Which Companies Benefited From China's Hack Attacks?

In a highly publicized indictment this week, U.S. prosecutors accused five Chinese military hackers of stealing information from American companies that would be useful to competitors in China. They didn’t name Chinese companies that might have benefited from the alleged pilfering of trade secrets, but they did drop several big hints that point to some of China’s biggest companies and state-owned enterprises, including Baosteel and Chinalco. The companies deny that they are the unnamed businesses referred to in the indictment.

The indictment is sending a clear message, says Peter Singer, a senior fellow at the Brookings Institution and co-author of Cybersecurity and Cyberwar: What Everyone Needs to Know. “It’s signaling to American companies to start taking this much more seriously in their business dealings with China,” he says.

The indictment, which was unsealed on May 19, did not name any Chinese companies as defendants. It described a number of state-owned companies that had business arrangements with Westinghouse Electric, United States Steel, Allegheny Technologies, and Alcoa, the victims of the alleged hacking.

In detailing the alleged thefts of information from U.S. Steel and ATI, the indictment refers to the companies’ trade disputes with Chinese steelmakers, including one identified as SOE-2. The indictment also notes that ATI, through a wholly owned subsidiary, has had a joint venture with SOE-2 since about 1995. ATI’s website, in turn, lists only two “global” joint ventures—and only one with a Chinese company, Baosteel. In 1995, the two established Shanghai STAL Precision Stainless Steel, according to STAL’s website; Baosteel’s stake is around 40 percent.

What’s more, steel products have been a major bone of contention in U.S.-China trade in recent years, pitting Baosteel and other Chinese companies against ATI in a World Trade Organization dispute and against U.S. Steel in a case brought under the U.S. International Trade Commission.

Baosteel spokesman Alex He denied that the company is SOE-2. Dan Greenfield, a spokesman for ATI, did not respond to an e-mail and telephone calls seeking comment. Courtney Boone, a spokeswoman for U.S. Steel, directed questions to the Department of Justice, at which a spokesman declined to identify any of the unnamed companies in the indictment.

The indictment doesn’t specify what information was taken from U.S. Steel or ATI other than credentials to gain access to their systems. Nor does it provide evidence to demonstrate that the hackers gave anything to the company identified as SOE-2. It does describe a close relationship between that Chinese company and the military unit involved in the hacking, alleging that one of the PLA hackers, Huang Zhenyu, built a database for the steelmaker to hold corporate intelligence about the iron and steel industries and U.S. companies.

Alcoa’s computer systems were targeted by the Chinese hackers in February 2008 following a Feb. 1 agreement with a Chinese company, SOE-3, to buy a stake in a foreign miner, according to the indictment. That may point to Aluminum Corp. of China, known as Chinalco, which with Alcoa, announced a $14 billion stake in Rio Tinto Group on Feb. 1, 2008, derailing a hostile bid by BHP Billiton. The U.S. charges that the hackers eventually infiltrated Alcoa’s network and stole 2,907 e-mail messages and 863 attachments, including discussions of the acquisition among  senior managers.

Chinalco spokesman Yuan Li called speculation that Chinalco is SOE-3 “groundless.” Alcoa spokeswoman Monica Orbe directed questions to the U.S. government.

The Chinese hackers also broke into computer systems of Westinghouse, which makes advanced nuclear power reactors, and stole technical designs for nuclear power plant pipe systems in late 2010 and 2011, according to the indictment. The break-in coincided with negotiations on technology transfers between Westinghouse and a Chinese state-owned nuclear power company, SOE-1, stemming from a 2007 agreement to build four nuclear power plants, the indictment says. Westinghouse signed such a deal (PDF) in 2007 with China’s State Nuclear Power Technology Corp.

In all, the hackers made off with the equivalent of 700,000 pages of e-mail messages and attachments from Westinghouse from 2010 to 2012, according to the indictment. Many of the messages related to Westinghouse’s strategy for business dealings with the Chinese nuclear company and to competition with it regarding the building of plants outside China, U.S. prosecutors alleged. The stolen technical specifications would enable a competitor to build a plant similar to Westinghouse’s advanced design without incurring significant research and development costs, the indictment says.

Three calls to the nuclear power company’s spokesman, Guo Hongbo, went unanswered. Sheila Holt, a spokeswoman for Westinghouse, did not immediately respond to an e-mail and a message on her mobile phone requesting comment.

As a first move, the case shows that the U.S. is getting serious about taking action against state-sponsored hackers, says Jason Weinstein, a partner at Steptoe & Johnson and a former U.S. deputy assistant attorney general. To truly discourage companies from using stolen information to their advantage, though, officials may have to take more concrete steps such as asset seizure, he says. “Companies that profit from the crimes committed by Chinese hackers … have to operate globally to be successful, and that gives the U.S. and other countries where they do business leverage to punish them for enabling and facilitating economic espionage.”

Marc Raimondi, a spokesman for the Justice Department, declined to comment on the specifics of the companies in the recent indictment. “We are pursuing investigations of anyone responsible for intrusions like this, including those who aid and abet them or conspire to commit them,” he said in a statement.

China suspended participation in a cybersecurity working group with the U.S. in response to the indictment and expressed its outrage. “China is firmly opposed to this, and we have urged the U.S. side to immediately correct its mistake and withdraw the ‘indictment,’ Foreign Ministry spokesman Hong Lei said at a press conference in Beijing.
—Dexter Roberts contributed reporting from Beijing


    Before it's here, it's on the Bloomberg Terminal.