Primary Sources

PrintPrint EmailEmail ShareShare CiteCite
Style:MLAAPAChicagoClose

loading...

United States of America v. Members of China's People's Liberation Army

Published May 19, 2014

The U.S. Department of Justice announced the indictment of five Chinese military hackers on May 19, 2014. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui were accused with computer hacking, economic espionage and other offenses directed at Americans in the nuclear power, metals, and solar products industries.

Summary of the indictment from Department of Justice:

Defendants : Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third Department of the Chinese People's Liberation Army (PLA). The indictment alleges that Wang, Sun, and Wen, among others known and unknown to the grand jury, hacked or attempted to hack into U.S. entities named in the indictment, while Huang and Gu supported their conspiracy by, among other things, managing infrastructure (e.g., domain accounts) used for hacking.

Victims : Westinghouse Electric Co. (Westinghouse), U.S. subsidiaries of SolarWorld AG (SolarWorld), United States Steel Corp. (U.S. Steel), Allegheny Technologies Inc. (ATI), the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) and Alcoa Inc.

Time period : 2006-2014.

Crimes : Thirty-one counts as follows (all defendants are charged in all counts).

Count(s)

Charge

Statute

Maximum Penalty

1

Conspiring to commit computer fraud and abuse

18 U.S.C. § 1030(b).

10 years.

2-9

Accessing (or attempting to access) a protected computer without authorization to obtain information for the purpose of commercial advantage and private financial gain.

18 U.S.C. §§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2.

5 years (each count).

10-23

Transmitting a program, information, code, or command with the intent to cause damage to protected computers.

18 U.S.C. §§ 1030(a)(5)(A), 1030(c)(4)(B), and 2.

10 years (each count).

24-29

Aggravated identity theft.

18 U.S.C. §§ 1028A(a)(1), (b), (c)(4), and 2

2 years (mandatory consecutive).

30

Economic espionage.

18 U.S.C. §§ 1831(a)(2), (a)(4), and 2.

15 years.

31

Trade secret theft.

18 U.S.C. §§ 1832(a)(2), (a)(4), and 2.

10 years.

Summary of Defendants' Conduct Alleged in the Indictment

Defendant

Victim

Criminal Conduct

Sun

Westinghouse

In 2010, while Westinghouse was building four AP1000 power plants in China and negotiating other terms of the construction with a Chinese SOE (SOE-1), including technology transfers, Sun stole confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing within the AP1000 plant buildings.

Additionally, in 2010 and 2011, while Westinghouse was exploring other business ventures with SOE-1, Sun stole sensitive, non-public, and deliberative e-mails belonging to senior decision-makers responsible for Westinghouse's business relationship with SOE-1.

Wen

SolarWorld

In 2012, at about the same time the Commerce Department found that Chinese solar product manufacturers had "dumped" products into U.S. markets at prices below fair value, Wen and at least one other, unidentified co-conspirator stole thousands of files including information about SolarWorld's cash flow, manufacturing metrics, production line information, costs, and privileged attorney-client communications relating to ongoing trade litigation, among other things. Such information would have enabled a Chinese competitor to target SolarWorld's business operations aggressively from a variety of angles.

Wang and Sun

U.S. Steel

In 2010, U.S. Steel was participating in trade cases with Chinese steel companies, including one particular state-owned enterprise (SOE-2). Shortly before the scheduled release of a preliminary determination in one such litigation, Sun sent spearphishing e-mails to U.S. Steel employees, some of whom were in a division associated with the litigation. Some of these e-mails resulted in the installation of malware on U.S. Steel computers. Three days later, Wang stole hostnames and descriptions of U.S. Steel computers (including those that controlled physical access to company facilities and mobile device access to company networks). Wang thereafter took steps to identify and exploit vulnerable servers on that list.

Wen

ATI

In 2012, ATI was engaged in a joint venture with SOE-2, competed with SOE-2, and was involved in a trade dispute with SOE-2. In April of that year, Wen gained access to ATI's network and stole network credentials for virtually every ATI employee.

Wen

USW

In 2012, USW was involved in public disputes over Chinese trade practices in at least two industries. At or about the time USW issued public statements regarding those trade disputes and related legislative proposals, Wen stole e-mails from senior USW employees containing sensitive, non-public, and deliberative information about USW strategies, including strategies related to pending trade disputes. USW's computers continued to beacon to the conspiracy's infrastructure until at least early 2013.

Sun

Alcoa

About three weeks after Alcoa announced a partnership with a Chinese state-owned enterprise (SOE-3) in February 2008, Sun sent a spearphishing e-mail to Alcoa. Thereafter, in or about June 2008, unidentified individuals stole thousands of e-mail messages and attachments from Alcoa's computers, including internal discussions concerning that transaction.

Huang

Huang facilitated hacking activities by registering and managing domain accounts that his co-conspirators used to hack into U.S. entities. Additionally, between 2006 and at least 2009, Unit 61398 assigned Huang to perform programming work for SOE-2, including the creation of a "secret" database designed to hold corporate "intelligence" about the iron and steel industries, including information about American companies.

Gu

Gu managed domain accounts used to facilitate hacking activities against American entities and also tested spearphishing e-mails in furtherance of the conspiracy.

An indictment is merely an accusation and a defendant is presumed innocent unless proven guilty in a court of law.

The FBI conducted the investigation that led to the charges in the indictment. This case is being prosecuted by the U.S. Department of Justice's National Security Division Counterespionage Section and the U.S. Attorney's Office for the Western District of Pennsylvania.

More on This Topic

Op-Ed

The Cyber Trade War

Author: Adam Segal
Foreign Policy

Adam Segal says the showdown between China and the United States over telecommunications is about more than just security.