Blueprints to nuclear power plants. Business plans at a solar energy company. Key computers at steel manufacturers.
That's what Chinese hackers were looking for, according to federal prosecutors who have charged members of the Chinese military with cyber theft and more.
The 31-count indictment, revealed Monday, marks a dramatic escalation of U.S. government efforts to combat Chinese state-sponsored corporate espionage.
"The Chinese are going after every single economic advantage they can obtain," said former federal prosecutor Thomas Brown, now a cybersecurity expert with FTI Consulting. "Decades of time spent developing technologies are being ripped off and stolen everyday."
Here's what the feds say the Chinese hackers did:
- Stole the secret specs of Westinghouse AP1000 power plants, the most high-tech nuclear power plants in the world. Westinghouse is currently building four of them in China.
- Ransacked SolarWorld ( computers, swiping information about the solar panel maker's cash flow, manufacturing plans and costs. )
- Broke into PCs at U.S. Steel installed malware and identified computers that control physical access to buildings.
- Looted the network credentials for nearly every single employee at steelmaker Allegheny Technologies Incorporated (. )
- Spied on emails at steel manufacturer Alcoa ( a few weeks after it partnered with a Chinese state-owned enterprise. )
- Eavesdropped on emails at the United Steelworkers union during a trade dispute in China.
China has denied the allegations, saying it has never engaged in the cyber theft of trade secrets.
The kind of spying China is accused of can yield valuable information and give the country's businesses a much-needed boost. Westinghouse spent a significant amount of money designing the special pipes that are the defining feature of its AP1000 pressurized water reactor. Stealing those plans means that a Chinese nuclear plant builder might be able to skip costly research and development.
"How much money is spent on failures? The Chinese can avoid all that," said Christopher Tarbell, a former member of the FBI's cybercrime squad.
This is a particularly critical issue in the solar power industry, where Chinese manufacturers have flooded the global market with cheap solar panels and undercut U.S. firms. SolarWorld issued a statement thanking the U.S. Justice Department for stepping in.
"It's yet another example of the Chinese government's systematic campaign to seek unfair advantage in the U.S and global solar industry. Already, dozens of U.S. companies have closed operations, and thousands of U.S. employees have lost their jobs," SolarWorld said.
Why all the attention paid to steel? American metal is consistently better quality. It's not enough to melt iron ore, coal and limestone. Forging it is an art with highly-guarded secrets. Chinese manufacturers are good at making low-cost steel used in bridges, but American firms are better at making the lightweight versions used in fuel-efficient cars.
The steelworkers union called the revelation "troubling." Alcoa downplayed the news, saying "no material information was compromised." Westinghouse and U.S. Steel declined to comment.
In total, secretive economic attacks cost U.S. firms billions in lost profits and destroyed jobs, said cybersecurity expert David Kennedy, whose TrustedSec firm advises companies that have been attacked this way.
And once the hackers have breached a company's defenses, it's much easier to make the leap from data theft to outright sabotage. Hackers with access to the computers that control a factory's machines, for example, might be able to disrupt the production process just before a pivotal delivery deadline.
"That's not farfetched at all," warned Jonathan Pollet, a hacker who founded Red Tiger Security and advises energy companies.