The U.S. Justice Department was considering last year charging Chinese military officials with the digital theft of trade secrets. Then Edward Snowden emerged.
Snowden’s revelations of the U.S. government’s own massive spying operations collided with an Obama administration campaign whose origins date back at least three years to escalate public pressure on China to halt economic spying.
Yesterday’s indictment of five Chinese officials signals the administration is banking that enough time has passed that it can redirect the worldwide debate over government surveillance toward China’s drive to steal commercial secrets of private companies to boost its own economy.
“We’ve told the Chinese we know they spy on us for military purposes and we spy on them for military purposes, which is what big powers do,” said James Lewis, a fellow in cybersecurity at the Center for Strategic and International Studies in Washington. “What’s weird is when you spy purely for commercial purposes, and that has to stop.”
Prosecutors have little expectation of getting the hackers into a U.S. courtroom, according to three people familiar with the administration debate over how to confront China, which began as early as 2011 and has been closely managed by the White House.
Instead, the indictment is intended to put forth in a public document some of the extensive evidence the U.S. has gathered, down to a photograph of two of the hackers bedecked in their People’s Liberation Army uniforms.
In that sense, the charges laying out evidence and operational details of cyber espionage conducted by China’s military represent a U.S. counterpoint to the documents leaked by Snowden, a former National Security Agency contractor.
“Since well before these recent disclosures, we have made clear that our signals intelligence programs serve a specific national security mission, and that does not include providing a competitive advantage to U.S. companies,” White House spokesman Jay Carney said yesterday.
While hundreds of U.S. entities have been penetrated by Chinese military hackers since 2002, the Justice Department focused on five companies specializing in solar panels, metals and next-generation nuclear power plants.
The charges, unsealed in District Court in Pennsylvania, allege the Chinese officers conspired to steal trade secrets and other information from companies including Westinghouse Electric Co., United States Steel Corp., Alcoa Corp. and U.S. subsidiaries of Solarworld AG.
U.S. prosecutors zeroed in on a handful of companies to underscore details about the relationship between state hackers and China’s major companies.
In one example, a major Chinese steel company hired the People’s Liberation Army officials on the side to help build a database to store stolen data. The company wasn’t identified in the indictment.
In another, Chinese hackers stole plans for a next-generation nuclear power plant from Westinghouse, according to the indictment.
Although Westinghouse was already signed up to build those reactors in China, prosecutors say the theft may allow the Chinese to build the reactors on their own later.
“Even if you have a hard time getting these people in court it will make some people think twice about engaging in this sort of activity,” said Paul Tiao, who served as senior counselor for cybersecurity to former FBI Director Robert Mueller. “It is a really significant step and not one that the administration took lightly.”
China reacted fiercely, calling the facts laid out in the indictment “absurd” and suspending participation in a U.S.- China cyber working group, formed last year to discuss rules for cyberspace and as a mechanism to manage differences between the two countries.
Assistant Foreign Minister Zheng Zeguang summoned the U.S. Ambassador to China Max Baucus and lodged a formal protest over the indictments, the official Xinhua News Agency reported.
China’s military hasn’t engaged in cyber espionage and “the U.S. should take action to correct its mistake and drop the lawsuits,” Foreign Ministry spokesman Hong Lei said at a daily briefing in Beijing today. “This action on the part of the U.S. has shown that it is not interested in having dialog over the cybersecurity issue.”
Within President Barack Obama’s administration, the indictment was considered among the strongest of a range of possible options vetted by White House officials beginning in 2012 and designed to gradually increase pressure on Chinese officials over the wide-scale hacking of U.S. companies, the three people said.
The administration began the rollout of the strategy in late 2012 and early 2013, with a series of speeches by senior U.S. officials referring to the targeting of U.S. companies by Chinese hackers, without linking them directly to the PLA.
That was followed by the release of previously classified data from the Department of Homeland Security in March designed to help companies find Chinese hackers in their computers.
The White House also considered sanctions on Chinese companies that have benefited from the technology thefts, but those are considered a significant escalation beyond even the indictment.
Three Chinese state-owned enterprises are described as benefiting from the thefts detailed in the indictment, although they’re not named.
“What they wanted to do was begin this push to pressure the Chinese, but more importantly they could go to other countries and say we are trying to create this norm that puts this sort of spying off limits,” said Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York. “Snowden derailed this massive push, but I don’t know if they are picking up the pieces to try to march forward or if this is just an appendix.”
The indictment appears to be the first public disclosure of some of the intrusions, raising the question why the American companies hadn’t disclosed the events to investors.
“To our knowledge, no material information was compromised during this incident, which occurred several years ago,” Monica Orbe, an Alcoa spokeswoman, said in an e-mail. “Safeguarding our data is a top priority for Alcoa and we continue to invest resources to protect our systems.”
While being spied upon would be a “big honor” and a sign that Solarworld has developed first-rate photovoltaic technology, “it’s a criminal act to steal what we are developing with a lot of money,” Solarworld Chief Executive Officer Frank Asbeck said in a phone interview.
The evidence in the indictment was collected by the Federal Bureau of Investigation and other agencies over the years. Agents issued subpoenas to Internet and telecommunications companies so they could track stolen data as it was sent back to China. They also worked with companies to assess the significance of what was stolen, according to two of the people familiar with the investigation.
“We have confidence that we compiled evidence that we can present in an open court before a jury,” John Carlin, the assistant U.S. attorney general for national security, said in an interview yesterday. “Everything that was done was done lawfully in a manner that we’d be able to admit in a criminal proceeding.”
Although not included in the indictment, the U.S. has also gathered evidence from its own cyberspying, including intrusions by NSA hackers into Chinese servers to catalog what was stolen, one of the three people familiar with the operations said.
Caitlin Hayden, a spokeswoman for the National Security Council, declined to comment.
U.S. officials say those activities fall into the sort of espionage conducted by all countries for national security.
Segal said that after the Snowden disclosures, many countries will find that argument unconvincing.
“I don’t think those claims have much credibility,” he said. “People are not convinced that the U.S. is not also spying for economic advantage.”