“China steals intellectual property and research which bolsters its economy, and then they use that illicit gain as a weapon to silence any country that would dare challenge their illegal actions,” FBI Deputy Director David Bowdich said. “This type of economic coercion is not what we expect from a trusted world leader. It is what we expect from an organized criminal syndicate.”
The defendants hacked for their own profit but also for the Chinese Ministry of State Security (MSS), a civilian spy agency responsible for counterintelligence, foreign intelligence and domestic political security, the indictment says. They were aided in that effort by an MSS officer, authorities charge.
It marks the first time the United States has charged suspected Chinese hackers with working not only to enrich themselves but also on behalf of the government — what prosecutors characterized as a “blended threat.”
The 11-count indictment charges Li Xiaoyu and Dong Jiazhi with a wide-ranging conspiracy to hack computers and steal terabytes of trade secrets and other data beginning more than a decade ago and continuing to the present. The indictment says the two men recently “researched vulnerabilities in the networks of biotech and other firms publicly known for work on covid-19 vaccines, treatments, and testing technology.”
The indictment does not indicate whether the alleged hacks were successful in obtaining vaccine research.
The indictment does not name the companies allegedly hacked by the duo, but the list includes firms in California, Maryland, Washington state, Texas, Virginia and Massachusetts.
This year the alleged hackers also compromised a British artificial-intelligence firm, a Spanish defense contractor and an Australian solar energy engineering company, the indictment says.
The FBI and the Department of Homeland Security warned in May that hackers linked to the Chinese government were targeting coronavirus vaccine research. And China is not the only government eyeing such information. Last week the United States, Britain and Canada issued an unusual joint statement advising that Russian hackers also were targeting firms and university labs developing vaccines to stave off the novel coronavirus.
“China has now taken its place, alongside Russia, Iran and North Korea, in that shameful club of nations that provide a safe haven for cybercriminals in exchange for those criminals being ‘on call’ to work for the benefit of the state, here to feed the Chinese Communist Party’s insatiable hunger for American and other non-Chinese companies’ hard-earned intellectual property, including covid-19 research,” said John C. Demers, head of the Justice Department’s National Security Division. He called the accused hackers “a prolific threat to U.S. and foreign networks.”
The Chinese government has routinely denied it conducts or sponsors hacks of foreign networks for purposes of economic espionage.
The indictment is the latest salvo by the Trump administration, which has taken an increasingly aggressive stance against Chinese economic espionage and Beijing’s push to replace the United States as the global leader in the high-tech economy.
News of the indictment came as Secretary of State Mike Pompeo was in London meeting with British Prime Minister Boris Johnson to discuss the two allies’ rising tensions with China. Just last week Britain delivered a significant win to Washington by announcing it was barring the Chinese technology giant Huawei from its nascent 5G wireless networks.
The indictment is part of the Justice Department’s China initiative, launched in 2018, prioritizing countering Chinese national security threats in line with the administration’s national security strategy.
About 80 percent of all federal economic espionage prosecutions allege conduct that would benefit the Chinese state, and there is at least some nexus to China in about 60 percent of all federal cases of trade secret theft.
The intrusions targeted industries outlined in “Made in China 2025” — China’s 10-year plan to become a leader in specific advanced-technology sectors, Demers noted. The thefts in this case covered eight of the 10 sectors, he said, including next-generation information technology, robotics and automated machine tools, aircraft components, clean-energy vehicles, biotechnology and advanced rail.
The indictment outlined how stealing intellectual property from companies in these industries could help Chinese companies replicate the technology and beat their Western competitors.
In one case, Demers noted, Li and Dong allegedly stole testing mechanisms, manufacturing processes and supply-chain data from a Maryland technology firm that would reveal what products the firm was intending to bring to market, and would save a competitor time and money on research and development.
In another, he noted, Li and Dong allegedly stole source code from a Massachusetts medical device engineering company as it was seeking to protect such data from a Chinese firm with which it had partnered to produce device components.
Demers added that he worried that “even the attempted hacking” of vaccine information “can slow down” the research because “if you do have a breach . . . obviously people’s attention needs to be focused on remediating that breach.”
The defendants had studied at the University of Electronic Science and Technology in Chengdu, authorities charged. They stole hundreds of millions of dollars’ worth of trade secrets and other valuable business information, and at least once threatened to post a victim’s intellectual property on the Internet unless a ransom was paid, according to the indictment.
Their work benefited the MSS, authorities charged in the indictment. In one case, they allegedly gave the spy agency the email and password of a Hong Kong activist. In another, an MSS officer allegedly gave the hackers malware to help them penetrate the computer of a Myanmar human rights group.
To gain access to victim networks, the two men primarily exploited publicly known software vulnerabilities in popular Web server software, the indictment stated. In some cases, those vulnerabilities were newly announced, meaning that many users would not have installed patches to correct the vulnerability.
The defendants used their initial access to place malicious programs, such as the “China Chopper,” and credential-
stealing software on networks, which allowed them to remotely control victims’ computers, the indictment stated.
The first sign of the defendants’ efforts was detected on computers of the Energy Department’s Hanford Site in eastern Washington state, officials said.
Analysts said the indictment underlines that the issue is not cybertechnology, which is a means to an end, but the government or actor approving the hacking campaign.
“We don’t have a cyber problem — we have a China, Russia, Iran and North Korea problem,” said Dmitri Alperovitch, chairman of Silverado Policy Accelerator, a public policy think tank, and co-founder of the cybersecurity firm CrowdStrike. “That’s because even when we are not dealing with nation-state activity, we are dealing with these four states that are protecting or even paying cybercriminals operating within their borders.”