As reported by The New York Times, the Justice Department on Monday indicted five members of the Chinese People’s Liberation Army and charged them with hacking into the networks of Westinghouse Electric, the United States Steel Corporation and other companies.
“We must say, ïEnough is enough'”
-Attorney General Eric H Holder, Jr.
The indictment alleges that since 2006, the cyberwarriors of the Peoples Liberation Army Unit 61398 headquartered in a 12-story building outside Shanghai have targeted Westinghouse Electric, the United States Steel Corporation and other companies, and systematically copied emails and infected their networks with malware.
“When a foreign nation uses military or intelligence resources and tools against an American executive or corporation to obtain trade secrets or sensitive business information for the benefit of its state-owned companies, we must say, ïEnough is enough,’ ” said Attorney General Eric H. Holder Jr.
The indictment serves as a needed reminder to U.S. companies that hackers don’t limit their targets to large financial institutions or military intelligence entities.
While the indictments are news, the notion of state-backed attacks on U.S. commercial targets is not. In an article last February, the New York Times cited a Mandiant report showing that Chinese attackers had drained terabytes of data from Coca-Cola and hacked computer security firm RSA.
Perhaps more alarmingly, there is also evidence that state-backed Chinese attackers have been shifting their focus to the public and energy sectors, hacking into organizations responsible for critical infrastructure like our electrical power grid, gas lines and waterworks.
While the indictment is largely symbolic since the Chinese government will almost certainly refuse to hand over the accused to U.S. authorities, it serves as a needed reminder to U.S. companies that attackers don’t limit their targets to large financial institutions or military intelligence entities.
If our critical infrastructure is compromised, we are all vulnerable. Creating better digital security measures should thus be a priority for all. That is why we have the stated mission of advancing mobile security worldwide – because, as the attack vectors grow and attackers diversify their targeted industries, we all need to be better prepared.