Caught Red-Handed

The Obama administration took the unprecedented step Monday of indicting five Chinese military officials for hacking into American companies and stealing their proprietary data, ending Washington’s years-long war of words with Beijing over Chinese cyberspying in favor of tough action. The Chinese officials will almost certainly never see the inside of a courtroom — the United States has no extradition treaty with China. But China is certain not to take the indictments lying down.

Beijing has already canceled its participation in a U.S.-China working group on, in an ironic twist, cybersecurity. And cybersecurity experts questioned whether a legal counteroffensive is forthcoming in which Beijing indicts U.S. intelligence officials involved in Washington’s own ongoing cyberspying efforts. That could mean targeting relatively low-level American spooks, but Beijing could theoretically go after high-ranking officials like former NSA Director Keith Alexander, who also ran the military’s Cyber Command.

"There could be some tit-for-tat legal proceedings," said Richard Bejtlich, the chief security strategist at computer security company FireEye and a former military intelligence officer. "Then who do they go after? Individual U.S. hackers? Or Alexander?" Bejtlich asked. Alexander was responsible for cyberoperations directed at the Chinese government and corporations, including one to implant surveillance equipment in Chinese-made communications equipment. The United States accuses the Chinese hackers of similar offenses — installing spying equipment inside companies’ computers and stealing secrets.

"The Chinese will do something responsive — they may very well indict Keith Alexander," said Paul Rosenzweig, a former a Homeland Security Department official who worked on cybersecurity policy in George W. Bush’s administration. "I suspect that they’re considering all their options."

The U.S. indictment, which was announced at a press conference at Justice Department headquarters in Washington on Monday, May 19, includes the first criminal charges against state actors responsible for alleged cyberspying against the United States. The alleged activities involve a years-long campaign by the Chinese military and its proxies to hack into the computer systems of American companies, trade associations, unions, and law firms and steal confidential information, including business plans, product designs, and private communications.

The five men, all of whom allegedly worked for a hacker group known as Unit 61398 that was directed by the People’s Liberation Army, are accused of giving U.S. companies’ information to Chinese state-owned enterprises, providing them with an unfair advantage over their American competitors.

Cyberspying has been the subject of a long-simmering dispute between Beijing and Washington. But the criminal indictment takes the matter to a new level and signals that Barack Obama’s administration has decided its strategy of publicly shaming China into halting its cyber-espionage isn’t working. Chinese officials, for their part, denounced the U.S. indictment as "fabricated facts" and said the Justice Department’s actions "seriously violated basic norms of international relations, damage Sino-US cooperation and mutual trust."

The tough talk suggests China might match the U.S. indictments with some if its own.

There is precedent for foreign governments coming after U.S. intelligence personnel for operations undertaken on their soil. In 2009, an Italian court convicted in absentia 23 CIA employees for their role in kidnapping an Egyptian man in Milan six years earlier. (Like the Chinese hackers, the CIA personnel were not expected to ever spend time in prison.) But those were alleged crimes committed within a country. China and the U.S. spy on each other remotely.

To have a credible case against a senior U.S. official or a lower-level hacker, the Chinese would have to provide something they’ve never been able to offer: evidence of American cyberspying. "The Chinese keep saying they have all these statistics on the U.S., but they’ve never released anything or shared any names," said Bejtlich, who was previously the chief security officer of the computer security firm Mandiant. Last year, it released a report on the same Chinese unit for which the five indicted military hackers worked.

The U.S. indictment is filled with specific allegations about the men, including where in China they worked, whom they reported to, the kinds of information they stole, what firms they targeted, and what they did with the pilfered data. Unless the Chinese can come up with a similarly detailed list of accusations against the National Security Agency, any legal countermove in a Chinese court is likely to be greeted derisively, said Rosenzweig. "I think the one thing the Chinese don’t want to be is laughed at."

Bejtlich predicted that at a minimum, so-called patriotic hackers in China, who undertake operations on behalf of the government and with its implied consent, would launch retaliatory strikes at U.S. targets, including the Justice Department and the U.S. Attorney’s Office for the Western District of Pennsylvania, where the indictment was filed. Bejtlich said that the companies named in the indictment as the victims of the spying campaign should also expect that patriotic hackers might target them in retribution.

The Chinese hackers are accused of hacking into the computers of Westinghouse Electric, Alcoa, Allegheny Technologies, U.S. Steel, the United Steelworkers union, and SolarWorld, Attorney General Eric Holder announced. The companies are among the biggest energy and raw materials companies in the United States, and United Steelworkers is the largest steel labor union. The Chinese hackers stole pricing information and equipment designs in order to benefit Chinese state-owned industries, the Justice Department alleges. Officials said they couldn’t put a dollar amount on how much the spying had cost U.S. companies. But Alexander has called Chinese cyberspying "the greatest transfer of wealth in history."

The Chinese hackers also stole attorney-client communications and cost and production analysis that gave the Chinese hackers an insight into the companies at a "critical time," including when they were conducting negotiations to do business in China, said David Hickton, the U.S. attorney for the Western District of Pennsylvania. "This 21st-century burglary has to stop," Hickton said, adding that the cyberspying had "led directly to the loss of jobs" in the United States.

President Obama has broached the subject of China’s cyberspying in private meetings with Chinese President Xi Jinping. And last year, Obama’s then-national security advisor, Tom Donilon, rebuked China in a speech for cyberspying, which he called "a growing challenge to our economic relationship with China" and a "key point of concern and discussion with China at all levels of our governments." That was the
highest-level public criticism of the Chinese actions to date.

China’s cyber-espionage is also of deep concern to the Pentagon, which fears Beijing is focused both on stealing plans for advanced armaments to build its own versions and on using that know-how to develop ways of countering high-tech American aircraft, drones, and other battlefield armaments. The Defense Department’s annual assessment of Chinese military strength, which is expected to show an ongoing spike in China’s cybercapabilities, is set to be released.

Officials promised more indictments against foreign cyberspies. "This is the new normal. This is what you’re going to see on a recurring basis," said Robert Anderson, a top FBI cybersecurity official.