U.S. charges seven in wide-ranging Chinese hacking effort

WASHINGTON (Reuters) – The U.S. Justice Department said on Wednesday it has charged five Chinese residents and two Malaysian businessmen in a wide-ranging hacking effort that encompassed targets from video games to pro-democracy activists.

Federal prosecutors said the Chinese nationals had been charged with hacking more than 100 companies in the United States and abroad, including software development companies, computer manufacturers, telecommunications providers, social media companies, gaming firms, nonprofits, universities, think-tanks as well as foreign governments and politicians and civil society figures in Hong Kong.

U.S. officials stopped short of alleging the hackers were working on behalf of Beijing, but in a statement Deputy Attorney General Jeffrey Rosen expressed exasperation with Chinese authorities, saying they were – at the very least – turning a blind eye to cyber-espionage.

“We know the Chinese authorities to be at least as able as the law enforcement authorities here and in like minded states to enforce laws against computer intrusions,” Rosen said. “But they choose not to.”

He further alleged that one of the Chinese defendants had boasted to a colleague that he was “very close” to China’s Ministry of State Security and would be protected “unless something very big happens.”

“No responsible government knowingly shelters cyber criminals that target victims worldwide in acts of rank theft,” Rosen said.

The Chinese Embassy in Washington did not immediately return an email seeking comment. Beijing has repeatedly denied responsibility for hacking in the face of a mounting pile of indictments from U.S. authorities.

Along with the alleged hackers, U.S. prosecutors also indicted two Malaysian businessmen, Wong Ong Hua, 46, and Ling Yang Ching, 32, who were charged with conspiring with two of the digital spies to profit from computer intrusions targeting video game companies in the United States, France, Japan, Singapore and South Korea.

The Justice Department said the pair operated through a Malaysian firm called SEA Gamer Mall. Messages left with the company were not immediately returned. Messages sent to email addresses allegedly maintained by the hackers also received no immediate response.

U.S. Assistant Attorney General for National Security John Demers said on Wednesday that the Malaysian defendants were in custody but were likely to fight extradition.

The Justice Department said it has obtained search warrants this month resulting in the seizure of hundreds of accounts, servers, domain names and “dead drop” Web pages used by the alleged hackers to help siphon data from their victims.

The Department said Microsoft Corp. had developed measures to block the hackers and that the company’s actions “were a significant part” of the overall U.S. effort to neutralize them. Microsoft did not immediately return a message seeking comment.

(Reporting by David Shepardson, Susan Heavey, Raphael Satter and Mark Hosenball in Washington; Editing by Chizu Nomiyama and Matthew Lewis)

U.S. accuses Chinese nationals of hacking spree for COVID-19 data, defense secrets

By Raphael Satter and Christopher Bing

WASHINGTON (Reuters) – The U.S. Justice Department on Tuesday indicted two Chinese nationals over their role in what the agency called a decade-long cyber espionage campaign that targeted defense contractors, COVID researchers and hundreds of other victims worldwide.

U.S. authorities said Li Xiaoyu and Dong Jiazhi stole terabytes of weapons designs, drug information, software source code, and personal data from targets that included dissidents and Chinese opposition figures. The cyber criminals were contractors for the Chinese government, rather than full-fledged spies, U.S. officials said.

U.S. Assistant Attorney General for National Security John Demers said at a virtual press conference the hackings showed China “is willing to turn a blind eye to prolific criminal hackers operating within its borders.”

“In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cyber criminals in exchange for those criminals being on call for the benefit of the state.”

Messages left with one of several accounts registered in the name of Li’s digital alias, oro0lxy, were not immediately returned. Reuters could not immediately locate contact details for Dong. The Chinese Embassy in Washington did not immediately return a message seeking comment, although Beijing has repeatedly denied hacking the United States.

The indictment mostly did not name any companies or individual targets, but U.S. Attorney William Hyslop, who spoke alongside Demers, said there were “hundreds and hundreds of victims in the United States and worldwide.” Officials said the investigation was triggered when the hackers broke into a network belonging to the Hanford Site, a decommissioned U.S. nuclear complex in eastern Washington state, in 2015.

Li and Dong were “one of the most prolific group of hackers we’ve investigated,” said FBI Special Agent Raymond Duda, who heads the agency’s Seattle field office.

A July 7 indictment made public on Tuesday alleges that Li and Dong were contractors for China’s Ministry of State Security, or MSS, a comparable agency to the U.S. Central Intelligence Agency. The MSS, prosecutors said, supplied the hackers with information into critical software vulnerabilities to penetrate targets and collect intelligence. Targets included Hong Kong protesters, the office of the Dalai Lama and a Chinese Christian non-profit.

As early as Jan. 27, as the coronavirus outbreak was coming into focus, the hackers were trying to steal COVID-19 vaccine research of an unidentified Massachusetts biotech firm, the indictment said.

It is unclear whether anything was stolen but one expert said the allegation shows the “extremely high value” that governments such as China placed on COVID-related research.

“It is a fundamental threat to all governments around the world and we expect information relating to treatments and vaccines to be targeted by multiple cyber espionage sponsors,” said Ben Read, a senior analyst at cyber-security company FireEye.

He noted that the Chinese government had long relied on contractors for its cyber-spying operations.

“Using these freelancers allows the government to access a wider array of talent, while also providing some deniability in conducting these operations,” Read said.

(Reporting by Chris Sanders; Editing by Chizu Nomiyama and Richard Chang)