U.S. officials on Thursday indicted two alleged Chinese hackers said to have carried out an extensive campaign on behalf of Beijing’s main intelligence agency to steal trade secrets and other information from government agencies and “a who’s who” of major corporations in the United States and nearly a dozen other nations.
It was the latest in a series of Justice Department indictments targeting Chinese cyberespionage, and coincided with an announcement by Britain blaming China’s Ministry of State Security for trade-secret pilfering affecting Western nations.
The alleged hackers, one of whom is nicknamed “Godkiller,” are accused of breaching computer networks beginning as early as 2006 in a range of industries, including aviation and space, banking and finance, biotechnology oil and gas, satellites and pharmaceuticals.
Prosecutors say they also obtained the names, Social Security numbers and other personal information of more than 100,000 Navy personnel.
In a new twist reflecting corporate computing’s evolution, the hackers often infiltrated cloud computing companies and other major technology providers to indirectly reach clients’ valuable documents.
Prosecutors said the alleged hackers stole “hundreds of gigabytes” of data, breaching computers of more than 45 entities in 12 states including NASA’s Jet Propulsion Lab and Goddard Space Center. The hackers, identified as members of the group APT10, or “Stone Panda,” are not in custody. Prosecutors said their names are Zhu Hua and Zhang Shillong.
U.S. law enforcement officials described the case as part of a trend of state-sponsored hackers breaking into American networks and stealing trade secrets and other confidential information. More than 90 percent of Justice Department economic espionage cases over the past seven years involve China, said Deputy Attorney General Rod Rosenstein, and more than two-thirds of trade secrets cases are connected to the country.
“China’s state-sponsored actors are the most active perpetrators of economic espionage,” FBI Director Chris Wray said in announcing the case. “While we welcome fair competition, we cannot and will not tolerate illegal hacking, stealing or cheating.”
“China’s goal, simply put, is to replace the U.S. as the world’s leading superpower, and they’re using illegal methods to get there,” Wray said. While none of the “victim companies” was named, Wray called them a “who’s who of the global economy.”
Secretary of State Mike Pompeo and Homeland Security Secretary Kirstjen Nielsen later released a joint statement accusing China of reneging on a 2015 commitment not to seek competitive advantage through theft of trade secrets, intellectual property and confidential business information.
U.S. officials testified before Congress last week that Beijing’s continued hacking has made a mockery of that 2015 commitment by President Xi Jinping following a first-of-its-kind indictment that accused Chinese hackers of stealing corporate data from brand-name U.S. companies.
“We want China to cease illegal cyber activities and honor its commitment to the international community, but the evidence suggests that China may not intend to live up to its promises,” Rosenstein said.
Beijing is unlikely to be swayed by indictments alone, said Adam Segal, cybersecurity expert at the Council on Foreign Relations. “Indictments are not enough and sanctioning the companies and entities that benefit from the theft would do more to impose a cost on China,” he said.
He said the Trump administration “seems to be holding off on those in hopes of a trade deal.”
The indictment filed in New York’s Southern District describes how in recent years, as government agencies and corporations have shifted data to cloud computing providers and services including email and collaboration tools to tech service providers, the Stone Panda hackers followed, typically stealing the log-in credentials of system administrators in order to reach coveted proprietary data of clients.
Wray likened it to “breaking into and getting the keys from the maintenance department.”
The indictment says the Chinese hackers sometimes deleted files they stole seeking to avoid detection.
Britain’s Foreign Office accused the Chinese elite hackers of conducting a “widespread and significant” campaign of cyberespionage against the United Kingdom and its allies and “almost certainly continues to target a range of global companies, seeking to gain access to commercial secrets.” Targeted nations named in the U.S. indictment include Brazil, Canada, Finland, France, Germany, India, Japan, Sweden, Switzerland and the United Arab Emirates.
In recent months, the Justice Department has filed separate cases against several Chinese intelligence officials and hackers. A case filed in October marked the first time that a Chinese Ministry of State Security officer was extradited to the United States to stand trial.
Chinese espionage efforts have become “the most severe counterintelligence threat facing our country today,” Bill Priestap, the assistant director of the FBI’s counterintelligence division, told a Senate committee.
Hacking by Chinese state-backed hackers dramatically escalated over the summer in response to the trade war with the U.S. and military tensions in the South China Sea, said Tom Kellermann, chief cybersecurity officer of Carbon Black, whose company’s threat-hunting tool is used in global cyber investigations.
He credited the Justice Department with targeting a group that he said was China’s “most prolific hacker crew.” He said he was not optimistic that the pair would be prosecuted in the U.S., but that’s not the point.
“The Chinese are operating on a 50-year plan of information dominance, a comprehensive national strategy, and it’s high time we actually reacted,” Kellermann said.
Associated Press writers Jill Lawless in London and Frank Bajak in Boston contributed to this report.