5 Chinese military indicted for cyber-stealing American nuclear power and other industrial secrets
Posted by William Byrnes on July 30, 2014
Speech delivered today link here, the juicy bits excerpted below with emphasis added.
I began my career as a prosecutor handling a wide range of crimes, but I have spent nearly a decade focusing on cyber issues – including as the National Coordinator of the Justice Department’s Computer Hacking and Intellectual Property, or “CHIP,” program. …
But we also emphasized that terrorists are not the only ones seeking to harm us online—there are other dangerous actors out there, including nation-states. We pointed to the growing use of botnets as a way to attack networks, infect computers, and inject spyware.
I could scarcely have guessed back in 2007 that by today the NCFTA would have aided in successful prosecutions of more than 300 cyber criminals worldwide. … “John Dillinger couldn’t do a thousand robberies in the same day in all 50 states in his pajamas halfway around the world. That’s the challenge we now face with the Internet.” …
[5 Chinese military indicted for cyber-stealing American nuclear power and other industrial secrets]
Earlier this summer, we announced unprecedented charges against five members of the Chinese military for computer hacking, economic espionage, and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.
What these charges allege is stealing from America’s heartland, literally and figuratively.
The charges allege that cyber thieves grabbed the hard work of companies right here in Pennsylvania. And they allege that the thieves targeted key American economic sectors, like metals and energy.
This is the true face of cyber economic espionage and of those it targets. This type of theft hurts American competitiveness by stealing what we work so hard for.
These charges against uniformed members of the Chinese military were the first of their kind. Some said they could not be brought. But this indictment alleges, with particularity, specific actions on specific days by specific actors to use their computers to steal valuable information from across our economy.
It alleges that while the men and women of our businesses spent their work-days innovating, creating, and developing strategies to compete in the global marketplace, these members of Unit 61398 spent their work days in Shanghai stealing the fruits of our labor.
It alleges that they stole information particularly beneficial to Chinese companies, and took communications that would provide competitors with key insight into the strategy and vulnerabilities of the victims.
We should not and will not stand idly by, tacitly giving permission to anyone to steal from us. We will hold accountable those who steal—no matter who they are, where they are, or whether they steal in person or through the Internet.
Because cyber crime affects us all, including those here in Pennsylvania who have suffered at the hands of cyber thieves.
While cases like the one brought here in Pittsburgh are extremely challenging, we proved that they are possible. The criminal justice system is a critical component of our nation’s cyber security strategy.
At the Justice Department, we follow the facts and evidence where they lead. Sometimes, the facts and evidence lead us to a lone hacker in the United States, or a sophisticated organized crime syndicate in Russia. And sometimes, they lead us to a uniformed member of the Chinese military.
Other times, as we recently saw, they may lead us to a foreign businessman alleged to have conspired to hack in and steal information from Boeing and other defense contractors.
Information that included more than six hundred thousand data files of sensitive information related to U.S. military aircraft and other defense matters.
And yet other times, they may lead to other types of criminals, like those investigated and prosecuted by DOJ’s Criminal Division for spyware, botnets, and similar conduct. …
Terrorists are also using cyberspace to further their goals. They are using it to communicate and plan. They are using it for propaganda and recruitment. And they are intent on getting to the point where they can conduct cyber attacks themselves.
That last category is a relatively new one. But we know that terrorists are looking to launch cyber attacks. They have that intent now.
Over the past few years, we have seen al-Qaeda issue calls for cyberattacks against networks such as the electric grid, comparing vulnerabilities in the United States’ critical cyber networks to the vulnerabilities in the country’s aviation system before 9/11.
If successful, terrorists could use cyber attacks to bring about economic or physical damage, or even, in extreme cases, serious injury or death. …
[Other Economic Espionage]
As just one example, in March, we successfully obtained a significant conviction against Walter Liew for economic espionage.
What Liew stole was something Americans see and use daily. Something that does not have a national security implication. Something that simply brings a profit.
Liew stole the formula for the color white from Dupont and passed it to a large Chinese state-owned company. Just this month, he was brought to justice — sentenced to 180 months’ incarceration and ordered to pay restitution of about half a million dollars. …
[National Security Cyber Specialists’ Network]
Most significantly, in 2012, we created and trained the National Security Cyber Specialists’ Network to focus on combating cyber threats to the national security.
This Network—known as NSCS—includes prosecutors from every U.S. Attorney’s Office around the country, along with experts from the Department’s Computer Crime and Intellectual Property Section (or “CCIPS”) and attorneys from across all parts of NSD. …
That’s how we were able to indict five members of the Third Department of the People’s Liberation Army. And now these men stand accused of cyber intrusions targeting a range of U.S. industries.
[GameOver Zeus botnet]
A great example is yet another Pittsburgh story. Back in June, our colleagues in the Criminal Division, the Western District of Pennsylvania, and the Bureau undertook an operation that disrupted the GameOver Zeus botnet.
This criminal threat was significant – losses attributable to the botnet were estimated to be more than $100 million. But disruption involved more than just criminal charges – it also involved civil court orders, significant information sharing, and seizures of servers in many foreign countries….
Through the FBI’s InfraGard, the FBI works closely with companies that have been the victims of hackers.
That program, which has grown to more than 25,000 active members, continues to bring together individuals in law enforcement, government, the private sector, and academia to talk about how to protect our critical infrastructure.