The U.S. Department of Justice (DOJ) on Tuesday unsealed an 11-count indictment against two Chinese nationals accused of running a global hacking campaign for both personal gain and the benefit of the Chinese state.
American companies researching vaccines for the Wuhan coronavirus were among the hundreds of entities they allegedly targeted for data theft.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cyber-criminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including COVID-19 [Wuhan coronavirus] research,” DOJ national security division chief John Demers said when announcing the indictments.
“China is determined to use every means at its disposal – including the theft of intellectual property from U.S. companies, labs, and universities – to degrade the United States’ economic, technological, and military advantages. The scale and scope of the hacking activity sponsored by the PRC [People’s Republic of China] intelligence services against the United States and our international partners is unlike any other threat we’re facing today,” FBI Deputy Director David Bowditch warned.
Bowditch, like Demers, said the case is a landmark because it illustrates how Chinese intelligence services are using ostensibly “private” or “rogue” hackers to accomplish the Chinese Communist Party’s (CCP) cyber-espionage objectives – a practice Western intelligence agencies refer to as a “blended threat.”
Bowditch said China uses its economic influence to intimidate victimized individuals, corporations, and governments out of exposing the CCP’s actions. Demers said China is “providing a safe haven for criminal hackers” who repay the Chinese government’s indulgence by working as “on-call” cyber-espionage agents.
The accused individuals are 34-year-old Li Xiaoyu and 33-year-old Dong Jiazhi, formerly classmates in computer science at a university in Chengdu, China.
According to the FBI, Li and Dong perpetrated a number of cyber-crimes for their own enrichment, such as holding sensitive data hostage and demanding a ransom paid in cryptocurrency.
Beginning in 2009, the duo also stole “terabytes of data from hundreds of targets” at the behest of the Chinese Ministry of State Security (MSS), according to the indictments. The indictment included evidence that the hackers used advanced malware tools provided to them by MSS officials, such as an incident in which Li and Dong attacked the email server of a Burmese human rights organization using a previously unknown “zero-day” package of virus software.
They stole “a huge array of sensitive and valuable trade secrets, technologies, data, and personal information” from a long list of victims, ranging from the U.S. Department of Energy to tech companies, manufacturing concerns, engineering firms, and video game studios in the United States, Europe, Asia, and Australia. The value of the data and intellectual property they plundered was valued at hundreds of millions of dollars by FBI analysts.
“The complicated nature of cyber investigations is only exacerbated when the criminal is backed by the resources of a foreign government. The nature and value of the material stolen by these hackers cannot just be measured in dollars and was indicative of being state driven,” said FBI Special Agent in Charge Raymond Duda of the Seattle division.
Some of the individuals the hackers allegedly targeted were dissidents, clergy, pro-democracy reformers, and human rights activists critical of the Chinese government, working both inside China and outside its borders. The indictments charge that personal information about these people, sometimes including email account names and passwords, was passed along to the MSS.
One of these political targets identified is a survivor of the Tiananmen Square massacre. Others are Hong Kong dissidents the hackers allegedly monitored shortly before Beijing imposed a draconian new national security law on the city.
“Unfortunately, China doesn’t just use its hackers to target R&D or intellectual property. As we demonstrate in the indictment, China is also willing to use their intelligence services’ cyber capabilities to target Chinese dissidents outside of China and protesters supporting democracy and human rights in Hong Kong,” FBI Deputy Director Bowditch said.
“More recently, the defendants probed for vulnerabilities in computer networks of companies developing COVID-19 vaccines, testing technology and treatments,” the indictment noted. According to the FBI, these efforts were unsuccessful.
The Chinese government reacted with fury to the indictments, demanding the U.S. government stop accusing China of committing cyber crimes.