Two Chinese nationals charged with hacking U.S. government and military

[nir]

The suspects stole the "personally identifiable information" of more than 100,000 Navy personnel, the indictment says.

 

Two Chinese nationals were charged with participating in a global hacking campaign that targeted the U.S. government and military — and stole the personal information of more than 100,000 Navy personnel, the Justice Department said Thursday.

 

Zhang Shilong and Zhu Hua, also known as "Godkiller," worked with an extensive network of Chinese hackers to infiltrate dozens of government agencies, private companies, NASA and the U.S. Attorney's Office in the Southern District of New York, according to a three-count indictment.

 

The Navy was particularly hard hit. The group succeeded in stealing the "personally identifiable information" of more than 100,000 Navy personnel, including social security numbers, dates of birth and salary information, the indictment says.

 

Working with the Chinese government, the defendants' hacking network managed to gain access to at least 90 computers belonging to U.S. government agencies, as well as commercial and defense technology companies, located in at least 12 states stretching from California to New York, the court papers say.

 

"The indictment alleges that the defendants were part of a group that hacked computers in at least a dozen countries and gave China's intelligence service access to sensitive business information," Deputy Attorney General Rod Rosenstein said in a statement. "This is outright cheating and theft, and it gives China an unfair advantage at the expense of law-abiding businesses and countries that follow the international rules in return for the privilege of participating in the global economic system."

 

The hacking group, known in the cybersecurity community as Advanced Persistent Threat 10 or "Stone Panda" and "POTASSIUM," stole "hundreds of gigabytes of sensitive data and information" in the campaign that started in 2006. The hackers used a technique known as "spear-fishing," sending emails with attachments that would surreptitiously install malware if opened, to gain access to usernames and passwords, the indictment says.

 

The hackers hit U.S. companies in such fields as aviation, communications technology, and oil and gas drilling, according to the indictment.

 

The group also stole data from an array of firms based in countries such as Brazil, France, Germany, Japan, the U.K. and the United Arab Emirates, the court papers say.

 

Shilong and Hua worked for the Huaying Haitai Science and Technology Development company and in association with the Chinese Ministry of State Security's Tianjin State Security Bureau, the court papers say.

 

The members of their hacking network worked in an office environment in the northeastern city of Tianjin and engaged in hacking operations during normal business hours, according to the indictment.

 

The pair, who remain on the lam, were charged with conspiracy to commit computer intrusions, conspiracy to commit wire fraud and aggravated identity theft.

"It is galling that American companies and government agencies spent years of research and countless dollars to develop their intellectual property, while the defendants simply stole it and got it for free," said Geoffrey Berman, the U.S. Attorney in Manhattan. "As a nation, we cannot, and will not, allow such brazen thievery to go unchecked."

Source

[nir]

Charging of Chinese hackers signals aggressive new cyber strategy here to stay

 

The United States Department of Justice has indicted two Chinese nationals allegedly involved in an international hacking scheme that targeted “dozens of companies in the United States and around the world,” Deputy Attorney General Rod Rosenstein announced Thursday morning.

The hackers targeted companies “in at least a dozen countries,” including the United States, Rosenstein said. The global campaign involved using malware to targets MSPs—managed service providers—which are used to store commercial and proprietary data.

The indictment follows a growing pattern of charging Chinese individuals for hacking operations, ranging from allegations out of New York that an individual stole information about turbine technology to charges against ten sources who “conspired to hack US and European defense and aerospace contractors” in Ohio in October.

The Justice Department “will continue” its approach of using “indictments as forms of attribution and deterrence policy,” said John Carlin, the former Assistant Attorney General for the National Security Division of DOJ who pioneered the strategy under President Obama, speaking recently at an event in Washington, D.C.

That strategy remains unchanged under the Trump administration, the Justice Department says.

“The Department’s position remains that Chinese economic espionage is intolerable and we will use all of our lawful tools to confront and deter it,” Marc Raimondi, a department spokesperson, told Yahoo News last month.

“China wants the fruits of America’s brainpower to harvest the seeds of its desired economic dominance.  Preventing this from happening will take all of us, here at the Justice Department, across the U.S. government, and within the private sector,” said John Demers, a senior Justice Department official, said last month, announcing new charges against a Taiwanese company, a Chinese company, and multiple individuals for economic espionage.

The strategy of indicting individual hackers, rather than sanctioning adversaries or military units as a whole, has several benefits, says Peter Mattis, a former intelligence official and currently a research fellow in China studies at the Victims of Communism Memorial Foundation.

This approach “ensures evidence becomes public,” and “tells Beijing that the United States has some visibility into what the government’s hackers are doing. It also forces the intelligence community to obtain evidence that can be used in a court of law. The Justice Department “is the critical policy agency, the center of gravity” in cyber investigations, he told Yahoo News.

However, the strategy has potential drawbacks.

Some former intelligence officials who have worked in offensive cyber operations told Yahoo News there is concern that condemning foreign officials doing state-sanctioned work puts U.S. citizens doing similar work at risk. And since countries like Russia and China are not likely to extradit their own intelligence officers, the indictments could be viewed empty  threats.

The United States did successfully extradit a Chinese suspect from Belgium in October, however.

Targeting those who occasionally work for Chinese state security services as freelancers, may be even more effective, said Dmitri Alperovitch, co-founder of cybersecurity intelligence firm CrowdStrike.

“Indictments would have a very hard time deterring people working for foreign intelligence services. If our officials in China were indicted, they would not stop their work,” he said at an event in Washington last month. “But contractors, they might think twice.”

Source