Mon May 19, 2014
Charges Of Chinese Cybercrimes To Play Out In American Courts
Originally published on Mon May 19, 2014 8:54 pm
The Justice Department has filed charges against five members of the Chinese military, alleging that they're hackers who committed espionage against U.S. companies. The indictment alleges that the Chinese hacked into five U.S. firms — including Westinghouse, U.S. Steel and Alcoa — and one labor union in order to steal trade secrets.
ROBERT SIEGEL, HOST:
From NPR News, this is ALL THINGS CONSIDERED. I'm Robert Siegel.
AUDIE CORNISH, HOST:
And I'm Audie Cornish. Today, the Justice Department filed a novel case in U.S. courts against China. Prosecutors are charging five Chinese officials with hacking into the servers of American companies and stealing trade secrets. As NPR's Aarti Shahani reports, it's an escalation in the confrontation between the U.S. and China over the use of computers as a tool of economic espionage.
AARTI SHAHANI, BYLINE: The indictment charges the People's Liberation Army with stealing data to help Chinese companies gain an unfair edge against American firms. Officials traced the group, called Unit 61398, to a single building in Shanghai. Attorney General Eric Holder, who spoke at a press conference this morning, called it corporate espionage and said it has to stop.
ERIC HOLDER: Success in the international marketplace should be based solely on a company's ability to innovate and compete, not on a sponsor's government ability to spy and to steal business secrets.
SHAHANI: The Justice Department is ramping up a global campaign to stop large-scale cyber-theft. In New York, prosecutors announced the arrest of hackers around the world who were allegedly trafficking malicious software. This case against China comes out of western Pennsylvania. U.S. Attorney David Hickton said steelmakers, as well as solar and nuclear energy companies there, are tired of being the victims of cyber-theft.
DAVID HICKTON: We would not stand idly by if someone pulled a tractor trailer up to a corporate headquarters, cracked the lock and loaded up sensitive information.
SHAHANI: China's Foreign Ministry says the U.S. conducts economic espionage, and that today's indictment is based on fabricated facts and that its military has never engaged in cyber theft of trade secrets. Not true, says cybersecurity expert Richard Bejtlich. His company, Mandiant, now part of FireEye, investigated the exact same Chinese army unit a year ago. And he even recognizes one of hackers.
RICHARD BEJTLICH: Wang Dong, he was also called Ugly Gorilla. That's his hacker name that he used.
SHAHANI: It's unusual in hacking cases to figure out who the perpetrator is. An innocent computer could have been high jacked by a criminal. Experts in the industry call it the attribution problem. But Bejtlich says this major Chinese army unit was operating for at least seven years.
BEJTLICH: When you have that large an operation going on for that amount of time, the actors involved slip up, they eventually reveal something about themselves. And it's that sort of analysis that we can do against those mistakes that reveal who they are.
SHAHANI: Even if the evidence is strong, former federal prosecutor Marc Zwillinger does not expect the case to get very far.
MARC ZWILLINGER: That does seem unlikely. You know, we would be relying on the Chinese government to extradite their own employees to the U.S. government to stand trial.
SHAHANI: While that's not going to happen, Zwillinger says, the U.S. had to start somewhere. Aarti Shahani, NPR News. Transcript provided by NPR, Copyright NPR.