The Shanghai address of 208 Datong Road is where five members of Unit 61398 of the People's Liberation Army were "assigned" to deploy a widespread spear-phishing (or "spearfishing") campaign to allegedly hack into leading US companies, according to a new indictment from Monday.
The President Barack Obama administration said Monday that the signals intelligence unit of the Chinese military scored private secrets from Alcoa, Westinghouse, United States Steel, Allegheny Technologies, and a steelworker union among others. If there was any top-secret, Chinese military hacking exploits used, the indictment [PDF] doesn't say. Instead, it appears that old-school trickery was employed to gain all kinds of secrets, including the designs to a nuclear power plant and access to executives' e-mail.
"The co-conspirators used e-mail messages known as 'spearfishing' messages to trick unwitting recipients into giving the co-conspirators access to their computers," according to the indictment, unsealed Monday in Pennsylvania. "Spearfishing messages were typically designed to resemble e-mails from trustworthy senders, like colleagues, and [they] encourage the recipients to open attached files or click on hyperlinks in the messages."
The links contained malware and provided a backdoor to "bypass normal authentication procedures in the future," according to the indictment.
In 2008, according to the indictment, the hackers sent e-mails to 19 senior employees at aluminum-maker Alcoa in Pennsylvania. The account of the sender impersonated a member of the company's board of directors. The message included malware in an attachment "disguised as an agenda for Alcoa's annual board meeting." The attack led to the theft of more than 2,900 e-mail messages and 863 attachments, "including internal messages among Alcoa senior managers" discussing a Chinese acquisition, according to the indictment.
In 2010, a sole employee of United States Steel was targeted with a spear-phishing e-mail. The attack provided "hostnames and descriptions for more than 1,700 servers, including servers that controlled physical access to the company's facilities and mobile device access to the company's networks." And in 2012, a spear-phishing attack allowed the hackers to access "network credentials for virtually every employee" at Allegheny Technologies, which has some 9,500 full-time workers in the aerospace, defense and "specialty materials solutions" sectors.
The indictment also said that the Chinese military gained access to Westinghouse secrets to build nuclear power plants and hijacked e-mails from its chief executive officer in 2010. Between 2010 and 2012, the Chinese military was accused of stealing a total of at least 1.4 gigabytes of data, "the equivalent of roughly 700,000 pages of e-mail messages and attachments, from Westinghouse's computers."
In 2012, when the trade group United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, and Allied Industrial and Services Workers International Union was publicly decrying alleged China auto-parts dumping practices, the hackers gained access to the union president's e-mail, according to the indictment. Some of the stolen messages included preparations for an upcoming news conference where the union publicized a "call to action" against China trading practices.