Chinese nationals accused of stealing business secrets
Prosecutors say three Chinese nationals who controlled a cybersecurity company in China used malware to steal data from three international corporations, including Siemens AG, which has Pittsburgh offices.
A federal indictment filed in September and unsealed Monday names Wu Yingzhuo, Dong Hao and Xia Lei as defendants.
According to the indictment, Mr. Wu and Mr. Dong were founding members of Guangzhou Bo Yu Information Technology Co. in the city of Guangzhou, and Mr. Xia was an employee.
The company purportedly offered cybersecurity services to Chinese firms in partnership with a large Chinese telecommunications company and cybersecurity center in Guangdong Province.
“Defendants Wu, Dong and Xia launched coordinated and targeted cyber intrusions against businesses operating in the United States, including here in the Western District of Pennsylvania, in order to steal confidential business information,” said acting U.S. Attorney Soo Song.
Prosecutors said the conspirators used a spearphishing campaign — a type of cyberattack that involves sending bogus emails that look legitimate — in order to hack into computers in Western Pennsylvania and around the world so they could steal data from domestic and foreign companies.
Three victims are identified in the charging papers.
In addition to Siemens AG, the others are Moody’s Analytics in New York and Trimble Inc., a global positioning satellite service company in Sunnyvale, Calif.
An investigation by a team of agents led by the Pittsburgh FBI revealed that starting in 2011, the Chinese conspirators and others exploited vulnerabilities in computer systems or used malware to hack into corporate computers.
They hid their true identities by using aliases and intermediary computer servers called “hop points,” which they used to conceal their internet protocol addresses and locations, according to the indictment.
In the case of Siemens, the alleged co-conspirators used hop points starting in May and June 2014 to gain access to Siemens’ computers in Pittsburgh to access employee user names and passwords.
Prosecutors said Mr. Dong then used those accounts to hack into the company’s network. In 2015, he and the others stole 407 gigabytes of proprietary data pertaining to Siemens’ energy, technology and transportation businesses, prosecutors said.
Ms. Song and the head of the local FBI office, Robert Johnson, would not address specific questions about the case beyond the allegations in the indictment, such as how the investigation began or why the accused targeted those specific companies.
Ms. Song said the case represents the second phase of another investigation that resulted in the 2014 indictment in Pittsburgh of five Chinese military officials for hacking into local companies.
Some critics at the time said that case was little more than a “paper indictment” because the Chinese army officials are unlikely to ever face prosecution in a U.S. courthouse. Arrest warrants remain unserved and China is not likely to turn over its citizens to the U.S. for trial despite Chinese promises of cooperation in curtailing cyber-espionage and intrusions.
Pressed on that issue, Ms. Song defended the army case and said that suggesting the current indictment has no value is “erroneous” because the U.S. remains dedicated to stopping international cybercrime against U.S. interests regardless of where it originates. She said that if the Chinese nationals ever travel, they will be subject to arrest.
Mr. Johnson said the hackers in the current case were sophisticated but tripped themselves up.
“They made mistakes that led investigators right to them,” he said.
He would not elaborate on those mistakes because he said he didn’t want to give up investigative techniques.
The three defendants all are charged with computer hacking, theft of trade secrets, conspiracy and identity theft.
Prosecutors said the fraud against Moody’s began in 2011 after the conspirators accessed the company’s internal email server and set up a command to forward all of one prominent employee’s emails to a web-based account. Mr. Xia is accused of accessing those emails to steal confidential analyses, findings and opinions.
Trimble lost trade secrets to the conspirators, prosecutors said. In 2015 and 2016, the company was working on a project to improve GPS accuracy for mobile devices. In January 2016, according to the charges, Mr. Wu accessed the company’s network. Between December 2015 and March 2016, he and the others stole at least 275 megabytes of information related to the work.
Ms. Song said that there was no way to quantify the dollar loss to the companies but that theft of trade secrets and proprietary business information is obviously damaging to any corporation.