to have been conducted for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States.”

It is believed that economic espionage has originated out of China for at least a decade targeting everyone from retail stores to defense contractors. Both private and public sector entities, including the People’s Liberation Army (China’s military), have been behind the attacks. Cybercrime originating from China has been described as the largest theft in human history.

“This is a tactic that the U.S. government categorically denounces,” Holder said. “As President Obama has said on numerous occasions, we do not collect intelligence to provide a competitive advantage to U.S. companies, or U.S. commercial sectors.”

China’s foreign ministry responded to the charges calling them “made up” and saying that charging military officers will “damage Sino-American cooperation and mutual trust. China is a staunch defender of network security and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets.”

The announced charges come just as the Justice Department has unveiled plans to crackdown on private hackers using the “Blackshades” program to perform malware attacks on more than a dozen countries including North America, Asia, and Australia. Busts coordinated by the FBI with local law enforcement around the world have arrested dozens of suspects.

If the allegations are true against China, as Time points out, the “Chinese government has aimed at the very heart of American enterprise.”

So what exactly are the trade secrets allegedly stolen?

1. Solar Power Technology – The Justice Department alleges that the hackers stole solar panel innovations from Germany-based SolarWorld to enable Chinese solar panel makers to accelerate their research and development. This would enable their scientists to skip years of hard work and simply copy what American and German scientists have been studying. Wen Xinyu is charged with stealing thousands of emails and files from their senior SolarWorld executives in 2012. The information may also have allowed the Chinese to anticipate regulations as well.

“There were thousands of emails exfiltrated, many with sensitive data that would pose to serve all kinds of unfair advantages,” says Ben Santarris, director of strategic affairs at Solarworld.

2. Nuclear Power Plant Technology – The Justice Department has alleged that the Chinese have stolen nuclear technology from Westinghouse Electric Company, a Pennsylvania-based company that was in contract negotiations with a Chinese government-owned counterpart. The alleged hacker is Sun Kailing, who gained access to the computers and stolen design specifications for pipes, pipe supports, and pipe routing. This would enable Chinese competitors to build world-class nuclear facilities without doing any research and development themselves.

3. Inside Information on U.S. Business Strategy – The hacking at Westinghouse allegedly began in 2010 and continued through 2011. Some stolen emails also included business strategies. This strategy, according to experts, has been used before during Chinese negotiations with companies in other countries. Knowing the strategy of the person across the table gives an unfair advantage during the process.

“If you had the ability to walk around the table to see what your competitor was going to bid and look at their notes and then go back and outbid them, that’s basically what they’ve done in the virtual world,” says George Kurtz, the CEO of CrowdStrike, a private security firm that tracks Chinese government-backed hackers.

4. Data Enabling the Chinese to Outwit Regulators – U.S. companies, particularly manufacturers, have faced Chinese product “dumps” in the U.S. market or unfairly imported at below-market price. U.S. Steel has filed several trade suits against the Chinese in order to impose tariffs and other market protection measures. In 2010, U.S. Steel was participating in two international trade disputes with China over unfair steel imports when Sun Kailing allegedly sent a phishing email that installed malware on U.S. Steel employees’ computers. He could have gained access to litigation plans. The United Steelworkers, a major labor union, also saw their computers hacked and emails stolen, which included sensitive strategic information including how the USW would push to slow unfair Chinese imports.

But these crimes are merely the surface of the ocean, experts say. Hackers in China, Iran, and Russia have repeatedly targeted the American economy, stealing intellectual property, and ensuring their ability to outbid American competitors for projects.

“Pick a Fortune 1000 and they’ve all had it happen. They’ve all been targeted in one form or another or had an incident,” says Kurtz, “There are two types of companies: ones that know they’ve been hacked and the ones that just haven’t figured it out yet.”

Advertisements

Join the Discussion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s