A run-down of exactly what "trade secrets" Chinese hackers are accused of stealing from U.S. metals and solar power companies, and a labor union
Five Chinese military hackers employed by the Chinese government were accused yesterday of infiltrating American companies and stealing trade secrets. By charging the men with economic espionage and identity theft, among other crimes, the Department of Justice has set the stage for a tense standoff with the Chinese government.
If the allegations are true, the Chinese government has aimed at the very heart of American enterprise. The apparent victims of the hacking are American titans: U.S. Steel, the nation’s oldest and biggest steel manufacturer and the lovechild of tycoons Andrew Carnegie and J.P. Morgan; Alcoa, the world’s third-largest aluminum maker; Westinghouse Electrical Company, one of the world’s leading nuclear power developers; SolarWorld AG a leading solar technology company ; and the United Steelworkers, among America’s most iconic labor unions.
The Chinese foreign ministry spokesman Qin Gang called the claims baseless, “made-up” and hypocritical, but the Justice Department is adamant.
But what exactly are the Chinese accused of stealing from these American corporations? And does it matter? Here’s exactly what the Department of Justice alleges the Chinese have actually taken:
1. Solar power technology
The hackers allegedly stole solar panel technological innovations and manufacturing metrics from Germany-based SolarWorld AG, enabling Chinese solar panel makers to hawk American- and German-developed research that had taken scientists years to bring to fruition. According to the Justice Department, the Chinese hacker Wen Xinyu stole thousands of emails and other files from three senior SolarWorld executives in 2012. Besides giving Chinese companies access to American technology, the information may have allowed the Chinese them to anticipate American regulators. “There were thousands of emails exfiltrated, many with sensitive data that would pose to serve all kinds of unfair advantages,” says Ben Santarris, director of strategic affairs at Solarworld AG.
2. Nuclear power plant technology
The Justice Department said the Chinese stole nuclear technology from electrical provider Westinghouse Electric Company, a Pennsylvania-based company that was negotiating technology to hand over to a Chinese state-owned enterprise. The hacker Sun Kailing supposedly gained access to the company’s computers and stole technical and design specifications on pipes, pipe supports and pipe routing, enabling Chinese competitors to build world-class nuclear power plant without doing the research themselves.
3. Inside information on U.S. business strategy
The hacking at Westinghouse began in 2010 and continued through 2011, even reaching the company’s CEO, according to the Justice Department. Some stolen emails also included information on the nuclear power company’s business strategy to reach a deal with the Chinese company. It’s a strategy that experts say Chinese hackers have used before, and it gives Chinese companies an advantage in negotiations. “If you had the ability to walk around the table to see what your competitor was going to bid and look at their notes and then go back and outbid them, that’s basically what they’ve done in the virtual world,” says George Kurtz, the CEO of CrowdStrike, a private security firm that tracks Chinese government-backed hackers.
4. Data enabling the Chinese to outwit U.S. regulators
U.S. companies, particularly in heavy industry and manufacturing, have faced a deluge of Chinese competing imports, much of which has been ruled “dumped” on U.S. shores, or unfairly imported at a below-market price. U.S. Steel, the largest steel company in the United States, has filed trade suits against the Chinese in order to impose tariffs and protect their markets.
In early 2010, just as U.S. Steel was participating in two international trade disputes with China over unfair steel imports, Sun Kailing allegedly sent a phishing email that installed malware on U.S. Steel employees’ computers, including its CEO at the time, John Surma. It could have given access to U.S. Steel’s litigation plans.
The United Steelworkers, a major U.S. labor union, saw their computers hack and had emails stolen from employees—including its president—that included sensitive strategic information, including internal discussions of how the USW would push its strategy to slow unfairly traded Chinese imports.
But these alleged crimes are only the tip of the iceberg, experts say. Hackers in China, Iran and Russia have repeatedly targeted broad swathes of the American economy, sucking up intellectual property and battling to outbid American corporations. “Pick a Fortune 1000 and they’ve all had it happen. They’ve all been targeted in one form or another or had an incident,” says Kurtz. “There are two types of companies: ones that know they’ve been hacked and the ones that just haven’t figured it out yet.”