On 19 May the US Attorney General charged five officers of the Chinese People’s Liberation Army (PLA) with maliciously accessing the networks of six American companies and stealing intellectual property. The 56-page indictment, which features 31 counts, alleges that Wang Dong, Gu Chunhui (also known by their online profile names “UglyGorilla” and “KandyGoo” respectively), Sun Kailiang, Wen Xinyu, and Huang Zenyu, are allegedly responsible for cyber espionage against US firms dating back to 2006. The men belong to PLA Unit 61398, which is thought to be based on the Datong Road in Shanghai’s Pudong area. The indictment has been issued from the Western District of Pennsylvania on behalf of Westinghouse, Solarworld AG, US Steel, Allegheny Technologies Incorporated, United Steelworkers, and Alcoa Incorporated, which all have locations in the district, though it also refers to victims elsewhere in the US.
As the individuals concerned are extremely unlikely to be extradited, the indictment largely serves as a symbolic gesture – particularly with regard to the release of “Wanted” posters for the five individuals. Regardless, this latest development marks a significant escalation
Although a widely publicised report by the computer security firm Mandiant in February 2013 described Unit 61398 as a prolific cyber espionage outfit, the level of detail of this indictment – such as the reference to specific companies and the connection of the online profiles to real people – considerably surpasses Mandiant’s efforts. This feature is partly attributable to the two years the charges took to compile – of which a significant portion of time was spent convincing the victims publically to acknowledge the breaches. This fact also underlines the governmental commitment to confronting this issue. Whereas previously government sources have merely endorsed privately produced reports, they can now claim that the indictment represents an answer to previous Chinese rebuttals and invitations to provide some solid legal evidence for their accusations.
Despite this escalation, the Chinese response remained consistent in dismissing the allegations and accusing the US of hypocrisy, with state-supporting media outlets variously describing the US as “shameless” and a “mincing rascal”. An official statement on 19 May dismissed the charges as both “fabricated” and “a serious violation of the norms of international relations”. Furthermore, bilateral talks on cyber security were suspended and the US ambassador was summoned to explain the indictment. The fact that a reference to the Snowden leaks regarding the NSA’s activities – most recently its alleged eavesdropping on the communications of Huawei executives, assessed in the 3 April Monitor – is considered a legitimate rebuttal to these substantive accusations illustrates the degree to which the US has lost control of both the moral high ground and narrative on this subject.
Indeed, the nature of the indictment appears designed to claw back both these positions and divert the focus and column inches dedicated to Snowden back to the issue of foreign rather than domestic spying. This is illustrated by the explicit focus on industrial espionage as opposed to that on political and military targets, of which US authorities undoubtedly have similar evidence. Accordingly, the indictment emphasises this economic component by concentrating on specific breaches occurring within the context of the victims’ negotiations with their Chinese counterparts or refers to the competition between the two sets of firms. Similarly, US officials referred to the victims as “hard working men and women in Western Pennsylvania…who play by the rules and deserve a shot at a level playing field”, in order to reinforce this message.
Chinese authorities also stated on 20 May that a ban issued a week previously on the use of Windows 8 on government systems –claimed at the time to relate to Microsoft’s withdrawal of support for Windows XP, which remains popular in China – was instead made for security reasons. Regardless of the veracity of the assertion, the move can be seen to represent both China’s drive for increased technological independence (mirroring similar US bans on Huawei and Lenovo) and an attempt financially to penalise a US firm. However, the latter effect is lightly to be minimal, owing to the existing Chinese predilection for counterfeit Microsoft products rather than legitimate, and therefore revenue-generating, goods.
The likely legal impasse means that further such “retaliation” is likely to materialise in the coming period, which could involve further allegations or minor measures such as visa restrictions from both sides. We therefore repeat our earlier assessments that any such measures are likely to remain superficial in nature and thus unlikely to threaten wider relationships, while informal negotiations are likely to remain crucial to progress on this issue. Of potentially greater significance would be efforts by third parties to replicate the US’ actions in an attempt to highlight its supposed hypocrisy. These could include the NSA’s alleged targeting of Brazil’s state-run Petrobras oil firm, though the greater sophistication of any such operations means that such moves are likely to lack the evidential clout of the current indictment.
In any case, this development is unlikely to have a definitive effect in curtailing further Chinese attempts at intellectual property theft beyond the temporary hiatuses that have been observed following previous allegations. This reality can be attributed to the approach’s profitability, relative lack of repercussions, and the sheer scale and, contrary to common perceptions, the diffuse nature of the Chinese infrastructure in this regard. For example, US intelligence services are believed to regularly trace the activities of around 20 groups with similar capabilities, all of which report to different ministries and state-owned enterprises, meaning that one such disclosure will most certainly not stem the tide.