China is lashing out at the United States as a cybersecurity “hypocrite” after U.S. authorities indicted Chinese military officers with hacking into the systems of corporations.
China’s foreign ministry spokesman, Hong Lei, accused the U.S. on Tuesday of damaging already-fragile relations between Beijing and Washington. On Monday Beijing summoned the U.S. Ambassador to China to voice its complaints and pulled out of a joint cybersecurity working group, saying the U.S. must “correct its mistake and withdraw its indictment.”
The Chinese state, Mr. Hong claimed, has done no hacking for trade secrets.
That claim runs counter to a raft of recent research by the U.S. government and private firms, who have meticulously traced hacking attacks back to China. Some have been traced to a specific 12-storey building in Shanghai that is believed to be used by Unit 61398, a signals intelligence component of the People’s Liberation Army.
The Chinese anger was provoked by U.S. cyberspying charges filed Monday against five Chinese officers, who used aliases such as UglyGorilla, KandyGoo and WinXYHappy and commandeered innocuous-sounding domain names such as businessconsults.net and arrowservice.net.
In reality, prosecutors allege, they were members of the Chinese army on a mission: to infiltrate some of the largest companies in the U.S. and steal confidential information from them.
The indictment is an unprecedented step by U.S. authorities, who detailed their claims in a 56-page document. Starting in 2006 and continuing through last month, the defendants allegedly hacked into the computer systems of firms including Alcoa Inc., U.S. Steel Corp. and Westinghouse Electric Co.
But the U.S. has also actively sought to listen in to the world’s conversations, with practices laid bare in documents leaked by former security contractor Edward Snowden. On Tuesday, China sought to further turn the tables by releasing information on hacking attempts that originated from U.S. soil. Between March 19 and May 18, Chinese authorities said, some 2,077 “botnet servers” in the U.S. wielded control over 1.18-million computers in China.
During that same two-month period, U.S.-based Internet addresses were the source of some 57,000 “backdoor” attacks on Chinese computers, China’s State Internet Information Office said.
Skilled cyberattackers can often cloak their identities, which can create plausible deniability for both sides. Often, “the best you can do is trace back to the border,” said Shiuhpyng Winston Shieh, an adviser to the Taiwan government and director of the Taiwan Information Security Center.
Still, the indictment will escalate longstanding tensions between the United States and China over cyberespionage. China, meanwhile, attempted to show a united front with others. On Tuesday, China’s Xi Jinping and Russia’s Vladimir Putin issued a joint statement expressing “grave concern” over use of technology to “international stability and security, and the use that harms the country’s sovereignty and personal privacy.”
That comes after U.S. officials have condemned what they describe as an extensive campaign by the Chinese government to pilfer commercial secrets, something China denies.
“For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses,” John Carlin, a senior official at the U.S. Justice Department, said at a press conference Monday.
“This conduct is criminal. And it is not conduct that most responsible nations within the global economic community would tolerate,” said Mr. Carlin.
The five defendants are unlikely to see the inside of a U.S. courtroom. Instead, the public airing of the accusations is intended as a signal to China that its actions have become intolerable, wrote James Andrew Lewis, a senior fellow at the Center for Strategic and International Studies in Washington.
“Today’s action is best seen as a first step in a process that will take several years,” Mr. Lewis wrote on Monday. “The best outcome would be a serious commitment, most likely private, by China to scale back its economic espionage program.”
According to Mr. Lewis, federal prosecutors sought out U.S. firms that were willing to go public with specific instances of Chinese hacking, something many multinationals are reluctant to do for fear of reprisal.
The court documents unsealed Monday reveal a delicate dance by large American companies. They show that the alleged hacking took place as the U.S. firms sought to partner with Chinese state-owned enterprises and reap profits from China’s growing market.
According to the indictment, one of the defendants targeted Westinghouse, a leader in the nuclear power industry, as it proceeded with a joint venture to build four power plants in China. The hacker allegedly stole confidential technical and design specifications for the pipe system in the plants, court documents said, as well as sensitive e-mails concerning the partnership with the Chinese state-owned firm.
The hackers allegedly worked for Unit 61398, whose existence the Chinese foreign ministry declined to confirm Tuesday. According to the U.S., the unit has compromised the systems of at least 140 companies since 2006, based on a major report published last year by cybersecurity firm Mandiant.
To gain access to corporate computer systems, the defendants used “spearphishing” techniques, court documents said. Employees of the companies received e-mails containing attachments which, once clicked, installed malware on their computers, the indictment said. At U.S. Steel, one such message appeared to be from the firm’s chief executive; at Alcoa, one missive masqueraded as a note from a board director regarding an upcoming annual meeting.
“To our knowledge, no material information was compromised during this incident,” Monica Orbe, a spokesperson for Alcoa, said in a statement. “Safeguarding our data is a top priority.”
The Chinese military hackers were part of a unit that operated as a kind of contractor for state-owned firms, the indictment said. One such firm, embroiled in trade litigation with a U.S. company, “hired the unit to build a ‘secret’ database to hold corporate ‘intelligence,’” court documents said.
In addition to Alcoa, Westinghouse and U.S. Steel, the Chinese military hackers allegedly targeted Allegheny Technologies Inc., a maker of specialty metals, and a solar energy firm with operations in Oregon. One of the defendants is accused of stealing the login information and passwords for nearly all of Allegheny’s thousands of employees, allowing “wide-ranging and persistent access” to its computer system.
The hackers also peeked into the computer systems of a steelworkers’ union that had issued sharp criticism of Chinese trade practices, the indictment said.
NATHAN VANDERKLIPPE AND JOANNA SLATER
BEIJING/NEW YORK — The Globe and Mail
Published Tuesday, May. 20 2014, 3:41 AM EDT
Last updated Tuesday, May. 20 2014, 7:04 AM EDT