From: MIT Technology Review
A groundbreaking online-spying case unearths details that companies wish you didn’t know about how vital information slips away from them.
By David Talbot
On a wall facing dozens of cubicles at the FBI office in Pittsburgh, five guys from Shanghai stare from “Wanted” posters. Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui are, according to a federal indictment unsealed last year, agents of China’s People’s Liberation Army Unit 61398, who hacked into networks at American companies—U.S. Steel, Alcoa, Allegheny Technologies (ATI), Westinghouse—plus the biggest industrial labor union in North America, United Steelworkers, and the U.S. subsidiary of SolarWorld, a German solar-panel maker. Over several years, prosecutors say, the agents stole thousands of e-mails about business strategy, documents about unfair-trade cases some of the U.S. companies had filed against China, and even piping designs for nuclear power plants—all allegedly to benefit Chinese companies.
It is the first case the United States has brought against the perpetrators of alleged state-sponsored cyber-espionage, and it has revealed computer-security holes that companies rarely acknowledge in public. Although the attackers apparently routed their activities through innocent people’s computers and made other efforts to mask themselves, prosecutors traced the intrusions to a 12-story building in Shanghai and outed individual intelligence agents. There is little chance that arrests will be made, since the United States has no extradition agreements with China, but the U.S. government apparently hopes that naming actual agents—and demonstrating that tracing attacks is possible—will embarrass China and put other nations on notice, inhibiting future economic espionage.
Leave a Reply