iThe Chinese People’s Liberation Army attacks American companies every day to try to steal trade secrets and gain commercial advantage for state controlled businesses.
Gu Chunhui
Criminal hackers can cause tremendous damage, whether trained in China or not. If a high level expert, such as any member of China’s elite Unit 61398, aka Comment Crew, gets into your system, they can seize root control, and own it. They can then plant virtually undetectable back doors into your systems. This allows them to later come and go as they please.
A member of the Comment Crew could be in your computer system right now and you would not know it. For instance, Gu Chunhui, who often goes under the online alias, Kandy Goo, and is a high ranking military officer of Unit 61398, could be looking at your computer screen now. Captain Goo could be running programs in the background without your knowledge. Or he could be reading your email. He would be looking for some information of value to his country, or of value to any of the thousands of businesses controlled by the Chinese government. Captain Goo may have a cute Internet name, and look more like a movie star in a martial arts film than an army man, but do not be fooled. Do not underestimate his considerable computer skills and strong patriotic intent. Yes, breaking into your computer systems and stealing data is a matter of patriotic duty for him and other hackers trained by the government of communist China.
Unit 61398 of the Third Department of the Chinese People’s Liberation Army is reported to be the best of the best in China. Gu Chunhui is a determined military officer. Although DOJ documents show that Gu, like everybody else in Shanghai where he is stationed, takes a two hour break every day for lunch, he still works hard the rest of the day to break into your computer system and steal your data (and your client’s). He and others in Unit 61398 are armed and dangerous. They have both viruses and guns. They should not be taken for granted. All of the Unit 61398 Comment Crew, including Captain Goo, are very good at what they do. I am worried. You should be too.
Do not get me wrong, the Chinese government does not have a monopoly on black hat hacking. The whole idea was born in the United States. It could also just as easily be a criminal hacker from Russia, the Ukraine, Poland, Iran, or Syria, who has taken control of your system. It could be a teenager down the street. They could be from anywhere, although if they are after trade secrets, not money, it is probably one of the thousands of hackers who works for the Chinese government. It could even be one of the five officers in Unit 61398 in Shanghai that have been indicted by the DOJ.
DOJ’s 31 Count Criminal Indictment Against Five Military Officers of Unit 61398 of the Third Department of the Chinese People’s Liberation Army
Five military officers of Unit 61398, including Gu Chunhui, were indicted in 2014 by the Department of Justice for theft of commercial trade secrets from several large U.S. Corporations and a Union. No, they have not been arrested, nor is it likely they ever will be. This was more of a symbolic gesture than anything else, a wake-up call for American business. Still, at least one person in the U.S., a Chinese businessman, has been arrested and convicted of helping the Chinese government steal trade secrets. Businessman admits helping Chinese military hackers target U.S. contractors (Washington Post, 3/23/16).
The DOJ has also recently unsealed charges made against the Syrian Electronic Army — a hacking group that supports embattled Syrian President Bashar al-Assad. In addition, on March 24, 2016, the Manhattan U.S. Attorney announced charges against seven Iranians for conducting a coordinated campaign of cyber attacks against the U.S. financial sector on behalf of the Islamic Revolutionary Guard. A copy of the indictment of the Iranians is published here by the DOJ. It is a very dangerous world right now and very challenging to protect trade secrets.
The indictment against the Chinese Military officers is especially notable to the legal profession in that some of the secrets allegedly stolen include attorney-client communications. See the 31 count indictment against five Chinese military officers for details. The chart below provides a high level overview. Every count is against all five officers.
|
Count(s) |
Charge |
Statute |
Maximum Penalty |
|
1 |
Conspiring to commit computer fraud and abuse |
18 U.S.C. § 1030(b). |
10 years. |
|
2-9 |
Accessing (or attempting to access) a protected computer without authorization to obtain information for the purpose of commercial advantage and private financial gain. |
18 U.S.C. §§ 1030(a)(2)(C), 1030(c)(2)(B)(i)-(iii), and 2. |
5 years (each count). |
|
10-23 |
Transmitting a program, information, code, or command with the intent to cause damage to protected computers. |
18 U.S.C. §§ 1030(a)(5)(A), 1030(c)(4)(B), and 2. |
10 years (each count). |
|
24-29 |
Aggravated identity theft. |
18 U.S.C. §§ 1028A(a)(1), (b), (c)(4), and 2 |
2 years (mandatory consecutive). |
|
30 |
Economic espionage. |
18 U.S.C. §§ 1831(a)(2), (a)(4), and 2. |
15 years. |
|
31 |
Trade secret theft. |
18 U.S.C. §§ 1832(a)(2), (a)(4), and 2. |
10 years. |
The possibility, indeed probability of hacker attacks on law firms is one reason we outsource the holding of all large stores of our client’s electronic data in e-discovery. We put the ESI in the hands of a global vendor with one of the most secure facilities in the world. Feel free to ask me about it. Protection of client data is an important ethical duty of every attorney. We take it very seriously and conduct all of our work accordingly.
