recommended reading

U.S. Files Criminal Charges Against Chinese Military Officials for Hacking American Companies

Charles Dharapak/AP

The Department of Justice said it will charge five members of the Chinese military for hacking into American companies, marking the first time that U.S. is taking legal action against employees of a foreign government over cyber crimes. 

One unnamed military source told NBC that those accused "used military and intelligence facilities to commit cyber espionage against U.S. companies." U.S. officials have long pointed to China as the source of cyber attacks on American firms, per NBC, but never made such concrete charges before.

"Chinese actors are the world's most active and persistent perpetrators of economic espionage," said the Office of the National Counterintelligence Executive, a U.S. government agency, in a 2011 report. A year ago, several U.S. newspapers, including TheNew York Times and The Wall Street Journal, said hackers traced to China attacked their newsroom computer systems.

The accusations have flown both ways. The Washington Post reported back in March that China was not pleased with the U.S. government's treatment of its computer systems: 

Tensions over U.S. cyber operations intensified again last weekend after a report that the NSA had penetrated the networks of a Chinese telecommunications giant, Huawei Technologies, in search of evidence that it was involved in espionage operations for Beijing and to use its equipment to spy on adversaries such as Iran. After the disclosure, first reported by the New York Times and Der Spiegel, China demanded a halt to any such activity and called for an explanation.

Attorney General Eric Holder is set to announce more details of the criminal charges later today. The Wall Street Journal reports that the individuals charged apparently work for Unit 61398 of the People's Liberation Army in Shanghai, and stole proprietary information from yet-unnamed firms — including nuclear power plant designs, and information about solar panel cost and pricing.

Update 10:35 a.m.: In a press conference on Monday, Attorney General Eric Holder named the six companies affected by the hack: Westinghouse, Alcoa, U.S. Steel, the United Steel Workers Union, Allegheny Technologies Inc. and Solar World. Holder called the indictment a "groundbreaking step forward in addressing" the threat of cyber security. "Enough is enough," he added. 

Holder and the DOJ and FBI representatives said that the indictment outlines specific incidences where Chinese hacking has made it impossible for these companies to compete on a global scale. The loss of intellectual property, they say, has led to layoffs and other economic setbacks at home.

CNN is also reporting that the FBI joined police in several countries to arrest more than 100 hackers worldwide for using the malware known as Blackshades, in the culmination of a years-long investigation. Per CNN: 

The malware sells for as little as $40. It can be used to hijack computers remotely and turn on webcams, access hard drives and capture keystrokes to steal passwords without the victim's knowledge. Criminals have used it for everything from extortion to bank fraud, the FBI says.

The malware is one of the most popular softwares cyber criminals use to target victims. Holder said that another press conference will be held to discuss Blackshades later on Monday. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.