WASHINGTON (AP) -- The Obama administration has brought unprecedented criminal charges against five officials in the Chinese military for hacking into private U.S. companies' systems and stealing trade secrets. It was the first time the U.S. has revealed any evidence the Chinese government was going after American companies' private information for economic gain.
Q. What happened?
A. A federal grand jury in Pittsburgh charged five Chinese military officials with hacking into six U.S. companies' systems, conducting economic espionage and stealing trade secrets. The targeted companies are leaders in the nation's nuclear power, metals and solar products industries: Alcoa World Alumina, the nation's largest producer of aluminum; Westinghouse Electric Co., one of the world's leaders in the development of nuclear power technology; Allegheny Technologies, a large metals company; U.S. Steel Corp., the largest steel company in the U.S.; United Steelworkers Union, the biggest industrial labor union in the U.S.; and SolarWorld, which makes solar products.
Q. Why is it significant?
A. The indictment is the first of its kind. It fulfills a longtime Obama administration promise to bring charges against nation-state hackers.
The U.S. has brought economic espionage charges against individuals before, but this is believed to be the first time the U.S. has accused members of a foreign government's military with hacking into U.S. companies without ever stepping foot in the country. The U.S. has long been concerned about cyber threats coming from China. The Chinese government has said there should be no finger-pointing without evidence.
Q. How did they pull it off?
A. At least in some instances, the alleged hackers were accused of "spear-phishing," or tricking employees into opening an infected email. In one case, the U.S. said they created a fake email account under the misspelled name of a then-Alcoa board of director -- apparently it was Nissan chief executive Carlos Ghosn -- and fooled an employee into opening an infected email attachment called "agenda.zip" that let the hackers inside the company's network. In another case, a hacker emailed U.S. Steel employees with a link to a report about industry observations, but clicking the link quietly installed malicious software that unlocked the company's network.
Q. Who were these guys?
A. The U.S. says they operated under hacker aliases such as "KandyGoo" and "Jack Sun." At least one of them, identified as Wang Dong, known as "Ugly Gorilla," was described more than a year ago in a landmark report by U.S. security vendor Mandiant as being one of dozens, if not hundreds, of Chinese hackers who were "likely government-sponsored and one of the most persistent of China's cyber threat actors."
Q. What are the chances the five Chinese military officials will ever see the inside of a U.S. courtroom?
A. Very slim. No one really expects China to turn them over to the U.S. The Justice Department said it intends to bring them to the U.S. to face a trial, but Attorney General Eric Holder said it's never clear how things will play out. The U.S. and China have no formal extradition treaty.
Q. What happens if they don't?
A. "Absolutely nothing," said Mark Rasch, a former U.S. cybercrimes prosecutor. But the indictment -- and any formal request for extradition -- puts China on the defensive until the charges are resolved.
Q. What does this mean for U.S. relations with China?
A. It is expected to put further strains on the relationship, and the Chinese will likely accuse Americans of hacking into their systems.
"Everybody now is going to jump into the act, using their own criminal laws to go after what other countries are doing," Rasch said.
Q. The U.S. denies that it engages in a type of economic espionage that it's accusing China of doing. Is that credible?
A. In Monday's indictment, the U.S. is trying to distinguish between national espionage and economic espionage that's intended to help private companies or industry.
Unlike in some foreign countries, there are no nationalized U.S. industries. American officials, including U.S. intelligence officials and members of Congress, have denied that the government spies on foreign companies and then hands over such commercially valuable information to American companies, such as stealing an Airbus jet design and giving it to Boeing. There is no evidence this happens in the United States.
However, China's Internet information agency said Tuesday that Chinese networks and websites have been the target of thousands of hacking attacks from computers in the United States.
If the U.S. government were to steal the specifications for a new foreign fighter jet, it would almost certainly reveal such information to the defense contractor selected to build a U.S. jet that would fly against it in combat.
Associated Press writers Eric Tucker and Matthew Lee contributed to this story.