“China is determined to use all means at its disposal, including the theft of intellectual property from companies, laboratories and our American universities, to degrade the economic, technological and military advantages of the United States,” said FBI Deputy Director David Bowdich. in a press. conference.
Bowdich said the scale and scope of the Chinese government-led hack “is unlike any other threat we face today.”
The hackers allegedly raped defense contractors and stole confidential military information, prosecutors said, including military satellite programs and communications systems.
Other operations also showed signs of foreign policy motivations. Li and Dong reportedly provided their Chinese government contact with the passwords of human rights activists, including a community organizer in Hong Kong and a former Tiananmen Square protester.
In late January and early February, when the coronavirus devastated China, Li tried to find security vulnerabilities in the networks of biotech companies in Maryland, Massachusetts and California studying coronavirus vaccines and treatments, according to the indictment. The hackers also allegedly targeted a California company that produces coronavirus test kits.
The case summarizes what senior Trump administration officials have called the “combined threat,” an emerging trend of foreign governments using private hackers as representatives. The United States has previously charged Russian, Iranian and North Korean hackers for such operations. This is the first case that accuses independent Chinese hackers of cyber operations on behalf of Beijing.
“China has now taken its place, along with Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to fuel the Chinese Communist Party’s insatiable hunger for hard-won intellectual property by American and non-Chinese companies, including the COVID-19 investigation, “said John Demers, who heads the Justice Department’s Homeland Security Division, it’s a statement.
The inclusion of coronavirus-related victims in the latter case comes as US security agencies warn that China is trying to gain the upper hand in the global race for a vaccine.
Chinese government hackers “have been observed attempting to illegally identify and obtain valuable intellectual property (IP) and public health data related to vaccines, network testing and testing, and personnel affiliated with COVID-19 related research,” the FBI and DHS Cyber Security and Infrastructure Agency he said in a May alert. “The potential theft of this information jeopardizes the delivery of safe, effective and efficient treatment options.”
Cyber intrusions in research labs can slow down their critical work, officials say, by forcing scientists to stop vital research, alert colleagues, and review their data to determine if hackers tampered with it.
Hackers often violated their targets by exploiting publicly disclosed vulnerabilities in widely used software, according to the indictment. When possible, the two men took advantage of the recently announced vulnerabilities before the companies had time to repair them. Targeted systems included web servers and “software collaboration programs,” according to the indictment.
The MSS officer occasionally helped hackers violate their targets, prosecutors said. In one case, when Li was trying to hack a Burmese human rights group, the officer allegedly gave him a zero-day exploit, a high-value code designed to compromise a previously unknown flaw, for a popular web browser.
After obtaining an initial foothold, the men allegedly planted software that allowed them to send more commands to the victims’ computers. They also frequently implemented password theft programs and attempted to access more parts of their victims’ networks with the stolen credentials.
To extract the files undetected, Li and Dong used a tried and true technique: compress the stolen data into storage files, then change the extensions of those files so that the security software wouldn’t detect them leaving the companies’ networks. In some cases, the two men hid their malware and stolen files in computer recycling bins, a location that is often overlooked.
The stolen data included software code, drug test results, and students’ personal information, according to the indictment.
Li and Dong sometimes returned to their victims several years after the initial intrusion to steal more data, prosecutors said.
Authorities uncovered Li and Dong’s long campaign after they violated the Hanford site, a Department of Energy nuclear waste complex in Benton County, Washington, in March 2015, according to William Hyslop, the US attorney for the District. Eastern Washington. A private security company working for the facility detected the hackers and alerted the FBI, Hyslop said at the press conference.
Senior administration officials and Republicans in Congress have highlighted cyber attacks aimed at the coronavirus investigation to bolster President Donald Trump’s broader case against China, which remains locked in a long-running trade war with the United States.
In May Secretary of State Mike Pompeo called the intrusions “An extension of [China’s] counterproductive actions throughout the COVID-19 pandemic. “
Days later, senator. Marsha blackburn (R-Tenn.) tweeted, “The Chinese Communist Party is known for stealing American technology to compensate for China’s inability to innovate. A cure for COVID-19 is next on their list of things to steal. ”
Legislators have requested briefings about intrusions and legislation introduced answer.
Beijing has consistently denied hacking into companies investigating the virus.
China has made a broader effort to steal intellectual property for the benefit of its domestic industries in recent years. Chinese agents have aggressively targeted external IT contractors known as “managed service providers” jump off these contractors on the networks of your high-value customers. In December 2018 The United States accused two Chinese cybercriminals with a 12-year campaign that hit MSP, dozens of tech companies, and multiple government agencies.
At the press conference, Bowdich described China’s political and economic espionage as “the greatest long-term threat to our nation’s information, intellectual property and its economic vitality.”
“We are filing these charges today to alert Chinese leaders who are directing these cyber attacks,” he said. “There are serious consequences and risks for stealing our technology property and our intellectual property.”
