The Obama administration on Monday confronted China over cyber spying by issuing a criminal indictment that is likely to inflame tensions between the world’s two largest economies.
Declaring “enough is enough,” the Justice Department charged five members of the Chinese military with stealing American trade secrets through online espionage.
The move was swiftly denounced by China but was greeted warmly by American corporations weary from an onslaught of cyberattacks that they say have robbed them of trade secrets and strategic plans.
The Justice Department said five members of the People’s Liberation Army based in Shanghai targeted six American companies in the nuclear, solar and metals industries from 2006-2014.
The spies allegedly stole information from industry titans like Alcoa, U.S. Steel and the United Steelworkers union. Trade secrets and business plans were then shuttled to U.S. firms’ Chinese competitors, including those owned by the Chinese government.
The indictment for cyber spying was the first of its kind brought against a foreign power.
The 31 different charges come with maximum penalties of more than 50 years in jail, though it is unlikely the hackers will ever see the inside of an American courtroom.
Still, the DOJ’s indictment raised the stakes with China and could lead to recriminations from Beijing.
Foreign Ministry spokesman Qin Gang said the indictment was based on “fabricated facts.”
“China is steadfast in upholding cybersecurity. The Chinese government, the Chinese military and their relevant personnel have never engaged or participated in cyber theft of trade secrets,” Qin said.
“The U.S. accusation against Chinese personnel is purely ungrounded and absurd.”
After the DOJ’s announcement, China immediately pulled out of a bilateral cyber working group and lodged a formal protest urging the U.S. to withdraw the charges.
A more aggressive response could be on the way, experts say, perhaps in the form of new cyberattacks.
“I think we’re going to see retaliation from the patriotic hackers in China,” said Richard Bejtlich, a security strategist with the cybersecurity company FireEye and nonresident senior fellow at the Brookings Institution.
Chinese offices associated with any of the U.S. companies could be prime targets of the new aggression, he said.
“There may even be repercussions against American individuals who the Chinese decide to name as American hackers,” Bejtlich added. “Maybe they work for the NSA [National Security Agency] or something like that.”
American companies have long alleged that they are under assault from China. Last year, the cybersecurity company Mandiant reported that it had found more than 140 instances of Chinese military hackers snooping into the work of American and other organizations.
White House press secretary Jay Carney said there has been a “growing concern” about hacking attacks that emanate from China.
Holder said the U.S. intends to use a full range of resources to protect American companies.
“This case should serve as a wake-up call to the seriousness of the ongoing cyber threat,” Holder said.
The five alleged hackers singled out Monday by the DOJ are housed within the Chinese military’s secret Unit 61398, an arm of the People’s Liberation Army that features a growing army of cyber hackers. Justice Department officials said they had been able to track the cyber spying back to the unit’s 12-story building in Shanghai.
Officials said they hoped the charges would lead other American victims of cyber theft to come forward and work with the government to take on the hackers.
“This 21st century burglary has to stop,” said U.S. Attorney David Hickton. “Hacking, spying and cyber theft for commercial advantage can and will be prosecuted criminally, even when the defendants are state actors.”
Industry analysts said that the possibility of bad press and negative stigma prevents many companies from telling the government that they had been hacked.
A 2011 report from the Office of the National Counterintelligence Executive said American companies have reported “an onslaught” of cyber intrusions from China that is costing them billions.
“When trade secrets are stolen, it certainly is lost profits; it can mean lost jobs, put entire businesses at risk,” said Chris Moore, the National Association of Manufacturers’ senior director of international policy.
Moore added that the trade group was “certainly pleased” to see the Justice Department filing charges.
A number of lawmakers on Monday praised the Justice Department’s move.
Senate Armed Services Committee Chairman Carl LevinCarl LevinDevin Nunes has jeopardized the oversight role of Congress Ted Cruz wants to destroy the Senate as we know it A package proposal for repatriation MORE (D-Mich.) said it was “long past time” to take action against the Chinese, and Sen. Angus KingAngus KingUnder pressure, Dems hold back Gorsuch support The Hill’s Whip List: Where Dems stand on Trump’s Supreme Court nominee Senate intel panel has not seen Nunes surveillance documents: lawmakers MORE (I-Maine) hoped it would boost a Senate effort to pass new cybersecurity legislation.
The charges might also spur momentum for other legislative efforts to crack down on cyber theft.
Sens. Chris CoonsChris CoonsSenators introduce new Iran sanctions Gorsuch sails on day one, but real test is Tuesday Live coverage: Supreme Court nominee hearings begin MORE (D-Del.) and Orrin HatchOrrin HatchOvernight Finance: US preps cases linking North Korea to Fed heist | GOP chair says Dodd-Frank a 2017 priority | Chamber pushes lawmakers on Trump's trade pick | Labor nominee faces Senate US Chamber urges quick vote on USTR nominee Lighthizer Live coverage: Day three of Supreme Court nominee hearing MORE (R-Utah) last month introduced a bill to give companies more power to protect their secrets and recover after their critical secrets have been stolen.
— This story was updated at 8 p.m.