US Indicts Two Chinese Nationals For Massive Hacking
December 20, 2018 Updated: December 20, 2018
WASHINGTON—Two Chinese hackers associated with the Ministry of State Security of communist China were charged by the United States with extensive global computer intrusion campaigns carried out over more than a decade.
This indictment makes clear that the United States is in a Cyber War with China, which is one of the greatest security challenges facing the U.S. government and its citizens, experts said. The United States needs to have a strategic response.
Deputy Attorney General Rod Rosenstein announced the indictment at the Department of Justice on Dec. 20, together with FBI Director Christopher Wray and other officials.
According to the indictment, two Chinese citizens acting on behalf of the Chinese regime’s main intelligence agency carried out an extensive hacking campaign to steal hundreds of gigabytes of data from military service members, government agencies, and private companies in the United States and at least a dozen other countries.
The two are accused of breaching computer networks in a broad swath of industries, including, a DOJ press release says, “aviation, satellite and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production.”
Prosecutors say they also stole personal information of more than 100,000 U.S. Navy personnel, including names, Social Security numbers, dates of birth, salary information, personal phone numbers, and email addresses.
The indictment reveals that the two hackers, Zhu Hua and Zhang Shilong, are members of the APT10 Group (Advanced Persistent Threat 10), from at least in or about 2006 up to and including in or about 2018. One of the methods they used was to obtain unauthorized access to the computers and computer networks of managed service providers (MSPs) for businesses and governments around the world.
After they gained access to MSPs, they could “gain unauthorized access to the computers and computer networks of the MSPs’ clients and to steal, among other data, intellectual property and confidential business data on a global scale,” said the release.
“One way to think of what is alleged in this indictment, is that you’ve all heard about situations where you see someone essentially, the cyber-equivalent, of breaking into a house,” said FBI Director Christopher Wray.
“This is more like breaking into and getting the keys from the maintenance supervisor who has the keys to hundreds and hundreds of apartments and all the residents in those apartments,” Wray said. “That’s why this is so significant.”
Over the course of the MSP Theft Campaign, the APT10 Group successfully obtained unauthorized access to computers located in at least 12 countries, including Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland, the United Arab Emirates, the United Kingdom, and the United States.
State-Sponsored Theft
Rosenstein said this is not the first time the Department of Justice has accused Chinese state actors and associates of stealing commercial information.
“More than 90 percent of the Department’s cases alleging economic espionage over the past seven years involve China,” Rosenstein said. “More than two-thirds of the Department’s cases involving thefts of trade secrets are connected to China.”
Rosenstein said the illegal cyber activities aimed to help the Chinese regime to achieve its overall goal.
“For example, the Chinese industrial policy, known as ‘Made in China 2025,’ lists ten strategic advanced manufacturing industries that the nation has targeted for promotion and development. Many of the companies allegedly targeted recently by Chinese defendants operate in sectors identified by that official policy,” Rosenstein said.
“Whether through computer hackers operating from China, or Chinese nationals recruited to steal trade secrets from companies in other countries, the goal is the same: to dominate production in strategically important industries by stealing ideas from other nations,” he said.
Wray told reporters that “no country poses a broader, more severe, long-term threat to our nation’s economy than China.”
“China’s state-sponsored actors are the most active perpetrators of economic espionage. While we welcome fair competition, we cannot and will not tolerate illegal hacking, stealing, or cheating,” Wray said.
Cyber War
Gary Miliefsky, a cyber security expert and CEO of Cyber Defense Media Group and publisher of Cyber Defense Magazine, said, “today marks the beginning of the FBI bringing to the forefront the reality that we are in fact in a Cyber War with China.”
“There is currently no Cyber Geneva Convention, so China has proven an incredible ability to advance a multi-year plan to know everything about everyone they can in the USA and of course grab as much IP from our businesses as possible,” Miliefsky said.
“They do this through some of the most powerful cyber warfare weapons available including brilliant hacking, innovative malware, in-built exploitable vulnerabilities in computer and network supply chain as well as espionage technologies purposefully developed into smartphones. This is one of the greatest security challenges to the U.S. government and its citizens that its ever faced since the Cold War.”
Casey Fleming, CEO of BlackOps Partners and an expert on cybersecurity said the indictment of the two Chinese hackers is a start, but not good enough.
“The U. S. government needs to understand the Chinese Communist Party [CCP]’s overall strategy, which is to have command and control of the U. S. and its Western allies,” Fleming said. “When you understand the overall strategy, then you can understand the hacking. Right now the hacking looks like it’s random. But it is not. It is part of a mass strategy by the CCP.”
Fleming said the U. S. government should raise the awareness level with all organizations of the CCP’s grand strategy, which has been on its way since 1986.
“We have to look at how we protect our data differently. Right now, we, as a country, look at protecting data tactically, as an IT function. And that’s insufficient. It must be strategic.
“And when you do that, you protect your data differently. You protect your data, your innovation, your intellectual property, sensitive data and trade secrets. You must protect that, and control who has access to it. The most sensitive data and intellectual property should not be collected to the internet.”