Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Does U.S. business stand a chance of keeping Chinese cyber-spies out of its data?

Ellen Messmer | May 23, 2014
The U.S. Department of Justice, working with the FBI, this week took the unprecedented step of indicting five Chinese army officers for allegedly breaking into the networks of American companies and a labor union to steal trade secrets of use to Chinese businesses.

The accused Chinese cyberspies — Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui — are said to be officers in China's People's Liberation Army (PLA) thought to be associated with the so-called Unit 61398. That's the Chinese military's suspected cyber-spying operation based in Shanghai. The officers face charges of computer fraud, damaging a computer, aggravated identity theft and economic espionage. The indictment came complete with the officers' mug shots and hacker handles, like UgkyGorilla and KandyGoo.

Many doubt these five will ever be brought to the U.S. to stand trial, but "the indictments are very important because they send a deterrent message to both the Chinese government as well as the individuals involved in these operations," says Dmitri Alperovitch, CTO at security company CrowdStrike. He notes these five officers could face extradition if they travel to countries friendly to the U.S.  China doesn't have an extradition treaty with the U.S., notes Craig Carpenter, chief cyber security strategist at AccessData, but he adds it might be possible for the DoJ to get a guilty verdict in absentia.

In announcing that it wants these five PLA officers extradited to the U.S., the DoJ  included the accusation that Chinese state-owned companies hired some PLA members working at Unit 61398 to break into U.S. corporate networks to steal information for their gain.The PLA gained "unauthorized access" into the victims' networks to steal information "useful to China, including state-owned companies," said Attorney General Eric Holder this week at a press conference. Holder stood flanked by members of the FBI's national security and cyber divisions as well as by David Hickton, U.S. attorney for the Western District of Pennsylvania, where most of the companies allegedly hit by the Chinese cyber-intrusions are located, according to the indictment.

"The victims are tired of being raided," said Hickton, alleging that the theft of technology, cost analysis and trade secrets over the past four years had directly sabotaged U.S. competitiveness, leading to outcomes such as Chinese "dumping" of cheap pipe and the loss of U.S. jobs. "This 21st century burglary has to stop."

Diplomatic efforts to stop cyber-attacks against U.S. firms have largely "failed," said Robert Anderson, FBI executive assistant director in the criminal, cyber, response and services branch. "We are going to hold you accountable," he said about the five accused officers, suggesting more actions to prosecute Chinese cybercrime would be coming. John Carlin, FBI assistant attorney general for national security, said the hope is China will now simply stop the criminal actions.

But the U.S., action has left China furious.

"The U.S. accusation against Chinese personnel is purely ungrounded with ulterior motives," said China's Foreign Ministry spokesman Qin Gang in a statement. "China is a victim of sever U.S. cyber theft, wiretapping and surveillance activities" which have impacted Chinese government departments, companies and universities. China abruptly ended talks in the Sino-U.S. Cyber Working Group the U.S. and China had begun on cyber-spying issues, and suggested it may bring its own cyber-spying charges against the U.S.

 

Previous Page  1  2  3  4  Next Page 

Sign up for Computerworld eNewsletters.