Hacking Case Hints at Chinese Firms That Benefited From Attacks

In a highly publicized indictment this week, U.S. prosecutors accused five Chinese military hackers of stealing information from American companies that would be useful to the firms’ competitors in China.

They didn’t name the Chinese companies that might have benefited from the alleged pilfering of trade secrets, but they did drop several hints that point to some of China’s biggest companies and state-owned enterprises, including Baosteel Group Corp. and Chinalco, Bloomberg Businessweek reports on its Website. The companies deny that they are the unnamed firms referred to by the indictment.

The indictment is sending a clear message, says Peter Singer, a senior fellow at the Brookings Institution and co-author of "Cybersecurity and Cyberwar: What Everyone Needs to Know." "It’s signaling to American companies to start taking this much more seriously in their business dealings with China."

The indictment, which was unsealed on May 19, did not name any Chinese companies as defendants. It described a number of state-owned companies that had business arrangements with Westinghouse Electric Co., United States Steel Corp., Allegheny Technologies Inc., and Alcoa Inc., the victims of the alleged hacking.

In detailing the alleged thefts of information from U.S. Steel and ATI, both based in Pittsburgh, the indictment refers to the companies’ trade disputes with Chinese steelmakers, including one identified as SOE-2. The indictment also notes that ATI, through a wholly-owned subsidiary, has had a joint venture with SOE-2 since about 1995.

Joint Ventures

ATI’s Website, in turn, lists only two "global" joint ventures, and only one with a Chinese company, Baosteel. In 1995, the two established Shanghai STAL Precision Stainless Steel, according to STAL’s site; Baosteel’s stake is around 40 percent.

What’s more, steel products have been a major bone of contention in U.S.-China trade in recent years, pitting Baosteel and other Chinese companies against ATI in a World Trade Organization dispute and against U.S. Steel in a case brought under the U.S. International Trade Commission.

Baosteel spokesman Alex He denied that the company was SOE-2. Dan Greenfield, a spokesman for ATI, did not respond to an e-mail and telephone calls for comment. Courtney Boone, a spokeswoman for U.S. Steel, directed questions to the Department of Justice, where a spokesman declined to identify any of the unnamed companies in the indictment.

Corporate Intelligence

The indictment doesn’t specify what information was taken from U.S. Steel or ATI other than credentials to gain access to their systems. It also doesn’t provide evidence to demonstrate that the hackers gave anything to the company called SOE-2. It does describe a close relationship between that Chinese company and the military unit involved in the hacking, alleging that one of the PLA hackers, Huang Zhenyu, built a database for the steelmaker to hold corporate intelligence about the iron and steel industries and American companies.

Alcoa’s computer systems were targeted by the Chinese hackers in February 2008, after a Feb. 1 agreement with a Chinese company, SOE-3, to buy a stake in a foreign miner, according to the indictment. That may point to Aluminum Corp. of China, known as Chinalco, which with Alcoa, announced a $14 billion stake in Rio Tinto Group on Feb. 1, 2008, derailing a hostile bid by BHP Billiton.

The U.S. charges that the hackers eventually infiltrated Alcoa’s network and stole 2,907 e-mail messages and 863 attachments, including discussions between senior managers of the acquisition.

Chinalco spokesman Yuan Li called speculation that Chinalco is SOE-3 "groundless." Alcoa spokeswoman Monica Orbe directed questions to the U.S. government.

Technical Designs

The Chinese hackers also broke into computer systems of Westinghouse, which makes advanced nuclear power reactors, and stole technical designs for nuclear power plant pipe systems in late 2010 and 2011, according to the indictment. The break-in coincided with negotiations on technology transfers between Westinghouse and a Chinese state-owned nuclear power company, SOE-1, stemming from a 2007 agreement to build four nuclear power plants, the indictment says. Westinghouse signed such a deal in 2007 with China’s State Nuclear Power Technology Corp.

700,000 Pages

In all, the hackers made off with the equivalent of 700,000 pages of e-mail messages and attachments from Westinghouse between 2010 and 2012, according to the indictment.

Many of the messages related to Westinghouse’s strategy for business dealings with the Chinese nuclear company and competition with it in building plants outside China, U.S. prosecutors alleged. The stolen technical specifications would enable a competitor to build a plant similar to Westinghouse’s advanced design without incurring significant research and development costs, the indictment says.

Three calls to the nuclear power company’s spokesman Guo Hongbo went unanswered. Sheila Holt, a spokeswoman for Westinghouse, didn’t respond to an e-mail and a message on her mobile phone requesting comment.

As a first move, the case shows that the U.S. is getting serious about taking action against state-sponsored hackers, says Jason Weinstein, a partner at Steptoe & Johnson and a former U.S. deputy assistant attorney general. To truly discourage companies from using stolen information to their advantage, though, officials may have to take more concrete steps, such as asset seizure, he says.

‘Economic Espionage’

"Companies that profit from the crimes committed by Chinese hackers … have to operate globally to be successful, and that gives the U.S. and other countries where they do business leverage to punish them for enabling and facilitating economic espionage."

Marc Raimondi, a spokesman for the Justice Department, declined to comment on the specifics of the companies in the recent indictment.

"We are pursuing investigations of anyone responsible for intrusions like this, including those who aid and abet them or conspire to commit them," he said in a statement.

China suspended participation in a cybersecurity working group with the U.S. in response to the indictment and expressed its outrage.

"China is firmly opposed to this, and we have urged the U.S. side to immediately correct its mistake and withdraw the ’indictment,’ Foreign Ministry spokesman Hong Lei said at a press conference in Beijing.

Before it's here, it's on the Bloomberg Terminal.