U.S. charges Chinese hackers
Indictments allege theft of valuable data in 12 countries
WASHINGTON » The Justice Department on Thursday unveiled indictments of two Chinese hackers who allegedly pilfered vast amounts of valuable confidential data from U.S. government agencies and corporate computers in 12 countries.
The indictments were followed by a joint statement from Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen assailing China for violating a landmark 2015 pledge by President Xi Jinping to refrain from hacking U.S. trade secrets and intellectual property to benefit Chinese companies.
“Stability in cyberspace cannot be achieved if countries engage in irresponsible behavior that undermines the national security and economic prosperity of other countries,” they said. “These actions by Chinese actors to target intellectual property and sensitive business information present a very real threat to the economic competitiveness of companies in the United States and around the globe.”
U.S. allies echoed the Justice Department action, in an unprecedented mass effort to call out China for its alleged malign acts. It represents a growing consensus that Beijing is flouting international norms in its bid to become the world’s predominant economic and technological power.
In London, Canberra and other capitals, ministers knocked China for violating a 2015 pledge, first offered at the Rose Garden and repeated at international gatherings, to refrain from economic hacking.
“This campaign is one of the most significant and widespread cyber intrusions against the U.K. and allies uncovered to
date, targeting trade secrets and economies around the world,” British Foreign Secretary Jeremy Hunt said in a statement.
Federal prosecutors in Manhattan accused Zhu Hua and Zhang Shilong of conspiracy to commit computer intrusions, wire fraud and aggravated identity theft. The charges resulted from a more than decadelong campaign to gain access to corporate and government secrets to aid China’s rise to global prominence.
The two men acted “in association with” the Chinese Ministry of State Security (MSS), as part of a hacking squad known as “APT1o” or “Stone Panda,” the indictment said.
“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower, and they’re using illegal methods to get there,” said FBI Director Christopher A. Wray.
Companies in the finance, telecommunications, consumer electronics and medical industries were among those targeted, along with U.S. government laboratories operated by the National Aeronautics and Space Administration and the military.
The Chinese hackers also made off with personal information, including Social Security numbers belonging to more than 100,000 U.S. Navy personnel, prosecutors said.
“The list of victim companies reads like a who’s who of the global economy,” said Wray.
The hackers employed a technique known as “spearphishing,” tricking computer users at the business and government offices into opening malware-infected emails giving them access to login and password details.
Geoffrey Berman, the U.S. attorney for the Southern District of New York, called the Chinese cyber campaign “shocking and outrageous.”
Presidents and prime ministers around the globe led their cabinets to coordinate the decision to confront China, said one Western official. The united front against Chinese hacking and economic espionage stands in contrast to the “America First” president’s preference for taking a unilateral course to many of his trade goals.
“This demonstrates there’s a strong well of international support the United States can tap ... Countries are fed up,” said Ely Ratner, executive vice president of the Center for a New American Security.
“Multilateral efforts have better prospects for producing results than unilateral moves,” said Bonnie Glaser, senior adviser for Asia at the Center for Strategic and International Studies.
Along with the United States and United Kingdom, countries targeted by China include Canada, France, Germany, Japan, Sweden and Switzerland. In the long-running espionage campaign, Chinese hackers penetrated companies called managed services providers (MSPs) that provide cybersecurity and information technology services to government agencies and major firms. Their goal: to worm their way into the networks of the service providers’ clients to gain access to their intellectual property and sensitive data.
Mounting intelligence shows a sustained Chinese hacking effort devoted to acquiring sophisticated American technologies of all stripes.
Lisa Monaco, who was President Barack Obama’s assistant for homeland security and counterterrorism and a former assistant attorney general for national security, said the Justice Department’s action “is an important continuation of a framework that seeks to impose costs on malicious nation state cyber actors.”
Chinese commercial hacking “is one of the most persistent and significant economic and national security threats we face,” she said.