Unit 61398 Indictment Exposes Real Faces and Names Behind Shanghai Keyboards Used To Steal from U.S. Businesses

“For the first time, we have exposed the real faces and names behind the keyboards in Shanghai used to steal from American businesses,” said John Carlin, assistant attorney general for national security, at a Brookings event today. “This is not conduct that responsible nations within the global economic community should tolerate,” he continued. The event, sponsored by the Governance Studies program at Brookings, featured a conversation with Mr. Carlin moderated by Senior Fellow Benjamin Wittes, editor-in-chief of Lawfare.

Carlin said that, at the U.S. Justice Department, “we follow the facts and evidence where they lead.” Continuing:

Sometimes, the facts and evidence lead us to a lone hacker in a basement in the U.S., or an organized crime syndicate in Russia. And sometimes, they lead us to a uniformed member of the Chinese military. But, no matter where they lead, there can be no free passes. We should not stand idly by, tacitly giving permission to anyone to steal from us. We will hold accountable those who steal—no matter who they are, where they are, or whether they steal in person or through the Internet.

Because cybercrime has real victims.

“The criminal justice system must be a critical component of our nation’s cybersecurity strategy,” he said. “As long as criminals continue stealing from American businesses, we will continue pursuing those criminals.”

Carlin explained the origin of the Justice Department’s National Security Division, authorized by Congress in 2006 and which focuses on cyber threats to national security. One of its efforts, the National Security Cyber Specialists’ Network, is a network of prosecutors from every U.S. Attorney’s Office and other experts using a counterterrorism model to “make a tangible impact on U.S. cybersecurity efforts through criminal investigation and prosecution.”

This network collaborated with the FBI to bring an indictment against five members of Unit 61398, a special unit of China’s People’s Liberation Army long suspected of cyber espionage activities, of stealing intellectual property and supplying the information to Chinese state-owned enterprises. “These men,” explained Carlin,

stand accused of cyber intrusions targeting a range of U.S. industries. The indictment alleges, with particularity, specific actions on specific days by specific actors to use their computers to steal information from across our economy. It alleges that while the men and women of our American businesses spent their business days innovating, creating, and developing strategies to compete in the global marketplace, these members of Unit 61398 spent their business days in Shanghai stealing the fruits of Americans’ labor. It alleges that they stole information particularly beneficial to Chinese companies, and took communications that would provide competitors with key insight into the strategy and vulnerabilities of the victims.

In the face of Chinese denials of the allegations and a challenge to present “hard evidence, evidence that could stand up in court,” Carlin said that:

We are confident that we have the evidence to back up these specific accusations in a court of law. Read the indictment. It is particular. For the first time, we have exposed the real faces and names behind the keyboards in Shanghai used to steal from American businesses. This is not conduct that responsible nations within the global economic community should tolerate.

In the United States, we believe that individuals and companies are entitled to the results of our creativity, including our property—and intellectual property. And we believe their work should not simply be taken from them and given to others. This is not a uniquely American value. Individuals around the world believe that people shouldn’t take what others make.

“In short,” Carlin asserted, “we allege the members of Unit 61398 committed theft, pure and simple.”

Carlin also described his department’s efforts against Blackshades as well as a jury conviction against Walter Liew, convicted of passing intellectual property secrets to a Chinese state-owned company.

Citing the threat of economic espionage as “serious,” amounting to more than $300 billion in monetary losses, in addition to job losses, for the United States each year, Carlin said that “We will no longer permit safe havens. Individuals, wherever they are, cannot avoid the consequences of their actions simply by capitalizing on 21st century tools and operating from the comfort of their desks half a world away.”

These indictments, Carlin explained, can deter potential criminals, and even if those charged are never arrested, “laying bare this criminal activity takes it out of the shadows.”

In conclusion, Carlin offered that we must acknowledge that prosecution alone is, ultimately, just one tool in the broader tool set for addressing the cyber threat. Prosecutions alone will not solve the problem. Trust in government depends, in part, on our ability to defend, protect, and obtain justice for our citizens. Indictments and prosecutions are one clear and powerful way in which we the people, governed by the rule of law, legitimize and prove our allegations. And those actions have real consequences for the criminals they target, and deter those who might otherwise become criminals in the future.

Visit Lawfare for full video and a copy of Carlin’s prepared remarks