China denounces US cyber-theft charges

[kseeker]

US justice department charges Chinese with hacking

Attorney General Eric Holder: "This case should serve as a wake-up call to the seriousness of the ongoing cyber threat"

The US has charged five Chinese army officers with hacking into private-sector American companies in a bid for competitive advantage, in the first cyber-espionage case of its kind.

Attorney General Eric Holder said the alleged breaches were "significant" and demanded "an aggressive response".

US prosecutors say the officers stole trade secrets and internal documents from five companies and a labour union.

China denied the charges and warned the case would harm US-China relations.

Potentially more victims

In Washington on Monday, Mr Holder said the hacking charges laid against the Chinese nationals were the first against "known state actors for infiltrating US commercial targets by cyber means".

He identified the alleged victims as Westinghouse Electric, US Steel, Alcoa Inc, Allegheny Technologies, SolarWorld and the US Steelworkers Union.

"The alleged hacking appears to have been conducted for no reason other than to advantage state-owned companies and other interests in China, at the expense of businesses here in the United States," Mr Holder said.

In response, the Chinese government said its "stance on the issue of internet security is consistent and clear".

Foreign ministry spokesman Qin Gang said the allegations were "made up" and would "damage Sino-American cooperation and mutual trust".

"China is a staunch defender of network security, and the Chinese government, military and associated personnel have never engaged in online theft of trade secrets," he said.

In an indictment in the western district of Pennsylvania, the heart of the US steel industry, the US named Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, all officers in Unit 61398 of the Chinese People's Liberation Army (PLA), as the alleged conspirators.

'Categorical' denunciation

FBI officials said the hacking in the years 2006-14 caused "significant losses" at the companies and that there were likely many more victims.

And Mr Holder said the US government "categorically denounces" economic espionage as a trade tactic.

"As President Obama has said on numerous occasions, we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors," Mr Holder said.

The move is seen as largely symbolic, as five men accused are unlikely to be extradited to the US to faces the charges in court.

John Carlin, head of the justice department's national security division, said, "For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses."

"While the men and women of our American businesses spent their business days innovating, creating, and developing strategies to compete in the global marketplace, these members of unit 61398 spent their business days in Shanghai stealing the fruits of our labour," Mr Carlin said.

For example, Mr Carlin said that as SolarWorld, a maker of solar panels and accessories, was rapidly losing market share to cheaply priced Chinese competitors, the hackers were stealing documents on pricing strategy from them.

'Real threat'

While Westinghouse was negotiating a deal with a Chinese state-owned firm to build nuclear power plants, Unit 61398 stole secret designs for plant components, he said.

"In the past, when we brought concerns such as these to Chinese government officials, they responded by publicly challenging us to provide hard evidence of their hacking that could stand up in court," Mr Carlin said.

"Well today, we are."

Last year, cyber-defence company Mandiant published a report on a Chinese military unit the firm said was behind the vast majority of significant attacks on American federal agencies and companies.

In March, Defence Secretary Chuck Hagel said the Pentagon planned to more than triple its cyber-security capabilities in the next few years to defend against such internet attacks.

US President Barack Obama has called cyber attacks a "real threat" to US security and its economy.

The "faces and names" behind the keyboards in Shangai, according to a US official

BBC News - US justice department charges Chinese with hacking

 

[pmaitra]

China denounces US cyber-theft charges

The FBI issued a "Wanted" poster for the five army officers

Beijing said it had "never engaged or participated" in cyber theft and that the charges would damage co-operation between the two countries.

China has summoned the US ambassador to Beijing over the incident, the state news agency Xinhua reports.

US prosecutors say the officers stole trade secrets and internal documents from five companies and a labour union.

But the Chinese foreign ministry urged Washington to "immediately correct its mistakes" and withdraw the charges.

Source: BBC News - China denounces US cyber-theft charges

[HR][/HR]

Well, well, well; so it is ok for NSA to snoop into Angela Merkel's Blackberry, but not ok for China to allegedly do the same.

"Do as I say, not do as I do"

On the other hand, how secure are Indian telecom networks from snooping?

 

[Free Karma]

On the other hand, how secure are Indian telecom networks from snooping?

This should tell you how secure it is...
Cyberspying: Government may ban Gmail for official communication - The Times of India

Well....it's a start.
For a long time the bsnl website was not protected against sql injection, we could details and all personal details of the staff using basic sql injection from the user login screen. Hopefully the new govt can actually take things like this more seriously,.

 

[Glint]

Cyber-espionage against U.S. firms

Chinese military unit charged with cyber-espionage against U.S. firms



The Justice Department has indicted five members of the Chinese military on charges of hacking into computers and stealing valuable trade secrets from leading steel, nuclear plant and solar power firms, marking the first time that the United States has leveled such criminal charges against a foreign country.

The landmark case paves the way for more indictments and demonstrates that the United States is serious about holding foreign governments accountable for crimes committed in cyberspace, officials said at a news conference Monday

The Obama administration "will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market," Attorney General Eric H. Holder Jr. said.

The decision to confront China grew out of a White House strategy formulated two years ago to impose increasing costs on Beijing if it didn't respond to requests to stop its widespread hacking for commercial advantage. The indictment is intended to address what President Obama and senior intelligence officials have called one of the top threats to national and economic security, with an estimated annual cost to the U.S. economy that ranges from the tens of billions of dollars to more than $100 billion.

The criminal charges provoked a response from Beijing, which said Monday that it was suspending high-level cyber talks with the United States that began in June.

China has summoned the U.S. ambassador over the hacking charges. According to an online notice posted Tuesday by state-run Xinhua on Weibo, Assistant Foreign Minister Zheng Zeguang summoned Abassador Max Baucus to complain that U.S. authorities published their indictment ignoring the strong protests by Chinese authorities.

"Given the lack of sincerity by the United States for cooperation to solve cyber security problems through dialogue, China has decided to suspend the activities of the Sino-U.S. Cyber Working Group," Foreign Ministry Spokesman Qin Gang said in a statement.

The charges are "purely ungrounded and absurd," Qin said. He added that the United States had "fabricated facts" in the indictment, which he said "seriously violates basic norms of international relations and damages Sino-U.S. cooperation and mutual trust."

The leaks from former National Security Agency contractor Edward Snowden already had complicated the talks. Beijing has pointed to disclosures by Snowden of vast NSA surveillance activities — including spying on Chinese companies — to assert that the United States is the greater aggressor in the area.

State Department spokeswoman Jen Psaki said, "We regret China's decisions." But she added that she does not think the development will affect strategic and economic dialogue meetings with China, scheduled for early July.

The indictment, which was filed May 1, charges five officials in the People's Liberation Army (PLA) — hackers with handles such as UglyGorilla and KandyGoo — with computer fraud, conspiracy to commit computer fraud, damaging a computer, aggravated identity theft and economic espionage.

China has no extradition treaty with the United States and none of the suspects is likely to see aa U.S. courtroom. Nonetheless, Holder said he hopes Beijing will "respect our criminal justice system and let justice take its course."

The indictment is the result of years of work, officials said, in which investigators followed a complex trail of computer bits to one building in one Chinese city.

That nondescript 12-story building under military guard in the Pudong New Area of Shanghai is home to Unit 61398 — part of the PLA and identified by researchers as one of the most prolific hacking crews targeting Western companies' trade secrets and intellectual property.

The 56-page indictment describes the hacking of five companies and a trade union. All but one are located in the Western District of Pennsylvania, where the charges were brought.

The companies — which include U.S. Steel, the country's largest steelmaker, and Alcoa, the largest aluminum manufacturer — agreed to come forward, bucking what for years had been a reluctance by many firms to acknowledge that they had been hacked for fear of shareholder lawsuits and damage to reputation.

"There has come a point at which enough is enough," said David Hickton, U.S. attorney for the Western District of Pennsylvania. "The companies are tired of being raided."

The other companies are Westinghouse Electric, which builds nuclear power plants; Allegheny Technologies, a metals manufacturer; and SolarWorld, which makes solar products in Hillsboro, Ore. Also hit was the United Steelworkers union, which opposes Chinese trade practices.

The indictment alleges that the hackers stole trade secrets that would have been particularly beneficial to Chinese companies.
PLA member Wen Xinyu — also known as "WinXYHappy" — hacked SolarWorld's computers and stole thousands of files containing cost and pricing information, prosecutors allege. Hackers took detailed production information that could help a competitor shorten its research and development timeline.

The American company rapidly lost market share to Chinese competitors that were accused of systematically pricing exports well below production costs.

After a complaint from SolarWorld, the Commerce Department and the U.S. International Trade Commission found that China had "dumped" solar products in the U.S. market.

In another case, defendant Wang Dong — or UglyGorilla — gained access to a U.S. Steel computer, which allowed him to steal descriptions for more than 1,700 other company computers and worm his way into vulnerable machines, according to the indictment. He gained access after fellow PLA hacker Sun Kailiang, also known as Jack Sun, sent spear-phishing e-mails to employees, including one purporting to be from the firm's chief executive. The
e-mails contained malware that, when clicked on, surreptitiously loaded onto employees' computers and allowed back-door access.

John Carlin, the assistant attorney general for national security, said the Chinese have long challenged U.S. officials to provide hard evidence of their data theft that could stand up in court. "Well today, we are," he said. "For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses."

Although the indictment does not name the state-owned enterprises that may have benefited from the espionage, according to open-source literature, they are State Nuclear Power Technology, the Baosteel Group and the Aluminum Corporation of China, which is commonly known as Chinalco.

James Lewis, a cyber policy expert with the Center for Strategic and International Studies, said China's withdrawal from the talks was "childish" and a mistake. "If you want to get the United States to do something different, you don't say, 'I'm not going to talk to you,' " he said.

Lewis said he thinks that China will find ways to retaliate but that it cannot go too far. "Their economy is weaker than ours now," he said. "Now is not the time for the Chinese to go full-bore in retaliation."

Dmitri Alperovitch, co-founder of the CrowdStrike cybersecurity firm, said the indictments will send a signal to U.S. companies that have thought that the government could not do anything to hold state-sponsored hackers accountable. "Now they can look at these indictments and say, 'Hey, if I want these people to be punished, the U.S. government is willing to step up and do it,' " he said. "That's a very important message."



Wan reported from Beijing. William Branigin and Karen DeYoung in Washington contributed to this report..

U.S. announces first charges against foreign country in connection with cyberspying - The Washington Post