US government prosecutors have been given the green light to lay criminal charges against five Chinese military officials accused of illegally hacking into the computers of six US companies and stealing their commercial trade secrets.
The US government announced the move on 19 May 2014 following an earlier unpublished finding by a grand jury in Pennsylvania that US prosecutors had sufficient evidence to try the accused men on 31 counts of criminal computer hacking and cyber theft.
This is the first time the US has taken criminal action against individual foreign officials for alleged hacking activities, although the case represents the culmination of several years of growing tensions between the US and China on the broader issue of commercial cyber espionage. The response from the Chinese government to this latest move by the US has been dramatic, with China calling the charges against its military officials absurd and accusing the US of double standards.
One of the alleged victims of the Chinese hackers was Westinghouse Electric Company, a world leading US-based nuclear power developer. According to the indictment (PDF, 3MB) handed down by the grand jury in Pennsylvania, in 2007 Westinghouse entered into an initial contract with a Chinese state-owned nuclear power company to construct and operate four nuclear power plants in China. During subsequent contractual negotiations between the parties, one of the accused Chinese hackers, Sun Kailiang, allegedly accessed Westinghouse’s computers and stole, among other things, proprietary and confidential technical and design specifications for pipes, pipe supports and pipe routing within the nuclear power plants that Westinghouse was contracted to build.
The information stolen from Westinghouse’s computers would enable a competitor to build plants similar to those being developed by Westinghouse, without the competitor having to incur the significant research and development costs that Westinghouse had done in creating its specifications. In total, the Chinese hackers allegedly stole 1.4 gigabytes worth of data from Westinghouse’s computer between 2010 and 2012, equivalent to about 700,000 pages of email messages and attachments.
It is unlikely the accused Chinese cyber-soldiers (who currently reside in China) will ever step foot on US soil to face the charges laid against them. It seems the US is more interested in the case being symbolic of it taking a tough stance against acts of cyber espionage designed to undermine the global competitiveness of US companies.
Many Australian companies doing business with or in China will no doubt be closely watching these latest US developments, particularly given the growing number of media reports that Australian companies and government agencies have also been victims of targeted Chinese cyber attacks. If the number and extent of the attacks reported in the media is true, it may not be long before the Australian government joins the US in voicing stern criticism of China over the issue.