Cyber Espionage Prosecution: U.S. v. Dong

Written by: Regina Paulose

The U.S. Department of Justice (DOJ) recently issued[1] indictments against five Chinese military officers. The indictments[2] charge each defendant with up to 30 counts which include crimes of conspiring to commit computer fraud and abuse, accessing or attempting to access a protected computer without authorization, transmitting a code (etc.) with intent to cause damage to computers, aggravated identity theft, economic espionage, and trade secret theft. Warrants have been issued for the arrest of the five men.

 

The victim entities in the indictment are all U.S. corporations who had “significant business interests” relating to China.[3]  The hacking has resulted in “job losses, plant closures, and billions of dollars to companies in lost research and development.”[4]

 

Victim entity Westinghouse was in the process of building four power plants in China. Defendant Sun is alleged to have “stolen confidential and proprietary technical and design specifications.”  Sun allegedly stole sensitive, confidential, emails from Westinghouse while they were pursuing related business ventures with the same Chinese entities. Sun is also indicted in relation to two more victim entities. Sun is alleged to have sent “phishing” emails to employees working at U.S. Steel on a trade case with Chinese Steel Companies. Another defendant, Wang, is alleged to have assisted with “targeting and exploiting vulnerable servers at U.S. Steel. Sun is alleged to have sent “spear phishing” emails to Alcoa Incorporated, an aluminum manufacturer, so that he could obtain access to the company’s computers.

 

Defendant Wen is alleged to have stolen thousands of files of competitive information from victim entity, Solarworld, which would have allowed Chinese competitor companies to target Solarworld’s business. Wen is also alleged to have gained access and stolen employee credentials from victim entity, Allegheny Technologies Incorporated. The indictment further alleges that Wen stole sensitive confidential emails from USW, another victim entity. The last two defendants Huang and Gu are alleged to have facilitated the above mentioned crimes by aiding the other defendants in perpetration of these crimes.

 

After the indictments were announced and the warrants issued, in a predictable sequence of events, China “halted dialogue” on cyber security issues with the U.S. and “threatened retaliation.”[5] This latest indictment is just another case in a long series of U.S. economic espionage prosecutions.[6]  In January 2014 a notable trial took place in Northern California District Court.[7] Prosecutors alleged that Walter Liew “paid former DuPont engineers to obtain trade secrets for the benefit of a state-owned Chinese company, Pangang Group. Liew allegedly used those secrets to help Pangang develop a white pigment – chloride-route titanium dioxide, also known as TiO2 – used to make a range of white-tinted products, including paper, paint and plastics.”[8] Defendant Liew was found guilty by a jury and will be sentenced by June 2014.[9]

 

Credit: cio.com

Credit: cio.com

 

Liew and Dong et al are similar because of the espionage elements in each, even though in Dong, the use of computer tools is central. “Espionage conducted in cyberspace is in many ways akin to traditional forms of espionage, the unauthorized access to confidential information by an individual or government. Illicit exfiltration of networked information can be conducted for intelligence gathering purposes, financial gains, or a combination of the two.”[10]  In addition, both are novel cases in each of their jurisdictions because of the involvement of the Chinese government.

 

Looking at this optimistically, Dong et al could become an important catalyst in demystifying cybercrime in U.S. courts. This could lead to a revamp in existing legislation so that cyber issues can be addressed in the context of the new trends. Extradition procedures on cybercrime will need to be addressed if prosecution is to be more than symbolic. The extradition procedures need to be examined given the fact that the majority of cybercrimes can take place outside the territory of the United States. In Europe, the Budapest Convention on Cybercrime follows the legal principle of “aut dedere aut judicare.” Mutual Legal Assistance in this Convention sets some minimal standard to follow. On a related note, is it possible that in cases such as Dong, where China refuses (at least so far) to extradite the defendants, that cybercrime cases may loan itself more to in absentia trials/proceedings?

 

We need to be aware of what other things lay in the dark. In the status quo, various groups are looking to build enterprises off of cyber espionage. Private “for hire” groups have been found in India, who can be paid to conduct cyber economic espionage or conduct other kinds of attacks.[11]  It is probably predictable that eventually (if not already) transnational organized crime groups will begin to capitalize on cyber economic espionage.

 

A silver lining to the prosecution of Dong et al would be if Congress is inspired to make reforms involving the National Security Agency so that the U.S. does not look entirely hypocritical.[12] The attempted prosecution of these cases tends to deflate arguments that the U.S. is guilty of militarizing cyber threats at all costs.[13] However, there is skepticism that the charges will not “yield” prosecutions, and that this move by the U.S. is merely a signal to China to take bilateral talks on cybersecurity seriously.[14]

 

It bears repeating that cybercrime is a destructive economic force. The global economic impact of this kind of behavior costs the international community somewhere from $375 billion to $575 billion dollars annually.[15] This issue is not only between the U.S. and China.  Cyber economic espionage is perpetrated by all nations and every country is vulnerable to attacks.

 

[1] These are referred to a “first of its kind” indictment by the DOJ. Kevin Johnson and Donna Leger, “US accuses China of Hacking Westinghouse, and U.S. Steel” USA Today, May 19, 2014, available at: http://www.usatoday.com/story/news/nation/2014/05/19/us-accuses-china-of-cyber-espionage/9273019/

[2] Summary of indictment information can be found at Department of Justice, “US Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage” Press Release, May 19, 2014, available at: http://www.justice.gov/opa/pr/2014/May/14-ag-528.html

[3] For specific wording of each count, please see, U.S. V. Dong, Kailiang, Xinyu, Zhenyu, and Chunhui, Western District of Pennslyvania, Criminal No. 14-118, Indictment, available at: http://www.justice.gov/iso/opa/resources/5122014519132358461949.pdf

[4] Ting Shi and Michael Riley, “China Halts Cybersecurity Cooperation After U.S. Spying Charges” Bloomberg News, May 20, 2014, available at: http://www.bloomberg.com/news/2014-05-20/china-suspends-cybersecurity-cooperation-with-u-s-after-charges.html

[5] Ting Shi and Michael Riley, “China Halts Cybersecurity Cooperation After U.S. Spying Charges” Bloomberg News, May 20, 2014, available at: http://www.bloomberg.com/news/2014-05-20/china-suspends-cybersecurity-cooperation-with-u-s-after-charges.html

[6] Trade Secrets Institute, Cases from Economic Espionage Act, http://tsi.brooklaw.edu/category/legal-basis-trade-secret-claims/economic-espionage-act

[7] United States of America vs. Walter Liew, Christina Liew et al., no. 11-cr-573, Northern District of California.

[8] Dan Levine, “Update 1 U.S. economic espionage trial over China allegations opens” Reuters,  January 8, 2014, available at: http://www.reuters.com/article/2014/01/08/dupont-espionage-trial-idUSL2N0KI1UP20140108

[9] Karen Gullo, “California Man Guilty of Stealing DuPont trade secrets” Bloomberg News, March 5, 2014, available at: http://www.bloomberg.com/news/2014-03-05/california-man-guilty-of-stealing-dupont-trade-secrets.html

[10] Kristin Finklea and Catherine Theohary, “Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement” Congressional Research Service, January 9, 2013, p. 7

[11] Ali Raza, “Espionage for hire Operation Hangover reveals new security unveils new Indian Cyber Threats” HackSurfer, available at: http://www.hacksurfer.com/articles/espionage-for-hire-operation-hangover-unveils-new-indian-cyber-threats

[12] Erik Kirschbaum, “Snowden says NSA engages in industrial espionage: TV” Reuters, January 26, 2014, available at: http://www.reuters.com/article/2014/01/26/us-security-snowden-germany-idUSBREA0P0DE20140126

[13] See Mary Ellen O’Connell, “Cyber Security without Cyber Warfare” J Conflict Security Law (Summer 2012) 17 (2): 187-209. doi: 10.1093/jcsl/krs017, available at: http://jcsl.oxfordjournals.org/content/17/2/187.full

[14] The Economist, “US Charges Military Officers with cyber-attacks” May 20, 2014, available at: http://country.eiu.com/article.aspx?articleid=1131827697&Country=China&topic=Politics&subtopic=Forecast&subsubtopic=International+relations&u=1&pid=1781882762&oid=1781882762&uid=1

[15] Center for Strategic and International Studies, “Net Losses: Estimating the Global Cost of Cybercrime” June 2014, p. 6, available at: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf

Advertisements