The U.S. government's decision Monday to formally indict five members of the Chinese military on criminal hacking charges marks a significant escalation of what until now has been largely a war of words between officials of both countries.
Many see the indictments as long overdue. U.S. government officials and security experts have long pointed to China as the single largest source of state-sponsored attacks against U.S. government, military and corporate networks. Over the past several years, China-based hackers are believed to have stolen huge troves of military and industrial data from the U.S.
The big question is whether today's indictments will accomplish anything.
It's a near certainty that China will not hand over the five individuals to the U.S. or hold them accountable in that country. And it's unlikely that the indictments alone will significantly slow the alleged Chinese attacks against U.S. assets — if that is, indeed, the goal.
Instead, all the move is likely to do is provoke China to retaliate in similar fashion. Already, the Chinese government has said it would suspend its participation in the activities of the China-US Cyber Working Group.
In a statement, Monday, the Chinese government promised further action. "It is a fact known to all that relevant U.S. institutions have long been involved in large-scale and organized cyber theft as well as wiretapping and surveillance activities against foreign political leaders, companies and individuals," the statement read, with an obvious reference to the National Security Agency.
"China is a victim of severe U.S. cyber theft, wiretapping and surveillance activities," the Chinese government said. The statement went on to say that the indictments are based on "fabricated facts."
The U.S. Department of Justice (DOJ) earlier today handed down indictments against Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu and Gu Chunhui, all officers in Unit 61398 of the Third Department of the Chinese People's Liberation Army (PLA).
A report by security firm Mandiant last year had identified Unit 61398 as a Shanghai-based Chinese military operation responsible for hacking attacks against nearly 150 companies around the world.
In its complaint, the DOJ charged the individuals with hacking, or conspiring to hack, into several major U.S. companies, including Westinghouse Electric Co, United States Steel Corp., Allegheny Technologies Inc., United Steel and the U.S. subsidiary of SolarWind AG. The incidents allegedly occured between 2006 and 2014.
The intrusion at Westinghouse took place in 2010 when the company was building four power plants in China and was negotiating terms of the construction with a Chinese state-owned entity. Sun allegedly stole proprietary technical information and design specifications for pipes, pipe supports and other equipment from the company.
Sign up for Computerworld eNewsletters.