U.S. Charges Chinese Agents In Hacking Scheme, More Cases Expected (#GotBitcoin?)
Prosecutors targeting hacking group previously linked to Beijing.
Federal prosecutors unsealed charges against 10 Chinese intelligence officers and other individuals Tuesday, accusing them of engaging in a persistent campaign to hack into U.S. aviation companies in Arizona, Massachusetts, Oregon and elsewhere. U.S. Charges Chinese Agents In Hacking Scheme, More Cases Expected
Officials described the case as part of a push by the Trump administration to highlight what U.S. authorities say are China’s continuing efforts to steal information from American companies through cyberattacks and on-the-ground recruiting.
Prosecutors are also expected to announce charges in coming days against another set of hackers linked to the Chinese government. Those hackers have allegedly targeted information-technology service providers for the purposes of espionage and intellectual-property theft, according to people familiar with the matter.
Private-sector cybersecurity researchers have previously identified those attacks as the work of a hacking enterprise known as “APT 10” or “cloudhopper,” which they link to Beijing.
“This is just the beginning,” the head of the Justice Department’s national security division, John Demers, said in announcing Tuesday’s case. The defendants, who are not in U.S. custody and believed to be overseas, are accused of trying to steal information about how to build a certain type of aircraft engine that a Chinese state-owned company was also working to develop.
The case comes weeks after U.S. authorities won the rare extradition of a Chinese intelligence operative accused of a related scheme to obtain technical information from employees of GE Aviation and other American companies about aircraft-engine design and production. The officer in that case, Yanjun Xu, has pleaded not guilty.
U.S. prosecutors describe both Mr. Xu and the officers named in the new indictment as members of a regional unit of China’s Ministry of State Security, or MSS. The officers and people working for them who were charged in the indictment attempted to hack into companies that built parts for the turbofan engine from 2010 through at least May 2015, the indictment says.
A few months later, in September 2015, then-President Barack Obama and Chinese President Xi Jinping signed an accord pledging not to conduct cyber operations against one another for economic espionage. Cases in the coming months are expected to accuse Beijing of violating that accord, said people familiar with the cases.
Some private cybersecurity researchers believe China violated that pact since President Trump took office, as trade hostilities between the two countries have ratcheted up. Others question whether the Chinese activity ever truly declined.
“In our perspective, they are in full violation of the deal,” said Dmitri Alperovitch, co-founder of the U.S.-based cyber firm CrowdStrike. Mr. Alperovitch said that hackers were targeting “virtually every industry of interest to the Chinese,” including energy, defense, technology, transportation and hospitality.
The MSS hackers named in Tuesday’s indictment focused on an engine for commercial airliners that a French aerospace manufacturer was developing in conjunction with a U.S. company, prosecutors said.
The Chinese officers directed a Chinese national who worked at the French company to infect the company’s computers with malware, according to the indictment, telling him, “I’ll bring the horse to you tonight,” referring to Trojan horse malware.
When law enforcement notified the French company, which isn’t named in the indictment, another Chinese national working there deleted a domain name linked to the MSS group to minimize the agents’ exposure, prosecutors said.
The defendants, including the two employees, couldn’t immediately be located for comment.
The indictment, dated October 25, was unsealed Tuesday as a bipartisan group of eight senators sent a letter to Treasury Secretary Steven Mnuchin urging an executive order to impose sanctions on Beijing for its “ongoing cybertheft of the United States’ intellectual property and the impact this has had on the ability of American firms to compete internationally.”
Former U.S. officials said the Trump administration should respond forcefully if China is found to have violated the 2015 accord. Some faulted the White House for creating a more combative relationship with Beijing that may have provoked a surge in Chinese hacking activity.
“One of the reasons China agreed to this in the first place is that they were getting something out of it,” said Chris Painter, who ran the State Department’s cyber office in the Obama administration. “Now that things are more conflict-laden, they don’t have incentive to abide by the agreement.”
The White House and National Security Council didn’t immediately respond to requests for comment.
Tuesday’s indictment landed as the White House has sought to refocus the conversation on cybersecurity threats posed by China rather than Russia. Mr. Trump and Vice President Pence have said in recent weeks that China is attempting to interfere in U.S. elections, but intelligence officials said they have seen little evidence of such an operation.
Still, China remains a top adversary in the more traditional commercial cybersecurity, officials said.
In October, the Department of Homeland Security warned of an active hacking campaign targeting technology service-providers in various industries. The alert didn’t name China, but cybersecurity researchers have previously linked the group involved, APT 10, to Beijing.
That campaign is “a serious concern,” Rob Joyce, senior adviser for cybersecurity at the National Security Agency, said in an interview earlier this month. “It’s broad-based exploitation. If they get into a managed service provider, then they can go to any of the customers of those providers.” Managed service providers, such as IBM and Accenture, handle the technology needs of client companies, including data storage.
Mr. Joyce, who worked as the cybersecurity coordinator at the White House until earlier this year before returning to the NSA, said the Chinese attacks on technology service providers were particularly worrisome, because they provide services to—and potentially access to—hundreds or thousands of other companies.
Related Article:Go back