The US has charged five PLA officers with hacking into US steel, solar, and nuclear companies, and stealing invaluable trade secrets. The accused reportedly operated out of PLA Unit 61398 in Shanghai. SMCP reports:
A grand jury filed charges against five people in the People’s Liberation Army’s shadowy Unit 61398 for allegedly stealing steel industry secrets to benefit Chinese state-owned companies.
The criminal charges said that the hackers broke into US computers to gain a competitive advantage, hurting companies such as Westinghouse and the US Steel Corp as well as workers.
Attorney General Eric Holder said the charges were the first of their kind against state actors and should serve as “a wake-up call.” “This administration will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market,” Holder told reporters.
“The indictment makes clear that state actors who engage in economic espionage, even over the Internet from faraway offices in Shanghai, will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law,” he said.
Here’s the full 56-page US indictment, allegedly typed on a type writer!
PLA Unit 61398 in Pudong, the alleged base of operations for the attacks
“Meet the hackers”
WSJ has conveniently rounded up and profiled the accused for us. Here they are:
Known online as “UglyGorilla” and Jack Wang, he is accused of being an officer in the People’s Liberation Army unit 61398 at some point during the investigation, which covered from 2010 to 2012. The FBI says Wang controlled victim computers.
Also known as Huang Zhen Yu, and “hzy_lhx” Mr. Huang was a computer programmer who allegedly managed the domain accounts used by others. Those domain accounts were used as a way for target computers infected with malware to relay information back to the hackers, according to the indictment.
Also known as Jack Sun, allegedly held the rank of captain during the early stages of the investigation, and was observed sending malicious emails to infect target computers with malware, and controlling victim computers once they’d been infected.
Also known as “KandyGoo”, Mr. Gu allegedly tested malicious email messages and also managed the domain accounts used by others to steer stolen information from target companies back to the hackers.
Also known as “WinXYHappy” and “Win_XY”, Mr. Wen allegedly controlled victim computers.
China, unsurprisingly, balked at the charges, calling them “ungrounded” and “absurd.” Los Angeles Times reports:
Chinese government officials on Monday strongly rebuked the U.S. over its claims of cyber-spying by five Chinese military officers, saying the Justice Department indictment was based on “fabricated facts” and would jeopardize U.S.-China relations.
“The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets,” Foreign Ministry Spokesperson Qin Gang said in a statement.
We assume they’re not counting that time when sophisticated Chinese hackers infiltrated NASA’s Jet Propulsion Lab in 2011, or when they breached Google security in 2010, or how about when they spearphished their way into the US Chamber of Commerce, or countless other instances.
Of course, cyber-shenanigans happen on both sides of the wall, with the US even building an army of hackers to help fight in the international cyberwar.