On May 19, the United States District Court for the Western District of Pennsylvania unsealed a 31-count indictment charging five officers in the Chinese Army with crimes including conspiracy, aggravated identity theft, economic espionage, and trade secret theft. While most experts consider the chances of the five officers standing trial in the United States to be slim to none, the indictment does signal a high-profile escalation of DOJ efforts to combat hacking, cyber theft, and cyber espionage.
The indictment alleges that between 2006 and 2014, the five officers breached computer systems to steal sensitive trade secrets from major U.S. companies and a labor union. The victims included Westinghouse, U.S. Steel, Allegheny Technologies Inc., the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union, and Alcoa Inc. U.S. officials have been forthright in expressing their belief that the five officers acted with the approval of the Chinese government. “For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries,” said FBI Director James B. Comey.
While this indictment will certainly affect U.S.-China relations, it also provides valuable insights for U.S. companies facing cyber threats. First, the high level of detail in the fifty-page indictment confirms that U.S. law enforcement has a sophisticated understanding of cyber espionage and is increasing its aggressiveness to act against threats. Second, companies should be aware that, while internal theft remains the most common cyber threat, external threats are not limited to lone-wolf hackers looking to disrupt operations or breach payment systems. Rather, cyber threats can be organized, well-funded, state-sponsored and aimed at stealing a company’s most closely-guarded assets. And finally, the list of the victim companies in this indictment signals to companies that they are not alone in dealing with cyber threats.
To help minimize your risk of being the target of a cyber threat or to identify when you have become the victim of cyber espionage, consider the following steps:
- Routinely monitor your network for anomalies and security incidents.
- Minimize administrative privileges to only users who need them. Such users should use a separate unprivileged account for email and web browsing.
- Use application “black listing” (blocking) and “white listing” (approving) to help prevent unapproved programs from running.
- Engage outside counsel to ascertain the extent, nature, and possible source of the breach.
- Develop a strategy to quickly and carefully report certain cyber threats to law enforcement. While companies should continue to test and improve their internal defenses, some threats require the additional resources and legal tools available only to law enforcement.