Five Chinese Hackers on FBI Most Wanted List
Chinese hackers charged with taking part in cyber attacks against six US companies: (l-r) Sun Kailiang, Wang Dong, Huang Zhenyu, Wen Xinyu, Wang Dong and Gu ChunhuiFBI

The US government has charged five Chinese military officials with carrying out cyber-attacks against six US companies, one of which builds nuclear power plants.

A grand jury in the Western District of Pennsylvania indicted five Chinese military personnel on charges of computer hacking, economic espionage and other offences directed at six American companies involved in the nuclear power, metals and solar products industries.

"This is a case alleging economic espionage by members of the Chinese military and represents the first ever charges against a state actor for this type of hacking," US Attorney General Eric Holder said.

The US is alleging that Wang Dong, Sun Kailiang and Wen Xinyu were all officers in Unit 61398 of the Third Department of the Chinese People's Liberation Army (PLA) and were involved with others in the cyber-attacks on the six US companies.

The US is further charging Huang Zhenyu and Gu Chunhui - also members of Unit 61398 - with aiding the cyber-attacks by managing the infrastructure (such as domain names) during the attacks.

Economic advantage

This is the same PLA group which was identified by security company Mandiant in a report from February 2013, which detailed a seven year campaign of cyber-espionage against 141 companies, most of them located in the US.

The FBI, which carried out the investigation into the Chinese hackers, has taken the unusual step of publishing images of the five accused, including one of Sun and Chunhui in fully military uniform.

"For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries," said FBI Director James B. Comey. "The indictment announced today is an important step. But there are many more victims, and there is much more to be done."

This investigation is said to have been underway for more than a year and was a high priority for Barack Obama.

The most high profile of the six US companies which have allegedly been attacked is the nuclear power company Westinghouse Electric. According to the indictment which was unsealed on Monday, in 2010 Sun stole "confidential and proprietary technical and design specifications for pipes, pipe supports, and pipe routing" for four nuclear power plants the company was building in China.

The other companies which have allegedly been hacked by this group include SolarWorld, US Steel, Allegheny Technologies Inc, the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) and Alcoa Inc.

Jarno Limnell, director of cyber security at McAfee and a doctor of military science, said this is just the beginning of such actions:

"I see this as a starting point for legal processes concerning cyber espionage, and nation-states are following these processes very carefully since there aren't many precedents. New charges and trials will be seen in increasing numbers.

"At the same time we have to remember the meaning of espionage in today's world – stealing information - and if your information is stolen you´ll probably lose your competitive advantage [as a company as well as a nation].

"The consequences of cyber espionage can be remarkable. These legal processes can be both a dream and nightmare for lawyers."