U.S. accuses China of cyber spying on American companies

BY JIM FINKLE, JOSEPH MENN AND ARUNA VISWANATHA

Mon May 19, 2014 6:04pm EDT

(Reuters) - The United States on Monday charged five Chinese military officers and accused them of hacking into American nuclear, metal and solar companies to steal trade secrets, ratcheting up tensions between the two world powers over cyber espionage.

China immediately denied the charges, saying in a strongly worded Foreign Ministry statement the U.S. grand jury indictment was "made up" and would damage trust between the two nations.

Officials in Washington have argued for years that cyber espionage is a top national security concern. The indictment was the first criminal hacking charge that the United States has filed against specific foreign officials, and follows a steady increase in public criticism and private confrontation, including at a summit last year between U.S. President Barack Obama and Chinese President Xi Jinping.

"When a foreign nation uses military or intelligence resources and tools against an American executive or corporation to obtain trade secrets or sensitive business information for the benefit of its state-owned companies, we must say, 'Enough is enough,'" U.S. Attorney General Eric Holder said at a news conference.

Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc, United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG, and a steel workers' union.

Officials declined to estimate the size of the losses to the companies, but said they were "significant." The victims had all filed unfair trade claims against their Chinese rivals, helping Washington draw a link between the alleged hacking activity and its impact on international business.

According to the indictment, Chinese state-owned companies "hired" Unit 61398 of the People's Liberation Army "to provide information technology services" including assembling a database of corporate intelligence. The Chinese companies were not named.

The Shanghai-based Unit 61398 was identified last year by cybersecurity firm Mandiant as the source of a large number of espionage operations. All five defendants worked with 61398, according to the indictment.

"The administration is trying to make this clear it's a trade issue, not a cold war with China," said Jim Lewis of the Center for Strategic and International Studies, who has served as a U.S. representative in hacking negotiations with China.

The Chinese Foreign Ministry statement said it would suspend the activities of a Sino-U.S. working group on cyber issues, which American officials believe refers to a joint effort established in April 2013 involving State Department expert Chris Painter and China Foreign Ministry official Dai Bing.

That was set up as a spinoff from the U.S.-China Strategic and International Dialogue, but produced little tangible progress even before leaks by former National Security Administration contractor Edward Snowden leaks gave China grounds for accusing the NSA of infiltrating Chinese companies as well as government offices.

U.S. officials have maintained that they do not steal secrets to give an advantage to U.S. companies, but in China, Lewis said, the line between military and business prowess is unclear.

Unit 61398 has hundreds of active spies and is just one of dozens of such bodies in China, said Jen Weedon, an analyst at Mandiant, now owned by global network security company FireEye Inc. She said the group is not among the most sophisticated.

The specific accusation is less important than the demonstration that the United States is committed to stepping up its fight in multiple ways, Weedon said.

"There's a paradigm shift with regards to other ways countries try to hold each other accountable," she said.

U.S.-CHINA TIES

The cyber spying charges come amid growing tensions between Washington and Beijing over China's increased assertiveness in maritime disputes with its neighbors.

Days after Obama ended an Asia-Pacific tour in late April, China deployed an oil drilling rig 150 miles off the coast of Vietnam, in a part of the South China Sea claimed by itself and Hanoi. That sparked deadly anti-China riots in central Vietnam last week and raised questions among U.S. allies in the region over whether Obama's long-promised strategic "pivot" toward Asia is more than talk.

A tougher stand against Chinese cyber crime targeting U.S. interests could help counter criticism that Washington has responded too passively to Beijing's geopolitical challenges. U.S. officials have long complained about Chinese cyber spying but have taken few concrete actions to punish those suspected of being behind it.

Washington announced the charges as new claims emerged last week about the scope of overseas spying by the United States. Documents leaked by Snowden showed the agency intercepted and modified equipment made by Cisco Systems Inc that was headed overseas.

Cisco responded by asking Obama to curtail U.S. surveillance programs, underscoring the vulnerability of multinationals to a whipsaw of competing government interests.

Douglas Paal of the Carnegie Endowment for International Peace think tank said the hacking charges will add to the list of grievances that have been accumulating between China and the United States. "It will give Beijing a chance to remind the U.S. that its own spying is a bigger problem."

He added, "We have a plethora of vulnerable firms, including Cisco, Intel, IBM and others. Targeted retaliation is likely intended to split and weaken American support for the administrations action."

Skeptics said U.S. authorities would not be able to arrest those indicted because Beijing would not hand them over. Still, the move would prevent the individuals from traveling to the United States or other countries that have an extradition agreement with the United States.

"It won't slow China down," said Eric Johnson, dean of the business school at Vanderbilt University and an expert on cyber security issues.

But the step could prompt China to rethink the position that industrial secrets are fair game, analysts said.

"At some point, they are going to start dealing seriously with this problem, unless they want to hurt relations," said Dmitri Alperovitch, co-founder of security firm CrowdStrike.

SPEAR PHISHING

In an indictment filed in the Western District of Pennsylvania, prosecutors said the officers hacked into computers starting in 2006, often by infecting machines with tainted "spear phishing" emails to employees that purport to be from colleagues.

Prosecutors alleged that one hacker, for example, stole cost and pricing information in 2012 from an Oregon-based solar panel production unit of SolarWorld. The company was losing market share at the time to Chinese competitors who were systematically pricing exports below production costs, according to the indictment.

Another officer is accused of stealing technical and design specifications about pipes for nuclear plants from Westinghouse Electric as the company was negotiating with a Chinese company to build four power plants in China, prosecutors said.

American businesses have long urged the government to act against cyber espionage from abroad, particularly by China.

Alcoa spokeswoman Monica Orbe said: "To our knowledge, no material information was compromised."

U.S. Steel declined to comment, while SolarWorld CEO Frank Asbeck said the company supported the U.S. investigation.

(Reporting by Jim Finkle in Boston, Joseph Menn in San Francisco and Aruna Viswanatha in Washington; Additional reporting by Susan Heavey, Mark Hosenball, Matt Spetalnick and David Brunnstrom; Editing by Bernadette Baum, Tiffany Wu and Eric Walsh)